From owner-freebsd-security  Mon Nov  5  8: 2:29 2001
Delivered-To: freebsd-security@freebsd.org
Received: from straylight.ringlet.net (sentinel.office1.bg [217.75.134.126])
	by hub.freebsd.org (Postfix) with SMTP id 87B3037B417
	for <freebsd-security@FreeBSD.ORG>; Mon,  5 Nov 2001 08:02:18 -0800 (PST)
Received: (qmail 2326 invoked by uid 1000); 5 Nov 2001 15:46:39 -0000
Date: Mon, 5 Nov 2001 17:46:39 +0200
From: Peter Pentchev <roam@ringlet.net>
To: "Alexander S. Volchenkov" <volax@uh.ru>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Chrooted SSH2 problem
Message-ID: <20011105174639.C77919@straylight.oblivion.bg>
Mail-Followup-To: "Alexander S. Volchenkov" <volax@uh.ru>,
	freebsd-security@FreeBSD.ORG
References: <200111051546.fA5FkLu62095@ns.uh.ru>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200111051546.fA5FkLu62095@ns.uh.ru>; from volax@uh.ru on Mon, Nov 05, 2001 at 06:51:52PM +0300
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Mon, Nov 05, 2001 at 06:51:52PM +0300, Alexander S. Volchenkov wrote:
> Hi All!
> 
> I've just installed ssh2 and trying to implement it's chroot feature.
> I have a problem with user login.
> 
> User "dummy" is in the "chrooted" group. His home directory : 
> /home/chrooted/dummy contains bin subdirectory with a mirror of /bin.
> User's shell is /bin/sh. Command: chroot /home/chrooted/dummy works fine.
> 
> From /etc/sshd2_conf:
> -------------------------------------------
> AllowGroups                     chrooted
> ChRootGroups                    chrooted
> -------------------------------------------
> 
> Client session:
> -------------------------------------------
> gate# ssh2 -l dummy localhost
> dummy@localhost's password:
> Authentication successful.
> Connection to localhost closed.
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> -------------------------------------------
> 
> tail /var/log/messages:
> -------------------------------------------
> sshd[16513]: User dummy's local password accepted.
> sshd[16513]: Password authentication for user dummy accepted.
> sshd[16513]: User dummy, coming from localhost.sbm, authenticated.
> -------------------------------------------
> 
> What I need to do to fix it?

On the server, stop any sshd's running, then run an 'sshd -d' and
watch its output.

G'luck,
Peter

-- 
This sentence was in the past tense.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message