Date: Mon, 7 Apr 2003 22:28:11 -0600 From: Colin Harford <charford@infinithost.com> To: Colin Harford <charford-list@infinithost.com> Cc: questions@freebsd.org Subject: Re: Jail and FreeBSD 5.0-Release Message-ID: <81E5D2D3-697A-11D7-B41C-000393A6FBE8@infinithost.com> In-Reply-To: <071383E8-6974-11D7-B41C-000393A6FBE8@infinithost.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday, April 7, 2003, at 09:41 PM, Colin Harford wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > So, we are having a few problems with FreeBSD 5.0-Release and > jail.... The two currently killing us are: > > > 1) Logging over ssh to the jailed IP# takes over a minute to > complete... I checked the ssd_config in the jail environment and > reverse lookup is not enabled... > Little more on this one.. running ssh -vvv penSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090609f debug1: Reading configuration data /etc/ssh_config debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: ssh_connect: needpriv 0 debug1: Connecting to IP [IP] port 22. debug1: Connection established. debug1: identity file /Users/charford/.ssh/identity type -1 debug1: identity file /Users/charford/.ssh/id_rsa type -1 debug1: identity file /Users/charford/.ssh/id_dsa type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.5p1 FreeBSD-20021029 debug1: match: OpenSSH_3.5p1 FreeBSD-20021029 pat OpenSSH* Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.4p1 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256- cbc,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256- cbc,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1- 96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1- 96,hmac-md5-96 debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256- cbc,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256- cbc,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1- 96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1- 96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: dh_gen_key: priv key bits set: 123/256 debug1: bits set: 1621/3191 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: check_host_in_hostfile: filename /Users/charford/.ssh/known_hosts debug3: check_host_in_hostfile: match line 35 debug1: Host 'IP' is known and matches the DSA host key. debug1: Found key in /Users/charford/.ssh/known_hosts:35 debug1: bits set: 1617/3191 debug1: ssh_dss_verify: signature correct debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: done: ssh_kex2. debug1: send SSH2_MSG_SERVICE_REQUEST debug1: service_accept: ssh-userauth debug1: got SSH2_MSG_SERVICE_ACCEPT this be where she would choke.. this is what happens next... debug1: got SSH2_MSG_SERVICE_ACCEPT debug1: authentications that can continue: publickey,password,keyboard-interactive debug3: start over, passed a different list publickey,password,keyboard-interactive debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: next auth method to try is publickey debug1: try privkey: /Users/charford/.ssh/identity debug3: no such identity: /Users/charford/.ssh/identity debug1: try privkey: /Users/charford/.ssh/id_rsa debug3: no such identity: /Users/charford/.ssh/id_rsa debug1: try privkey: /Users/charford/.ssh/id_dsa debug3: no such identity: /Users/charford/.ssh/id_dsa debug2: we did not send a packet, disable method debug3: authmethod_lookup keyboard-interactive debug3: remaining preferred: password debug3: authmethod_is_enabled keyboard-interactive debug1: next auth method to try is keyboard-interactive debug2: userauth_kbdint debug2: we sent a keyboard-interactive packet, wait for reply debug2: input_userauth_info_req debug2: input_userauth_info_req: num_prompts 1 Password: And since someone is going to ask: /etc/resolv.conf in the jail domain infinithost.com nameserver 129.128.5.233 nameserver 129.128.76.233 namserver 209.115.152.130 jail# cd /etc jail# ls | grep resolv resolv.conf jail# ls -l | grep res - -rwxr-xr-x 1 root wheel 1886 Apr 6 17:13 rc.resume - -rw-r--r-- 1 root wheel 101 Apr 7 22:57 resolv.conf From inside the jail I can ssh out no problem.... Yet, when I do the sshd in debug, the time is it trying to do a rlookup even when i explicitly disable it in the jail sshd_conf > > 2) After about 10 minutes, the jail environment gets toasted, as in > that it becomes impossible to login over ssh to the jail > environment... > > > This is the error message: > > Password: > Warning: no access to tty (Bad file descriptor). > Thus no job control in > this shell. > > Running SSH in debug mode: (Colin-Harfords-Computer!