Chroot gone wrong, can't ssh with user

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
3
down vote

favorite












Distribution: Scientific Linux 6.5 (Carbon), not exactly your typical brand of linux.



Tried to chroot a user using these instructions for SSH and quite obviously failed, and now I can't even log in with that user. I checked /var/log/secure to see if that could shed any light on it, and I got the following.



: Address aaa.bbb.ccc.ddd maps to "A_Certain_Computer"
: Accepted password for student.fesns from aaa.bbb.ccc.ddd port ##### ssh2
: pam_unix(sshd:session): session opened for user student.fesns by (uid=0)
: error: /dev/pts/2: No such file or directory
: error: open /dev/tty failed - could not set controlling tty: No such file or directory
: pam_unix(sshd:session): session closed for user student.fesns


I checked both the files, and they do actually exist. I then attempted to reverted the changes I made to try and chroot the user, so the home directory is back to /home/User, and the startup script is set ot /bin/bash, and I've removed the section of code in /etc/ssh/sshd_config to revert it back to its original settings.



I'm completely lost at this point. Any insight would be appreciated.



New Informatoin
I've also added another user and been able to login successfully. I then changed its group to the group of the first user, and then it did the same thing as the first one.



After that I deleted and reecreated the group, still couldn't login. Then I changed the user and test account to a different group and it worked fine.



....so I guess this is solved, but what the heck went on there?



Update



Alright, so I was back at it today. Used pretty much the same instructions after giving everything a nice clean slate. Created the environment using the make_chroot_jail.sh script. Altered the /etc/ssh/sshd_config so that it it would chroot to the chroot folder.



Folder Scheme: /home/chroot/bin,dev,etc,home,lib,lib64,sbin,usr



I've also confirmed that the dev folder contains the tty character device, and in addition, I learned that the pts items couldn't be called normally becuase they weren't really files or something. In any case, followed that lead, and restarted the service and instead of the original error I then got the following.



: error: /dev/pts/1: Permission denied
: error: open /dev/tty failed - could not set controlling tty: Permission denied


Time's up today though, I'm going to try freeing up the permissions on the two files but that sorta defeats part of the purpose of doing the chroot.










share|improve this question























  • Did you check for those two files under chroot or real root? Have you restarted sshd after editing sshd_config?
    – artm
    Oct 10 '14 at 21:37










  • Originally I had only checked the real root, but after working with it today I did confirm that it is also in the chroot as well.
    – Mason
    Oct 16 '14 at 21:05














up vote
3
down vote

favorite












Distribution: Scientific Linux 6.5 (Carbon), not exactly your typical brand of linux.



Tried to chroot a user using these instructions for SSH and quite obviously failed, and now I can't even log in with that user. I checked /var/log/secure to see if that could shed any light on it, and I got the following.



: Address aaa.bbb.ccc.ddd maps to "A_Certain_Computer"
: Accepted password for student.fesns from aaa.bbb.ccc.ddd port ##### ssh2
: pam_unix(sshd:session): session opened for user student.fesns by (uid=0)
: error: /dev/pts/2: No such file or directory
: error: open /dev/tty failed - could not set controlling tty: No such file or directory
: pam_unix(sshd:session): session closed for user student.fesns


I checked both the files, and they do actually exist. I then attempted to reverted the changes I made to try and chroot the user, so the home directory is back to /home/User, and the startup script is set ot /bin/bash, and I've removed the section of code in /etc/ssh/sshd_config to revert it back to its original settings.



I'm completely lost at this point. Any insight would be appreciated.



New Informatoin
I've also added another user and been able to login successfully. I then changed its group to the group of the first user, and then it did the same thing as the first one.



After that I deleted and reecreated the group, still couldn't login. Then I changed the user and test account to a different group and it worked fine.



....so I guess this is solved, but what the heck went on there?



Update



Alright, so I was back at it today. Used pretty much the same instructions after giving everything a nice clean slate. Created the environment using the make_chroot_jail.sh script. Altered the /etc/ssh/sshd_config so that it it would chroot to the chroot folder.



Folder Scheme: /home/chroot/bin,dev,etc,home,lib,lib64,sbin,usr



I've also confirmed that the dev folder contains the tty character device, and in addition, I learned that the pts items couldn't be called normally becuase they weren't really files or something. In any case, followed that lead, and restarted the service and instead of the original error I then got the following.



: error: /dev/pts/1: Permission denied
: error: open /dev/tty failed - could not set controlling tty: Permission denied


Time's up today though, I'm going to try freeing up the permissions on the two files but that sorta defeats part of the purpose of doing the chroot.










share|improve this question























  • Did you check for those two files under chroot or real root? Have you restarted sshd after editing sshd_config?
    – artm
    Oct 10 '14 at 21:37










  • Originally I had only checked the real root, but after working with it today I did confirm that it is also in the chroot as well.
    – Mason
    Oct 16 '14 at 21:05












up vote
3
down vote

favorite









up vote
3
down vote

favorite











Distribution: Scientific Linux 6.5 (Carbon), not exactly your typical brand of linux.



