SSH, SCP, JAIL and "You don't exist, go away!"
Howdoo folks, need some help. I'm trying to set up a machine with a chroot'd ssh/scp account. SSH seems to work no problem, but when I try to scp, I get a "You don't exist, go away!" message. I've done some investigation into this, and it would seem that normally it's related to the /etc/passwd file not being accurate. I've checked this file in both the normal system and the chroot'd environment, and it is exactly how I would expect it to be. I've even created a file while ssh'd in to check the UserID, and no surprise, they matched. Please could someone advise me on what to look for/do as I have hit a very solid brick wall very hard. I'm thinking that it requires a verification program that I don't have installed in the chroot. Am I right/wrong? Please help. Many thanks in advance. D.
Duncan Carter wrote:
I'm thinking that it requires a verification program that I don't have installed in the chroot. Am I right/wrong?
Yes, you're right. Does /etc/passwd and /etc/shadow exist in the chroot-Environment? It sound like they don't. -- Have fun, Peter
On Wednesday 03 September 2003 11:38 pm, Peter Wiersig wrote:
Duncan Carter wrote:
I'm thinking that it requires a verification program that I don't have installed in the chroot. Am I right/wrong?
Yes, you're right. Does /etc/passwd and /etc/shadow exist in the chroot-Environment? It sound like they don't.
I understood that he (Duncan) had these (copied?) in(to) the chrooted environment. I think these questions/answer point to the right direction but there is probably some piece of executable not working/found. Depending on where your system is connected you might try to duplicate at least the /bin directory contents in the chrooted environment. If it does not start working add more standard stuff from the non-chrooted environment. If it starts working this way you know that it is some executable (such as /bin/login, /bin/bash, /sbin/mingetty etc) or config from /etc. THEN be sure to remove stuff so that you only have the absolutely necessary remaining AND you understand what and why it is there (under the chroot environment). NOTE that this is really bad advice if you can not do this in a secure place, putting too much stuff under the chroot environment probably more or less sacrifies its purpose (the security). guessing, timo
Hi, One more thing to add: the necessary libraries needed by the chrooted programs. Even better: recompile these binaries as static. Regards, Holger Am Donnerstag, 4. September 2003 07:02 schrieb timo:
On Wednesday 03 September 2003 11:38 pm, Peter Wiersig wrote:
Duncan Carter wrote:
I'm thinking that it requires a verification program that I don't have installed in the chroot. Am I right/wrong?
Yes, you're right. Does /etc/passwd and /etc/shadow exist in the chroot-Environment? It sound like they don't.
I understood that he (Duncan) had these (copied?) in(to) the chrooted environment. I think these questions/answer point to the right direction but there is probably some piece of executable not working/found.
Depending on where your system is connected you might try to duplicate at least the /bin directory contents in the chrooted environment. If it does not start working add more standard stuff from the non-chrooted environment. If it starts working this way you know that it is some executable (such as /bin/login, /bin/bash, /sbin/mingetty etc) or config from /etc. THEN be sure to remove stuff so that you only have the absolutely necessary remaining AND you understand what and why it is there (under the chroot environment).
NOTE that this is really bad advice if you can not do this in a secure place, putting too much stuff under the chroot environment probably more or less sacrifies its purpose (the security).
guessing,
timo
participants (4)
-
Duncan Carter
-
Holger Schletz
-
Peter Wiersig
-
timo