Hi all,

I have setup a working chroot SSH login on a slackware 12.2 (32bit).
previous source: (think the site is down now)
http://www.tjw.org/chroot-login-HOWTO/

I am trying to setup the same on a newer Slackware 14.0 (64bits)
I copy the lib to lib64 for 64 bits library.
I also did "ldd /bin/bash" (ls/cp/etc) and copy all the libraries.
My authentication was completed but then I got auto-disconnected.
There is no .profile or logout on my login script.

When I use Bitvise, the messages I got was:
Attempting password authentication.
Authentication completed.
Terminal channel opened.
Terminal channel: Received exit code 1.
Terminal channel closed by server.

On my secure log, it only show the connection, no error.
On my messages log, it only show the normal connection.
sshd[30312]: Accepted password for <user> from <ipaddress> port 51097 ssh2

Did I missed something between 12.2/14.0 and 32/64 bits?

Appreciate any guidance or help.
Thanks.

The link you posted seems to be offline.

Have you checked permissions on the chroot directory containing your home directory? The chroot dir should be owned by root and be non-writable by the chrooted user (if it is writable by the user sshd will disconnect).

What messages do you see if you run sshd in debug mode (ie. with -d option)?

have you checked the /etc/ssh/sshd.conf file on the computer your trying to log on to
root logins are disallowed by default
uncoment this line "#PermitRootLogin yes"to enable root login
in /etc/ssh/sshd.conf

The initial authentication appears to be successful, which wouldn't happen if logins were disallowed in sshd_config, but then it is disconnected. That's why I suggested looking at messages from sshd -d.

"PermitRootLogin yes" is inadvisable on an internet facing server. It's safer to use "PermitRootLogin no" which allows user logins and then su into root after logging in.

Here is the most recent copy of the document you referred to:

chroot-login-HOWTO

archive.org ftw. I checked every date up to March 11 2007 for year 2007. There were many http 404 errors on later dates.

That article is dated 2001. OpenSSH acquired built-in chroot ability around 2008 with the 4.9p1 release (`man sshd_config' for details).

logins and "root logins " are not the same thing
an su root is the same thing as a root login
su logs the user back in as root

here is another HOW TO
http://kegel.com/crosstool/current/d...gin-howto.html

Yes. That's the idea. But it doesn't allow root logins directly from the internet, only from an already logged-in user. The point is to disallow automated logins from crackers trying to login to root@yourhostname using brute force methods. If you only allow password logins from non-root users and choose an obscure user name it adds another layer of difficulty for attackers as they can't brute-force a password for a username they can't guess. Obviously this won't help if your username is "admin" or something equally easy to guess.

If you also limit the number of incorrect login attempts with iptables rules it makes it difficult to brute force the SSH server. I've been running sshd on an internet facing server for about 8 years using the methods I've described, with no break-ins (but many attempts, mostly trying to login as root).