|
| From: | Tim Payne |
| Subject: | Re: [Jailkit-users] Jailkit-users Digest, Vol 124, Issue 4 |
| Date: | Wed, 9 Jan 2019 14:18:22 -0600 |
Send Jailkit-users mailing list submissions to
address@hidden
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.nongnu.org/mailman/listinfo/jailkit-users
or, via email, send a message with subject or body 'help' to
address@hidden
You can reach the person managing the list at
address@hidden
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Jailkit-users digest..."
Today's Topics:
1. Re: jk_lsh[7742]: cannot find user info for USER guest:
Success (2) (John Pilkington)
2. Re: jk_lsh[7742]: cannot find user info for USER guest:
Success (2) (Olivier Sessink)
3. Re: jk_lsh[7742]: cannot find user info for USER guest:
Success (2) (John Pilkington)
----------------------------------------------------------------------
Message: 1
Date: Wed, 9 Jan 2019 19:12:56 +0000
From: John Pilkington <address@hidden>
To: address@hidden
Subject: Re: [Jailkit-users] jk_lsh[7742]: cannot find user info for
USER guest: Success (2)
Message-ID:
<CAGBtOtrssH0hX4=NErEYFuUZFn+qx+tYzn=address@hidden>
Content-Type: text/plain; charset="utf-8"
Hello again Olivier,
So I must be barking up the wrong tree because, further to my previous
email, I find that scp works properly. For example from remote console:
>scp address@hidden:Public/PM_prefs_public.R C:\Users\John
>address@hidden's password:
PM_prefs_public.R 100% 11KB 11.2 Kb/s 00:00
The last tracefile exits with 0. The sftp last tracefile exits with 4. So
can I deduce that the problem with sftp lies in the last few lines of the
last tracefile: Clearly my suggestion about the paths is incorrect since
the same lines appear in the scp tracefile:
lstat64("/srv/sftpjail/bin/", 0x7eb176d8) = -1 ENOENT (No such file or
directory)
lstat64("/srv/sftpjail/sbin/", 0x7eb176d8) = -1 ENOENT (No such file or
directory)
So Please ignore my previous email!
Thanks,
John
On Mon, Jan 7, 2019 at 7:47 PM Olivier Sessink <
address@hidden> wrote:
> On 05-01-19 13:27, John Pilkington wrote:
> > Hello Olivier, and Happy New Year! I imagine this email will do
> > nothing to make it happier, but here goes ...
> >
> > You will remember that I had a problem with making an sftp/scp only
> > shell for a jailed user. On starting an sftp session, the connection
> > closes immediately upon entering the password, and it looks like
> > getpwnam() succeeds, but not actually in the way it should.
> >
> > Thank you very much for kindly offering to look at the trace logs
> > produced by strace. Thank you also for telling me about strace: I can
> > see that it is a hugely powerful tool and I was also delighted to find
> > that it is included in the Raspbian Stretch OS on my Raspberry Pis.
> > But, yes, I think it needs more expertise than I have to interpret the
> > output.
> >
> > So I followed your excellent instructions about debugging without a
> > shell in the jail, and obtained seven tracefiles. I take the liberty
> > of including them all below, but I suspect that the last one, 2544, is
> > the important one. Originally, this had about 1000 lines of "BAD FILE
> > DESCRIPTOR" from line 234. I've removed all except the first and last
> > few, but obviously there is something wrong here, though I cannot work
> > out what it might be.
> >
> > To remind you, I have user "guest" with password "guest" jailed
> > in /srv/sftpjail/home/guest.
> >
> > I have picked out what seem to me cardinal events in tracefile.2544;
> > I'll set them out here so that you can see I have done at least some
> > work for myself!
> >
> > Line 29: chdir("srv/sftpjail/./home/guest") looks OK
> > Line 36: /etc/ssh/sshrc No such file or directory. This may be the
> > first sign of trouble? Certainly there is no such file or directory,
> > either in /srv/sftpjail/etc or in /etc/ssh. Should there be? And
> > should it be at the "real" root or the jailed root?
> > Line 195: open /etc/passwd, retunr value 3: looks OK?
> > Line 210: open /etc/group, return value 3: looks OK?
> > Line 220: open /etc/jailkit/jk.chrootsh.ini, return value 3: looks OK?
> > Line 234 onwards: "BAD FILE DESCRIPTOR" Oh dear
> >
> > Line 267 (re-numbered) chroot("/srv/ftpjail"), looks like we haven't
> > failed terminally yet?
> > Line 292 chdir("/home/guest")
> >
> > Line 503 exited with 2. I assume that from here we recurse back
> > through the other processes, at some point undoing the chroot at line
> > 267. I haven't found that.
> >
> > Olivier, I feel really bad asking you to look at this stuff. Please
> > let me know if you see anything obvious here, but I cannot ask you to
> > spend a lot of time on it and will be very happy if you can just point
> > me in the right direction. Am I anywhere near right in my interpretation?