/Users/charford) [charford-ttyp3] # ssh -vvv root@<IP> OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090609f debug1: Reading configuration data /etc/ssh_config debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: ssh_connect: needpriv 0 debug1: Connecting to <IP> [<IP>] port 22. debug1: Connection established. debug1: identity file /Users/charford/.ssh/identity type -1 debug1: identity file /Users/charford/.ssh/id_rsa type -1 debug1: identity file /Users/charford/.ssh/id_dsa type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.5p1 FreeBSD-20021029 debug1: match: OpenSSH_3.5p1 FreeBSD-20021029 pat OpenSSH* Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.4p1 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256- cbc,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256- cbc,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1- 96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1- 96,hmac-md5-96 debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256- cbc,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256- cbc,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1- 96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1- 96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: dh_gen_key: priv key bits set: 128/256 debug1: bits set: 1601/3191 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: check_host_in_hostfile: filename /Users/charford/.ssh/known_hosts debug3: check_host_in_hostfile: match line 35 debug1: Host '<IP>' is known and matches the DSA host key. debug1: Found key in /Users/charford/.ssh/known_hosts:35 debug1: bits set: 1545/3191 debug1: ssh_dss_verify: signature correct debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: done: ssh_kex2. debug1: send SSH2_MSG_SERVICE_REQUEST debug1: service_accept: ssh-userauth debug1: got SSH2_MSG_SERVICE_ACCEPT debug1: authentications that can continue: publickey,password,keyboard-interactive debug3: start over, passed a different list publickey,password,keyboard-interactive debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: next auth method to try is publickey debug1: try privkey: /Users/charford/.ssh/identity debug3: no such identity: /Users/charford/.ssh/identity debug1: try privkey: /Users/charford/.ssh/id_rsa debug3: no such identity: /Users/charford/.ssh/id_rsa debug1: try privkey: /Users/charford/.ssh/id_dsa debug3: no such identity: /Users/charford/.ssh/id_dsa debug2: we did not send a packet, disable method debug3: authmethod_lookup keyboard-interactive debug3: remaining preferred: password debug3: authmethod_is_enabled keyboard-interactive debug1: next auth method to try is keyboard-interactive debug2: userauth_kbdint debug2: we sent a keyboard-interactive packet, wait for reply debug2: input_userauth_info_req debug2: input_userauth_info_req: num_prompts 1 Password: debug3: packet_send2: adding 32 (len 20 padlen 12 extra_pad 64) debug1: authentications that can continue: publickey,password,keyboard-interactive debug2: userauth_kbdint debug2: we sent a keyboard-interactive packet, wait for reply debug2: input_userauth_info_req debug2: input_userauth_info_req: num_prompts 1 Password: debug3: packet_send2: adding 32 (len 21 padlen 11 extra_pad 64) debug2: input_userauth_info_req debug2: input_userauth_info_req: num_prompts 0 debug3: packet_send2: adding 48 (len 10 padlen 6 extra_pad 64) debug1: ssh-userauth2 successful: method keyboard-interactive debug1: channel 0: new [client-session] debug3: ssh_session2_open: channel_new: 0 debug1: send channel open 0 debug1: Entering interactive session. debug2: callback start debug1: ssh_session2_setup: id 0 debug1: channel request 0: pty-req debug3: tty_make_modes: ospeed 9600 debug3: tty_make_modes: ispeed 9600 debug3: tty_make_modes: 1 3 debug3: tty_make_modes: 2 28 debug3: tty_make_modes: 3 8 debug3: tty_make_modes: 4 21 debug3: tty_make_modes: 5 4 debug3: tty_make_modes: 6 255 debug3: tty_make_modes: 7 255 debug3: tty_make_modes: 8 17 debug3: tty_make_modes: 9 19 debug3: tty_make_modes: 10 26 debug3: tty_make_modes: 11 25 debug3: tty_make_modes: 12 18 debug3: tty_make_modes: 13 23 debug3: tty_make_modes: 14 22 debug3: tty_make_modes: 17 20 debug3: tty_make_modes: 18 15 debug3: tty_make_modes: 30 0 debug3: tty_make_modes: 31 0 debug3: tty_make_modes: 32 0 debug3: tty_make_modes: 33 0 debug3: tty_make_modes: 34 0 debug3: tty_make_modes: 35 0 debug3: tty_make_modes: 36 1 debug3: tty_make_modes: 38 1 debug3: tty_make_modes: 39 1 debug3: tty_make_modes: 40 0 debug3: tty_make_modes: 41 1 debug3: tty_make_modes: 50 1 debug3: tty_make_modes: 51 1 debug3: tty_make_modes: 53 1 debug3: tty_make_modes: 54 1 debug3: tty_make_modes: 55 0 debug3: tty_make_modes: 56 0 debug3: tty_make_modes: 57 0 debug3: tty_make_modes: 58 0 debug3: tty_make_modes: 59 1 debug3: tty_make_modes: 60 1 debug3: tty_make_modes: 61 1 debug3: tty_make_modes: 62 1 debug3: tty_make_modes: 70 1 debug3: tty_make_modes: 72 1 debug3: tty_make_modes: 90 1 debug3: tty_make_modes: 91 1 debug3: tty_make_modes: 92 0 debug3: tty_make_modes: 93 0 debug1: channel request 0: shell debug1: fd 3 setting TCP_NODELAY debug2: callback done debug1: channel 0: open confirm rwindow 0 rmax 32768 debug2: channel 0: rcvd adjust 131072 debug2: channel 0: rcvd ext data 176 debug2: channel 0: rcvd ext data 112 debug2: channel 0: rcvd ext data 50 debug2: channel 0: rcvd ext data 151 debug2: channel 0: rcvd ext data 164 Warning: no access to tty (Bad file descriptor). Thus no job control in this shell. debug3: Copy environment: PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/ local/bin:/usr/X11R6/bin:/root/bin debug3: Copy environment: MAIL=/var/mail/root debug3: Copy environment: BLOCKSIZE=K debug3: Copy environment: FTP_PASSIVE_MODE=YES Environment: USER=root LOGNAME=root HOME=/root MAIL=/var/mail/root PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/ local/bin:/usr/X11R6/bin:/root/bin TERM=su BLOCKSIZE=K FTP_PASSIVE_MODE=YES SHELL=/bin/csh SSH_CLIENT=<My IP> 41414 22 SSH_CONNECTION=<My IP> 41414 <IP> 22 debug3: channel_close_fds: channel 0: r -1 w -1 e -1 debug2: channel 0: written 653 to efd 6 And SSHD in -ddd jail# /usr/sbin/sshd -ddd debug1: sshd version OpenSSH_3.5p1 FreeBSD-20021029 debug1: private host key: #0 type 0 RSA1 debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key. debug1: read PEM private key done: type DSA debug1: private host key: #1 type 2 DSA debug1: Bind to port 22 on <IP>. Server listening on <IP> port 22. Generating 768 bit RSA key. RSA key generation complete. debug1: Server will not fork when running in debugging mode. Connection from <My IP> port 41414 debug1: Client protocol version 2.0; client software version OpenSSH_3.4p1 debug1: match: OpenSSH_3.4p1 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-1.99-OpenSSH_3.5p1 FreeBSD-20021029 debug2: Network child is on pid 89503 debug3: preauth child monitor started debug3: mm_request_receive entering debug3: privsep user:group 22:22 debug1: permanently_set_uid: 22/22 debug1: list_hostkey_types: ssh-dss debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256- cbc,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256- cbc,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1- 96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1- 96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256- cbc,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256- cbc,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1- 96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1- 96,hmac-md5-96 debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received debug3: mm_request_send entering: type 0 debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI debug3: mm_request_receive_expect entering: type 1 debug3: monitor_read: checking request 0 debug3: mm_request_receive entering debug3: mm_answer_moduli: got parameters: 1024 2048 8192 debug3: mm_request_send entering: type 1 debug2: monitor_read: 0 used once, disabling now debug3: mm_request_receive entering debug3: mm_choose_dh: remaining 0 debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent debug1: dh_gen_key: priv key bits set: 106/256 debug1: bits set: 1545/3191 debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT debug1: bits set: 1601/3191 debug3: mm_key_sign entering debug3: mm_request_send entering: type 4 debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN debug3: mm_request_receive_expect entering: type 5 debug3: monitor_read: checking request 4 debug3: mm_request_receive entering debug3: mm_answer_sign debug3: mm_answer_sign: signature 0x8074200(55) debug3: mm_request_send entering: type 5 debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent debug2: monitor_read: 4 used once, disabling now debug3: mm_request_receive entering debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug3: Trying to reverse map address <My IP>. debug1: userauth-request for user root service ssh-connection method none debug1: attempt 0 failures 0 debug3: mm_getpwnamallow entering debug3: mm_request_send entering: type 6 debug3: monitor_read: checking request 6 debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM debug3: mm_answer_pwnamallow debug3: mm_request_receive_expect entering: type 7 debug3: mm_request_receive entering debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1 debug3: mm_request_send entering: type 7 debug2: monitor_read: 6 used once, disabling now debug3: mm_request_receive entering debug2: input_userauth_request: setting up authctxt for root debug3: mm_start_pam entering debug3: mm_request_send entering: type 41 debug3: monitor_read: checking request 41 debug1: Starting up PAM with username "root" debug3: mm_inform_authserv entering debug3: mm_request_send entering: type 3 debug2: input_userauth_request: try method none debug3: mm_auth_password entering debug3: mm_request_send entering: type 10 debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD debug3: mm_request_receive_expect entering: type 11 debug3: mm_request_receive entering debug3: Trying to reverse map address <My IP>. debug1: PAM setting rhost to "mail.infinithost.com" debug2: monitor_read: 41 used once, disabling now debug3: mm_request_receive entering debug3: monitor_read: checking request 3 debug3: mm_answer_authserv: service=ssh-connection, style= debug2: monitor_read: 3 used once, disabling now debug3: mm_request_receive entering debug3: monitor_read: checking request 10 debug3: mm_answer_authpassword: sending result 0 debug3: mm_request_send entering: type 11 debug3: mm_auth_password: user not authenticated Failed none for root from <My IP> port 41414 ssh2 Failed none for root from <My IP> port 41414 ssh2 debug3: mm_request_receive entering debug1: userauth-request for user root service ssh-connection method keyboard-interactive debug1: attempt 1 failures 1 debug2: input_userauth_request: try method keyboard-interactive debug1: keyboard-interactive devs debug1: auth2_challenge: user=root devs= debug1: kbdint_alloc: devices 'pam' debug2: auth2_challenge_start: devices pam debug2: kbdint_next_device: devices <empty> debug1: auth2_challenge_start: trying authentication method 'pam' debug3: mm_pam_init_ctx debug3: mm_request_send entering: type 42 debug3: mm_pam_init_ctx: waiting for MONITOR_ANS_PAM_INIT_CTX debug3: monitor_read: checking request 42 debug3: mm_request_receive_expect entering: type 43 debug3: mm_answer_pam_init_ctx debug3: mm_request_receive entering debug3: mm_request_send entering: type 43 debug3: mm_pam_query debug3: mm_request_send entering: type 44 debug3: mm_pam_query: waiting for MONITOR_ANS_PAM_QUERY debug3: mm_request_receive_expect entering: type 45 debug3: mm_request_receive entering debug3: mm_request_receive entering debug3: monitor_read: checking request 44 debug3: mm_answer_pam_query debug3: ssh_msg_recv entering debug3: ssh_msg_send: type 1 debug3: mm_request_send entering: type 45 debug3: ssh_msg_recv entering debug3: mm_request_receive entering debug3: mm_pam_query: pam_query returned 0 Postponed keyboard-interactive for root from <My IP> port 41414 ssh2 debug3: mm_pam_respond debug3: mm_request_send entering: type 46 debug3: mm_pam_respond: waiting for MONITOR_ANS_PAM_RESPOND debug3: mm_request_receive_expect entering: type 47 debug3: mm_request_receive entering debug3: monitor_read: checking request 46 debug3: mm_answer_pam_respond debug2: pam_respond debug3: ssh_msg_send: type 6 debug3: mm_request_send entering: type 47 debug3: mm_pam_respond: pam_respond returned 1 debug3: mm_request_receive entering debug3: mm_pam_query debug3: mm_request_send entering: type 44 debug3: monitor_read: checking request 44 debug3: mm_answer_pam_query debug3: ssh_msg_recv entering debug3: mm_pam_query: waiting for MONITOR_ANS_PAM_QUERY debug3: mm_request_receive_expect entering: type 45 debug3: mm_request_receive entering debug3: ssh_msg_send: type 9 authentication error debug3: mm_request_send entering: type 45 debug3: mm_request_receive entering debug3: mm_pam_query: pam_query returned -1 debug2: auth2_challenge_start: devices <empty> debug3: mm_pam_free_ctx debug3: mm_request_send entering: type 48 debug3: mm_pam_free_ctx: waiting for MONITOR_ANS_PAM_FREE_CTX debug3: mm_request_receive_expect entering: type 49 debug3: mm_request_receive entering debug3: monitor_read: checking request 48 debug3: mm_answer_pam_free_ctx debug3: mm_request_send entering: type 49 debug2: monitor_read: 48 used once, disabling now Failed keyboard-interactive/pam for root from <My IP> port 41414 ssh2 Failed keyboard-interactive/pam for root from <My IP> port 41414 ssh2 debug3: mm_request_receive entering debug1: userauth-request for user root service ssh-connection method keyboard-interactive debug1: attempt 2 failures 2 debug2: input_userauth_request: try method keyboard-interactive debug1: keyboard-interactive devs debug1: auth2_challenge: user=root devs= debug1: kbdint_alloc: devices 'pam' debug2: auth2_challenge_start: devices pam debug2: kbdint_next_device: devices <empty> debug1: auth2_challenge_start: trying authentication method 'pam' debug3: mm_pam_init_ctx debug3: mm_request_send entering: type 42 debug3: mm_pam_init_ctx: waiting for MONITOR_ANS_PAM_INIT_CTX debug3: mm_request_receive_expect entering: type 43 debug3: monitor_read: checking request 42 debug3: mm_request_receive entering debug3: mm_answer_pam_init_ctx debug3: mm_request_send entering: type 43 debug3: mm_pam_query debug3: mm_request_receive entering debug3: mm_request_send entering: type 44 debug3: mm_pam_query: waiting for MONITOR_ANS_PAM_QUERY debug3: mm_request_receive_expect entering: type 45 debug3: mm_request_receive entering debug3: monitor_read: checking request 44 debug3: mm_answer_pam_query debug3: ssh_msg_recv entering debug3: ssh_msg_send: type 1 debug3: ssh_msg_recv entering debug3: mm_request_send entering: type 45 debug3: mm_request_receive entering debug3: mm_pam_query: pam_query returned 0 Postponed keyboard-interactive for root from <My IP> port 41414 ssh2 debug3: mm_pam_respond debug3: mm_request_send entering: type 46 debug3: mm_pam_respond: waiting for MONITOR_ANS_PAM_RESPOND debug3: mm_request_receive_expect entering: type 47 debug3: mm_request_receive entering debug3: monitor_read: checking request 46 debug3: mm_answer_pam_respond debug2: pam_respond debug3: ssh_msg_send: type 6 debug3: mm_request_send entering: type 47 debug3: mm_request_receive entering debug3: mm_pam_respond: pam_respond returned 1 debug3: mm_pam_query debug3: mm_request_send entering: type 44 debug3: monitor_read: checking request 44 debug3: mm_pam_query: waiting for MONITOR_ANS_PAM_QUERY debug3: mm_answer_pam_query debug3: mm_request_receive_expect entering: type 45 debug3: ssh_msg_recv entering debug3: mm_request_receive entering debug3: ssh_msg_send: type 0 debug3: mm_request_send entering: type 45 debug3: mm_request_receive entering