Tried to chroot a user using these instructions for SSH and quite obviously failed, and now I can't even log in with that user. I checked /var/log/secure to see if that could shed any light on it, and I got the following.



: Address aaa.bbb.ccc.ddd maps to "A_Certain_Computer"
: Accepted password for student.fesns from aaa.bbb.ccc.ddd port ##### ssh2
: pam_unix(sshd:session): session opened for user student.fesns by (uid=0)
: error: /dev/pts/2: No such file or directory
: error: open /dev/tty failed - could not set controlling tty: No such file or directory
: pam_unix(sshd:session): session closed for user student.fesns


I checked both the files, and they do actually exist. I then attempted to reverted the changes I made to try and chroot the user, so the home directory is back to /home/User, and the startup script is set ot /bin/bash, and I've removed the section of code in /etc/ssh/sshd_config to revert it back to its original settings.



I'm completely lost at this point. Any insight would be appreciated.



New Informatoin
I've also added another user and been able to login successfully. I then changed its group to the group of the first user, and then it did the same thing as the first one.



After that I deleted and reecreated the group, still couldn't login. Then I changed the user and test account to a different group and it worked fine.



....so I guess this is solved, but what the heck went on there?



Update



Alright, so I was back at it today. Used pretty much the same instructions after giving everything a nice clean slate. Created the environment using the make_chroot_jail.sh script. Altered the /etc/ssh/sshd_config so that it it would chroot to the chroot folder.



Folder Scheme: /home/chroot/bin,dev,etc,home,lib,lib64,sbin,usr



I've also confirmed that the dev folder contains the tty character device, and in addition, I learned that the pts items couldn't be called normally becuase they weren't really files or something. In any case, followed that lead, and restarted the service and instead of the original error I then got the following.



: error: /dev/pts/1: Permission denied
: error: open /dev/tty failed - could not set controlling tty: Permission denied


Time's up today though, I'm going to try freeing up the permissions on the two files but that sorta defeats part of the purpose of doing the chroot.










share|improve this question















Distribution: Scientific Linux 6.5 (Carbon), not exactly your typical brand of linux.



Tried to chroot a user using these instructions for SSH and quite obviously failed, and now I can't even log in with that user. I checked /var/log/secure to see if that could shed any light on it, and I got the following.



: Address aaa.bbb.ccc.ddd maps to "A_Certain_Computer"
: Accepted password for student.fesns from aaa.bbb.ccc.ddd port ##### ssh2
: pam_unix(sshd:session): session opened for user student.fesns by (uid=0)
: error: /dev/pts/2: No such file or directory
: error: open /dev/tty failed - could not set controlling tty: No such file or directory
: pam_unix(sshd:session): session closed for user student.fesns


I checked both the files, and they do actually exist. I then attempted to reverted the changes I made to try and chroot the user, so the home directory is back to /home/User, and the startup script is set ot /bin/bash, and I've removed the section of code in /etc/ssh/sshd_config to revert it back to its original settings.



I'm completely lost at this point. Any insight would be appreciated.



New Informatoin
I've also added another user and been able to login successfully. I then changed its group to the group of the first user, and then it did the same thing as the first one.



After that I deleted and reecreated the group, still couldn't login. Then I changed the user and test account to a different group and it worked fine.



....so I guess this is solved, but what the heck went on there?



Update



Alright, so I was back at it today. Used pretty much the same instructions after giving everything a nice clean slate. Created the environment using the make_chroot_jail.sh script. Altered the /etc/ssh/sshd_config so that it it would chroot to the chroot folder.



Folder Scheme: /home/chroot/bin,dev,etc,home,lib,lib64,sbin,usr



I've also confirmed that the dev folder contains the tty character device, and in addition, I learned that the pts items couldn't be called normally becuase they weren't really files or something. In any case, followed that lead, and restarted the service and instead of the original error I then got the following.



: error: /dev/pts/1: Permission denied
: error: open /dev/tty failed - could not set controlling tty: Permission denied


Time's up today though, I'm going to try freeing up the permissions on the two files but that sorta defeats part of the purpose of doing the chroot.







ssh chroot scientific-linux






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Oct 16 '14 at 21:16

























asked Oct 10 '14 at 19:27









Mason

2616




2616











  • Did you check for those two files under chroot or real root? Have you restarted sshd after editing sshd_config?
    – artm
    Oct 10 '14 at 21:37










  • Originally I had only checked the real root, but after working with it today I did confirm that it is also in the chroot as well.
    – Mason
    Oct 16 '14 at 21:05
















  • Did you check for those two files under chroot or real root? Have you restarted sshd after editing sshd_config?
    – artm
    Oct 10 '14 at 21:37










  • Originally I had only checked the real root, but after working with it today I did confirm that it is also in the chroot as well.
    – Mason
    Oct 16 '14 at 21:05















Did you check for those two files under chroot or real root? Have you restarted sshd after editing sshd_config?
– artm
Oct 10 '14 at 21:37




Did you check for those two files under chroot or real root? Have you restarted sshd after editing sshd_config?
– artm
Oct 10 '14 at 21:37












