|
OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
Issues with PuTTY + ForceCommand + ChrootDirectory
Hi,
I'm on OpenBSD 6.5 and I'm trying to configure SSHD with both ChrootDirectory and ForceCommand. As an example I'm using vim. Unfortunatley I get this error, and I am looking for some help troubleshooting it: First I create the directory /var/chroot/test which wil be the home dir of our test user: Code:
#adduser -home /var/chroot Code:
Copying /var/chroot/test/usr/local/lib/libiconv.so.6.0 Copying /var/chroot/test/usr/lib/libc.so.92.5 Copying /var/chroot/test/usr/local/bin/vim Copying /var/chroot/test/usr/libexec/ld.so Copying /var/chroot/test/usr/local/lib/libintl.so.6.0 Copying /var/chroot/test/usr/lib/libcurses.so.14.0 Copying /var/chroot/test/usr/lib/libm.so.10.1 Code:
#cd /var/chroot/test #mkdir dev #cd dev #/dev/MAKEDEV std pty Code:
#chmod o-rx /var/chroot/test #chown root:test /var/chroot/test Code:
LogLevel DEBUG PermitTTY yes Match User test ChrootDirectory /var/chroot/test ForceCommand /usr/local/bin/vim Code:
May 11 11:56:39 totesnotmyserver sshd[53405]: Connection from 10.0.0.130 port 61006 on 10.0.1.2 port 22 rdomain "0" May 11 11:56:46 totesnotmyserver sshd[53405]: Accepted password for test from 10.0.0.130 port 61006 ssh2 May 11 11:56:46 totesnotmyserver sshd[53405]: User child is on pid 66611 May 11 11:56:46 totesnotmyserver sshd[66611]: Changed root directory to "/var/chroot/test/" May 11 11:56:46 totesnotmyserver sshd[66611]: Starting session: forced-command (config) '/usr/local/bin/vim' on ttyp7 for test from 10.0.0.130 port 61006 id 0 May 11 11:56:46 totesnotmyserver sshd[66611]: Close session: user test from 10.0.0.130 port 61006 id 0 May 11 11:56:46 totesnotmyserver sshd[66611]: Connection closed by 10.0.0.130 port 61006 May 11 11:56:46 totesnotmyserver sshd[66611]: Transferred: sent 2200, received 1792 bytes May 11 11:56:46 totesnotmyserver sshd[66611]: Closing connection to 10.0.0.130 port 61006 Any ideas what is going wrong? Last edited by sklv; 11th May 2019 at 03:57 PM. Reason: Remove server hostname |
|
|||
Thanks for the quick reply!
You're right, the issue is that ld.so can't load a library. I have tried with different binaries: Code:
# chroot -u test /var/chroot/test/ /usr/local/bin/vim ld.so: vim: can't load library 'libiconv.so.6.0' Killed # chroot -u test /var/chroot/test/ /usr/local/bin/weechat ld.so: weechat: can't load library 'libcurl.so.25.21' Killed I tried researching why this is the case, but as this is the OpenBSD linker I couldn't find much info. How can I make ld.so give more verbose output, or otherwise fix the issue? |
|
|||
After copying ld.so.hints, vim starts in the chroot (with a warning about ANSI encoding). Unfortunately the ssh login fails with the same log messages as in the initial post:
Code:
May 11 16:51:00 totesnotmyserver sshd[86106]: Connection from 10.0.0.130 port 61563 on 10.0.1.2 port 22 rdomain "0" May 11 16:51:03 totesnotmyserver sshd[86106]: Accepted password for test from 10.0.0.130 port 61563 ssh2 May 11 16:51:03 totesnotmyserver sshd[86106]: User child is on pid 26149 May 11 16:51:03 totesnotmyserver sshd[26149]: Changed root directory to "/var/chroot/test/" May 11 16:51:03 totesnotmyserver sshd[26149]: Starting session: forced-command (config) '/usr/local/bin/vim' on ttyp6 for test from 10.0.0.130 port 61563 id 0 May 11 16:51:03 totesnotmyserver sshd[26149]: Close session: user test from 10.0.0.130 port 61563 id 0 May 11 16:51:03 totesnotmyserver sshd[26149]: Connection closed by 10.0.0.130 port 61563 May 11 16:51:03 totesnotmyserver sshd[26149]: Transferred: sent 2200, received 1792 bytes May 11 16:51:03 totesnotmyserver sshd[26149]: Closing connection to 10.0.0.130 port 61563 |
|
|||
The issue was the absence of /bin/sh inside the chroot. Once i changed /etc/passwd to use /bin/sh and put /bin/sh inside the chroot everything worked.
jggimi thanks for your help. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
authpf - putty connects really fast and then closes | EverydayDiesel | OpenBSD Security | 1 | 4th June 2015 04:13 AM |
Security problem in PuTTY SSH client fixed | J65nko | News | 0 | 12th December 2011 04:26 PM |
Fresh PuTTY | J65nko | News | 2 | 15th July 2011 02:03 AM |
ssh and PuTTY Configuration | rtwingfield | FreeBSD Security | 4 | 8th June 2009 09:55 PM |
another program like Putty | mfaridi | FreeBSD Security | 4 | 7th July 2008 02:41 PM |