debug3: mm_pam_query: pam_query returned 0 Postponed keyboard-interactive/pam for root from <My IP> port 41414 ssh2 debug3: mm_pam_respond debug3: mm_request_send entering: type 46 debug3: mm_pam_respond: waiting for MONITOR_ANS_PAM_RESPOND debug3: mm_request_receive_expect entering: type 47 debug3: monitor_read: checking request 46 debug3: mm_request_receive entering debug3: mm_answer_pam_respond debug2: pam_respond debug3: mm_request_send entering: type 47 debug3: mm_pam_respond: pam_respond returned 0 debug3: mm_request_receive entering debug3: mm_pam_free_ctx debug3: mm_request_send entering: type 48 debug3: monitor_read: checking request 48 debug3: mm_answer_pam_free_ctx debug3: mm_pam_free_ctx: waiting for MONITOR_ANS_PAM_FREE_CTX debug3: mm_request_receive_expect entering: type 49 debug3: mm_request_receive entering debug3: mm_request_send entering: type 49 debug2: monitor_read: 48 used once, disabling now Accepted keyboard-interactive/pam for root from <My IP> port 41414 ssh2 debug1: monitor_child_preauth: root has been authenticated by privileged process Accepted keyboard-interactive/pam for root from <My IP> port 41414 ssh2 debug3: mm_get_keystate: Waiting for new keys debug3: mm_request_receive_expect entering: type 24 debug3: mm_request_receive entering debug3: mm_send_keystate: Sending new keys: 0x8074240 0x8074200 debug3: mm_newkeys_to_blob: converting 0x8074240 debug3: mm_newkeys_to_blob: converting 0x8074200 debug3: mm_send_keystate: New keys have been sent debug3: mm_send_keystate: Sending compression state debug3: mm_request_send entering: type 24 debug3: mm_send_keystate: Finished sending state debug3: mm_newkeys_from_blob: 0x8071600(118) debug2: mac_init: found hmac-md5 debug3: mm_get_keystate: Waiting for second key debug3: mm_newkeys_from_blob: 0x8071600(118) debug2: mac_init: found hmac-md5 debug3: mm_get_keystate: Getting compression state debug3: mm_get_keystate: Getting Network I/O buffers debug3: mm_share_sync: Share sync debug3: mm_share_sync: Share sync end debug1: newkeys: mode 0 debug1: newkeys: mode 1 debug1: Entering interactive session for SSH2. debug1: fd 3 setting O_NONBLOCK debug1: fd 7 setting O_NONBLOCK debug1: server_init_dispatch_20 debug1: server_input_channel_open: ctype session rchan 0 win 65536 max 16384 debug1: input_session_request debug1: channel 0: new [server-session] debug1: session_new: init debug1: session_new: session 0 debug1: session_open: channel 0 debug1: session_open: session 0: link with channel 0 debug1: server_input_channel_open: confirm session debug1: server_input_channel_req: channel 0 request pty-req reply 0 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req pty-req debug1: Allocating pty. openpty: No such file or directory session_pty_req: session 0 alloc failed debug1: server_input_channel_req: channel 0 request shell reply 0 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req shell debug1: PAM establishing creds debug1: fd 9 setting O_NONBLOCK debug2: fd 9 is O_NONBLOCK debug1: fd 11 setting O_NONBLOCK debug2: channel 0: read 176 from efd 11 debug2: channel 0: rwin 65536 elen 176 euse 1 debug2: channel 0: sent ext data 176 debug2: channel 0: read 112 from efd 11 debug2: channel 0: rwin 65360 elen 112 euse 1 debug2: channel 0: sent ext data 112 debug2: channel 0: read 50 from efd 11 debug2: channel 0: rwin 65248 elen 50 euse 1 debug2: channel 0: sent ext data 50 debug2: channel 0: read 151 from efd 11 debug2: channel 0: rwin 65198 elen 151 euse 1 debug2: channel 0: sent ext data 151 debug2: channel 0: read 164 from efd 11 debug2: channel 0: rwin 65047 elen 164 euse 1 debug2: channel 0: sent ext data 164 ^C > There is nothing out of place in the jailed environment log files > either... > > > How jail is started: > 1) ifconfig, > 2) mount -t procfs proc /jail/<IP>/proc > # jail /jail/<IP> jail <IP> /bin/sh /etc/rc > hw.bus.devctl_disable: 1 -> 1 > Entropy harvesting:sysctl: kern.random.sys.harvest.interrupt: > Operation not permitted > interruptssysctl: kern.random.sys.harvest.ethernet: Operation not > permitted > ethernetsysctl: kern.random.sys.harvest.point_to_point: Operation not > permitted > point_to_point. > Fast boot: skipping disk checks. > mount: /: unknown special file or file system > adjkerntz[87273]: sysctl(put_wallclock): Operation not permitted > Doing initial network setup:. > ifconfig: ioctl (SIOCDIFADDR): permission denied > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 > Additional routing options:. > Mounting NFS file systems:. > Starting syslogd. > syslogd: child pid 87388 exited with return code 1 > ELF ldconfig path: /usr/lib /usr/lib/compat > a.out ldconfig path: /usr/lib/aout /usr/lib/compat/aout > Starting local daemons:. > Updating motd. > Starting sshd. > Initial i386 initialization:. > Additional ABI support:. > Local package initialization:. > Additional TCP options:. > Starting cron. > Starting background file system checks. > > Mon Apr 7 22:07:20 CDT 2003 > > > In the jail environment: > > rc.conf > linux_enable="NO" > usbd_enable="NO" > sshd_enable="YES" > portmap_enable="NO" > > > > In the host system: > > <IP Settings> > inetd_flags="-wW -a <HOST IP>" > sendmail_enable="NO" > portmap_enable="NO" > kern_securelevel_enable="NO" > linux_enable="YES" > usbd_enable="YES" > sshd_enable="YES" > > > All the stuff in the man pages were done: > > o Create an empty /etc/fstab to quell startup warnings > about > missing fstab > o Disable the port mapper (/etc/rc.conf: > portmap_enable="NO") > o Run newaliases(1) to quell sendmail(8) warnings. > o Disable interface configuration to quell startup > warnings about > ifconfig(8) (network_interfaces="") > o Configure /etc/resolv.conf so that name resolution > within the > jail will work correctly > o Set a root password, probably different from the real > host sys- > tem > o Set the timezone > o Add accounts for users in the jail environment > o Install any packages that you think the environment > requires > > > > Help. > > > Thanks, > > CH > > > > This PGP signature is signed to charford at infinithost.com. If you > have received this signature from a different email account please > email that account and a different key will be sent. Sorry for any > problems. > > This electronic message transmission contains information that is > privileged, confidential or otherwise the exclusive property of the > intended recipient or the sender. This information is intended for > the use of the individual or entity that is the intended recipient. If > you are not the designated recipient, please be aware that any > dissemination, distribution or copying of this communication is > strictly prohibited. If you have received this electronic > transmission in error, please notify us by electronic mail charford @ > infinithost.com and promptly destroy the original transmission. Thank > you for your assistance. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.1 (Darwin) > > iD8DBQE+kkT/tf2vknGZ+KoRAqFfAJ9wG/aJQcpsv98fhqLBfQpPSL1M/wCeKT9A > 5PjmenLTaNuYiI/0jqbAzXI= > =nq3j > -----END PGP SIGNATURE----- > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > > This PGP signature is signed to charford at infinithost.com. If you have received this signature from a different email account please email that account and a different key will be sent. Sorry for any problems. This electronic message transmission contains information that is privileged, confidential or otherwise the exclusive property of the intended recipient or the sender. This information is intended for the use of the individual or entity that is the intended recipient. If you are not the designated recipient, please be aware that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this electronic transmission in error, please notify us by electronic mail charford @ infinithost.com and promptly destroy the original transmission. Thank you for your assistance. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (Darwin) iD8DBQE+kk/etf2vknGZ+KoRAkjsAJ4lCLA8x5XHwNYuWL0OxX8a2Rx9QQCfXoA/ EY33gYblsJwtMVY8n/56wlM= =Qgdl -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?81E5D2D3-697A-11D7-B41C-000393A6FBE8>