>
>
> can you check if libnss_compat.so.2 from your real system is copied into
> the jail? This library is related to user logins. In the logs it seeks
> this library in several locations, such as
> /usr/lib/arm-linux-gnueabihf/libnss_compat.so.2 and
> /lib/tls/vfp/libnss_compat.so.2 /lib/libnss_compat.so.2
>
> in jk_init.ini we only have /lib/x86_64-linux-gnu/libnss*.so.2 and
> several other (such as i386) but you are running on a raspberry pi, so
> there is no x86_64-linux-gnu directory. This could be the source of the
> problem. (you might want to check jk_init.ini for more directories that
> refer to x86_64)
>
> Olivier
>
>
>
> --
> Bluefish website http://bluefish.openoffice.nl/
> Blog http://oli4444.wordpress.com/
>
>
>
> _______________________________________________
> Jailkit-users mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/jailkit-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nongnu.org/archive/html/jailkit-users/attachments/20190109/8f8b72e1/attachment.html>
------------------------------
Message: 2
Date: Wed, 9 Jan 2019 20:45:23 +0100
From: Olivier Sessink <address@hidden>
To: address@hidden
Subject: Re: [Jailkit-users] jk_lsh[7742]: cannot find user info for
USER guest: Success (2)
Message-ID:
<address@hidden>
Content-Type: text/plain; charset="utf-8"
On 09-01-19 20:12, John Pilkington wrote:
> Hello again Olivier,
>
> So I must be barking up the wrong tree because, further to my previous
> email, I find that scp works properly. For example? from remote console:
> >scp address@hidden:Public/PM_prefs_public.R C:\Users\John
> >address@hidden <mailto:address@hidden>'s password:
> PM_prefs_public.R 100% 11KB 11.2 Kb/s 00:00
>
> The last tracefile exits with 0. The sftp last tracefile exits with 4.
> So can I deduce that the problem with sftp lies in the last few lines
> of the last tracefile: Clearly my suggestion about? the paths is
> incorrect since the same lines appear in the scp tracefile:
that probably means that jk_lsh either fails to start sftp (for example,
it cannot find the sftp binary, or libraries needed by sftp are
missing), or it is not properly configured to allow the start of the
sftp (in <jail>/etc/jk_lsh.ini). Is there anything in the logs from
jk_lsh ? (you must have logging in the jail for this to work!!! see
jk_socketd!)
Olivier
--
Bluefish website http://bluefish.openoffice.nl/
Blog http://oli4444.wordpress.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nongnu.org/archive/html/jailkit-users/attachments/20190109/dcc336e5/attachment.html>
------------------------------
Message: 3
Date: Wed, 9 Jan 2019 20:16:15 +0000
From: John Pilkington <address@hidden>
To: address@hidden
Subject: Re: [Jailkit-users] jk_lsh[7742]: cannot find user info for
USER guest: Success (2)
Message-ID:
<address@hidden>
Content-Type: text/plain; charset="utf-8"
Aha! I don't need to bother you any more! You are right - I just needed to
get the paths and executables correct <jail>/etc/jk_lsh.ini. There was a
WARNING in auth.log.
Would it be in order for me to write this experience up in one of the
Raspberry Pi forums? I think other users may be interested in the location
of files in /lib/arm-linux-gnueabifh, which I could not have discovered for
myself without your help. I guess I should have been able to get the
auth.log warning for myself - but it was immensely useful having you point
me in the right direction.
Again, thanks a million.
John
On Wed, Jan 9, 2019 at 7:45 PM Olivier Sessink <
address@hidden> wrote:
> On 09-01-19 20:12, John Pilkington wrote:
>
> Hello again Olivier,
>
> So I must be barking up the wrong tree because, further to my previous
> email, I find that scp works properly. For example from remote console:
> >scp address@hidden:Public/PM_prefs_public.R C:\Users\John
> >address@hidden's password:
> PM_prefs_public.R 100% 11KB 11.2 Kb/s 00:00
>
> The last tracefile exits with 0. The sftp last tracefile exits with 4. So
> can I deduce that the problem with sftp lies in the last few lines of the
> last tracefile: Clearly my suggestion about the paths is incorrect since
> the same lines appear in the scp tracefile:
>
> that probably means that jk_lsh either fails to start sftp (for example,
> it cannot find the sftp binary, or libraries needed by sftp are missing),
> or it is not properly configured to allow the start of the sftp (in
> <jail>/etc/jk_lsh.ini). Is there anything in the logs from jk_lsh ? (you
> must have logging in the jail for this to work!!! see jk_socketd!)
>
> Olivier
>
>
> --
> Bluefish website http://bluefish.openoffice.nl/
> Blog http://oli4444.wordpress.com/
>
> _______________________________________________
> Jailkit-users mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/jailkit-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nongnu.org/archive/html/jailkit-users/attachments/20190109/449f2f86/attachment.html>
------------------------------
Subject: Digest Footer
_______________________________________________
Jailkit-users mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/jailkit-users
------------------------------
End of Jailkit-users Digest, Vol 124, Issue 4
*********************************************
| [Prev in Thread] | Current Thread | [Next in Thread] |