Originally I had only checked the real root, but after working with it today I did confirm that it is also in the chroot as well.
– Mason
Oct 16 '14 at 21:05




Originally I had only checked the real root, but after working with it today I did confirm that it is also in the chroot as well.
– Mason
Oct 16 '14 at 21:05










2 Answers
2






active

oldest

votes

















up vote
1
down vote













Given your description of the solution, you must have made some error with the group permissions when you set the chroot up. Since you've deleted and re-created everything, it's hard to figure out exactly what it was. At a guess, you've managed to create settings where the files within the chroot were readable for everyone except for the one group that the users were in when you started.






share|improve this answer




















  • Made some progress today, not exactly much but its something. Please check it out.
    – Mason
    Oct 16 '14 at 21:17

















up vote
0
down vote













Try 'mount --bind' the following directories. Make sure you do /dev first then /dev/pts.



root-shell> mount --bind /dev /var/jail/dev



root-shell> mount --bind /dev/pts /var/jail/dev/pts



Regards,
David






share|improve this answer








New contributor




David Loh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

















    Your Answer








    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "106"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













     

    draft saved


    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f160461%2fchroot-gone-wrong-cant-ssh-with-user%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    1
    down vote













    Given your description of the solution, you must have made some error with the group permissions when you set the chroot up. Since you've deleted and re-created everything, it's hard to figure out exactly what it was. At a guess, you've managed to create settings where the files within the chroot were readable for everyone except for the one group that the users were in when you started.






    share|improve this answer




















    • Made some progress today, not exactly much but its something. Please check it out.
      – Mason
      Oct 16 '14 at 21:17














    up vote
    1
    down vote













    Given your description of the solution, you must have made some error with the group permissions when you set the chroot up. Since you've deleted and re-created everything, it's hard to figure out exactly what it was. At a guess, you've managed to create settings where the files within the chroot were readable for everyone except for the one group that the users were in when you started.






    share|improve this answer




















    • Made some progress today, not exactly much but its something. Please check it out.
      – Mason
      Oct 16 '14 at 21:17












    up vote
    1
    down vote










    up vote
    1
    down vote









    Given your description of the solution, you must have made some error with the group permissions when you set the chroot up. Since you've deleted and re-created everything, it's hard to figure out exactly what it was. At a guess, you've managed to create settings where the files within the chroot were readable for everyone except for the one group that the users were in when you started.






    share|improve this answer












    Given your description of the solution, you must have made some error with the group permissions when you set the chroot up. Since you've deleted and re-created everything, it's hard to figure out exactly what it was. At a guess, you've managed to create settings where the files within the chroot were readable for everyone except for the one group that the users were in when you started.







    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered Oct 13 '14 at 7:40









    Jenny D

    10.4k22745




    10.4k22745











    • Made some progress today, not exactly much but its something. Please check it out.
      – Mason
      Oct 16 '14 at 21:17
















    • Made some progress today, not exactly much but its something. Please check it out.
      – Mason
      Oct 16 '14 at 21:17















    Made some progress today, not exactly much but its something. Please check it out.
    – Mason
    Oct 16 '14 at 21:17




    Made some progress today, not exactly much but its something. Please check it out.
    – Mason
    Oct 16 '14 at 21:17












    up vote
    0
    down vote













    Try 'mount --bind' the following directories. Make sure you do /dev first then /dev/pts.



    root-shell> mount --bind /dev /var/jail/dev



    root-shell> mount --bind /dev/pts /var/jail/dev/pts



    Regards,
    David






    share|improve this answer








    New contributor




    David Loh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.





















      up vote
      0
      down vote













      Try 'mount --bind' the following directories. Make sure you do /dev first then /dev/pts.



      root-shell> mount --bind /dev /var/jail/dev



      root-shell> mount --bind /dev/pts /var/jail/dev/pts



      Regards,
      David






      share|improve this answer








      New contributor




      David Loh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.



















        up vote
        0
        down vote










        up vote
        0
        down vote









        Try 'mount --bind' the following directories. Make sure you do /dev first then /dev/pts.



        root-shell> mount --bind /dev /var/jail/dev



        root-shell> mount --bind /dev/pts /var/jail/dev/pts



        Regards,
        David






        share|improve this answer








        New contributor




        David Loh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.









        Try 'mount --bind' the following directories. Make sure you do /dev first then /dev/pts.



        root-shell> mount --bind /dev /var/jail/dev



        root-shell> mount --bind /dev/pts /var/jail/dev/pts



        Regards,
        David







        share|improve this answer








        New contributor




        David Loh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.









        share|improve this answer



        share|improve this answer






        New contributor




        David Loh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.









        answered Nov 19 at 5:16









        David Loh

        11




        11




        New contributor




        David Loh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.





        New contributor





        David Loh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.






        David Loh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.



























             

            draft saved


            draft discarded















































             


            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f160461%2fchroot-gone-wrong-cant-ssh-with-user%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown






            Popular posts from this blog

            How to check contact read email or not when send email to Individual?

            Displaying single band from multi-band raster using QGIS

            How many registers does an x86_64 CPU actually have?