LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 09-16-2009, 07:33 AM   #1
Kanon
Member
 
Registered: Sep 2004
Location: Norge
Distribution: Debian
Posts: 116

Rep: Reputation: 15
Thumbs up chroot sftp/ssh fails on shell


Got a problem with Lenny/opensftp/openssh.
Iv set the shell for the ftp user to: /bin/false
On loggin I get "No such file or...."

I see what the problem is the shell. But not how to rectify it. I dont want the shell to available in chroot'ed ftp.
So far Iv tested different setting/senarios. But this is the closest Iv come.
Can anyone see anything wrong here? Or have a clue as to what I might have done wrong?

sshd_config

Code:
Match Group ftpgroup
   ChrootDirectory %h
   AllowTCPForwarding no
   ForceCommand linternal-sftp
Logg from WinCSP.
Code:
. 2009-09-16 14:12:59.515 Server version: SSH-2.0-OpenSSH_5.1p1 Debian-5
. 2009-09-16 14:12:59.515 We claim version: SSH-2.0-WinSCP_release_4.1.9
. 2009-09-16 14:12:59.515 SSPI: acquired credentials for: Per@PC1
. 2009-09-16 14:13:04.140 Started a shell/command
. 2009-09-16 14:13:04.140 Server sent command exit status 1
. 2009-09-16 14:13:04.140 Received 38 bytes (1)
! 2009-09-16 14:13:04.140 /bin/false: No such file or directory
. 2009-09-16 14:13:04.140 Disconnected: All channels closed
* 2009-09-16 14:13:04.156 (ESshFatal) Connection has been unexpectedly closed. Server sent command exit status 1.
* 2009-09-16 14:13:04.156 Authentication log (see session log for details):
* 2009-09-16 14:13:04.156 Using username "ftpuser".
* 2009-09-16 14:13:04.156 /bin/false: No such file or directory
* 2009-09-16 14:13:04.156 
* 2009-09-16 14:13:04.156 Authentication failed.
SSH from local

Code:
Debian:/var/log# ssh ftpuser@Debian
ftpuser@Debian's password:
/bin/false: No such file or directory
Connection to risk closed.
Debian:/var/log#
auth.log

Code:
Sep 16 14:05:55 Debian sshd[5495]: Accepted password for ftpuser from 127.0.1.1 port 45164 ssh2
Sep 16 14:05:55 Debian sshd[5495]: pam_unix(sshd:session): session opened for user ftpuser by (uid=0)
Sep 16 14:05:55 Debian sshd[5495]: pam_unix(sshd:session): session closed for user ftpuser
Sep 16 14:12:58 Debian sshd[5510]: Accepted password for ftpuser from 192.168.10.100 port 3390 ssh2
Sep 16 14:12:58 Debian sshd[5510]: pam_unix(sshd:session): session opened for user ftpuser by (uid=0)
Sep 16 14:12:58 Debian sshd[5512]: subsystem request for sftp
Sep 16 14:12:58 Debian sshd[5510]: pam_unix(sshd:session): session closed for user ftpuser
Sep 16 14:16:11 Debian sshd[5518]: Accepted password for ftpuser from 127.0.1.1 port 48929 ssh2
Sep 16 14:16:11 Debian sshd[5518]: pam_unix(sshd:session): session opened for user ftpuser by (uid=0)
Sep 16 14:16:11 Debian sshd[5518]: pam_unix(sshd:session): session closed for user ftpuser
Sep 16 14:17:01 Debian CRON[5522]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 16 14:17:01 Debian CRON[5522]: pam_unix(cron:session): session closed for user root
 
Old 09-16-2009, 09:34 AM   #2
nidsche
LQ Newbie
 
Registered: Jun 2008
Location: Germany
Posts: 21

Rep: Reputation: 16
Quote:
Originally Posted by Kanon View Post
Got a problem with Lenny/opensftp/openssh.
Iv set the shell for the ftp user to: /bin/false
On loggin I get "No such file or...."

I see what the problem is the shell. But not how to rectify it.
Hi,

please try
Code:
which false
this should tell you if and where "false" is installed.
false by it self return directly to the system, that the the command used is unsuccessfull. In general it should still be possible to run code with the ssh command.

Please have a look at PAM mechanism to solve your issue.

Best regards Norbert
 
Old 09-17-2009, 01:16 AM   #3
Kanon
Member
 
Registered: Sep 2004
Location: Norge
Distribution: Debian
Posts: 116

Original Poster
Rep: Reputation: 15
which false = /bin/false

All regular users have no problem logging on with ssh of ftp. Its only this one test ftp user I have problems with. And its the only one chrooted.
In the end I want to close ftp for regular users and have only one chrooted ftp user.
 
Old 09-17-2009, 08:10 AM   #4
Minstrel
LQ Newbie
 
Registered: Nov 2007
Posts: 16

Rep: Reputation: 0
Quote:
Originally Posted by Kanon View Post
...

sshd_config

Code:
Match Group ftpgroup
   ChrootDirectory %h
   AllowTCPForwarding no
   ForceCommand linternal-sftp
...
A typo there - 'linternal-sftp' should read 'internal-sftp'.
 
Old 09-17-2009, 08:36 AM   #5
orgcandman
Member
 
Registered: May 2002
Location: dracut MA
Distribution: Ubuntu; PNE-LE; LFS (no book)
Posts: 594

Rep: Reputation: 102Reputation: 102
Quote:
Originally Posted by Kanon View Post
which false = /bin/false

All regular users have no problem logging on with ssh of ftp. Its only this one test ftp user I have problems with. And its the only one chrooted.
In the end I want to close ftp for regular users and have only one chrooted ftp user.
This may mean that your chroot jail doesn't have /bin/false

Try manually chroot'ing to the jail and see if it exists.
 
Old 09-17-2009, 08:58 AM   #6
Kanon
Member
 
Registered: Sep 2004
Location: Norge
Distribution: Debian
Posts: 116

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by orgcandman View Post
This may mean that your chroot jail doesn't have /bin/false

Try manually chroot'ing to the jail and see if it exists.
Might be a dumb question, but how do I do that?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Chroot SSH problem: ssh working, not SFTP & SCP. NaCo Linux - Security 3 02-01-2009 02:23 AM
LXer: How to: Restrict Users to SCP and SFTP and Block SSH Shell Access with rssh LXer Syndicated Linux News 0 01-02-2008 12:40 PM
chroot ssh/sftp on SuSE 9.2 Pro ctb123 Linux - Security 3 06-27-2006 08:45 AM
Restrict ssh/sftp with chroot? Chowroc Linux - Networking 4 01-25-2005 10:48 AM
Unable to get shell when using SSH/CHROOT/PAM_TACPLUS slug420 Linux - Security 0 11-16-2004 09:32 AM


All times are GMT -5. The time now is 03:05 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration