jailkit-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Jailkit-users] Trouble with authorized_keys2 file

From: Jason Richard
Subject: RE: [Jailkit-users] Trouble with authorized_keys2 file
Date: Tue, 21 Sep 2010 13:10:11 -0500 
I couldn't find much in the log, so I turned on debug.  I see it trying to look 
at the authorized_keys2 file, but than fails, but doesn't say why.  The uid for 
the user nfm is 612 and the nfm group is 606, so those look right.

Sep 21 12:58:10 sccr101_temp sshd[23488]: debug1: rexec start in 4 out 4 
newsock 4 pipe 6 sock 7
Sep 21 12:58:10 sccr101_temp sshd[23301]: debug1: Forked child 23488.
Sep 21 12:58:10 sccr101_temp sshd[23488]: debug1: inetd sockets after dupping: 
3, 3
Sep 21 12:58:10 sccr101_temp sshd[23488]: Connection from 172.23.1.213 port 1596
Sep 21 12:58:10 sccr101_temp sshd[23488]: debug1: Client protocol version 2.0; 
client software version WinSCP_release_4.2.8
Sep 21 12:58:10 sccr101_temp sshd[23488]: debug1: no match: WinSCP_release_4.2.8
Sep 21 12:58:10 sccr101_temp sshd[23488]: debug1: Enabling compatibility mode 
for protocol 2.0
Sep 21 12:58:10 sccr101_temp sshd[23488]: debug1: Local version string 
SSH-2.0-OpenSSH_4.3
Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: permanently_set_uid: 74/74
Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: list_hostkey_types: 
ssh-rsa,ssh-dss
Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: SSH2_MSG_KEXINIT sent
Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: SSH2_MSG_KEXINIT received
Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: kex: client->server 
aes256-ctr hmac-sha1 none
Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: kex: server->client 
aes256-ctr hmac-sha1 none
Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: 
SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received
Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: expecting 
SSH2_MSG_KEX_DH_GEX_INIT
Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: SSH2_MSG_NEWKEYS sent
Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: expecting SSH2_MSG_NEWKEYS
Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: SSH2_MSG_NEWKEYS received
Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: KEX done
Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: userauth-request for user nfm 
service ssh-connection method none
Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: attempt 0 failures 0
Sep 21 12:58:10 sccr101_temp sshd[23488]: debug1: PAM: initializing for "nfm"
Sep 21 12:58:10 sccr101_temp sshd[23488]: debug1: PAM: setting PAM_RHOST to 
"sccr350.securitycoverage.com"
Sep 21 12:58:10 sccr101_temp sshd[23488]: debug1: PAM: setting PAM_TTY to "ssh"
Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: userauth-request for user nfm 
service ssh-connection method publickey
Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: attempt 1 failures 1
Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: test whether pkalg/pkblob are 
acceptable
Sep 21 12:58:10 sccr101_temp sshd[23488]: debug1: temporarily_use_uid: 612/606 
(e=0/0)
Sep 21 12:58:10 sccr101_temp sshd[23488]: debug1: trying public key file 
/home/retail/nfm/./home/nfm/.ssh/authorized_keys2
Sep 21 12:58:10 sccr101_temp sshd[23488]: debug1: restore_uid: 0/0
Sep 21 12:58:10 sccr101_temp sshd[23488]: debug1: temporarily_use_uid: 612/606 
(e=0/0)
Sep 21 12:58:10 sccr101_temp sshd[23488]: debug1: trying public key file 
/home/retail/nfm/./home/nfm/.ssh/authorized_keys2
Sep 21 12:58:10 sccr101_temp sshd[23488]: debug1: restore_uid: 0/0
Sep 21 12:58:10 sccr101_temp sshd[23488]: Failed publickey for nfm from 
172.23.1.213 port 1596 ssh2

-----Original Message-----
From: address@hidden [mailto:address@hidden On Behalf Of Lincoln Zuljewic Silva
Sent: Tuesday, September 21, 2010 1:07 PM
To: address@hidden
Subject: Re: [Jailkit-users] Trouble with authorized_keys2 file

Does /var/log/secure say something?

Probably a problem with the $HOME of the user...

Regards,
Lincoln

On Tue, Sep 21, 2010 at 2:43 PM, Jason Richard
<address@hidden> wrote:
> I created a user using the below commands.  I can log in when I use the
> password, but I am trying to setup the authorized_keys2 file and that is not
> working.  I looked at other threads about this and they all say to check the
> permissions.  I'm pretty sure I have them right, but I have included a full
> list of the directory tree as well.  Anyone have any ideas what I might be
> missing?  If necessary, this is on a CentOS 5.5 machine.  Thanks
>
>
>
> jk_init -v -j /home/retail/nfm jk_lsh scp sftp
>
> groupadd nfm
>
> useradd nfm -g nfm
>
> echo test_pass | passwd --stdin nfm
>
> jk_cp -j /home/retail/nfm /usr/sbin/jk_lsh
>
> jk_jailuser -m -j /home/retail/nfm/ nfm
>
> chown nfm:nfm /home/retail/nfm/home/nfm
>
> echo "[nfm]" > /home/retail/nfm/etc/jailkit/jk_lsh.ini
>
> echo "paths= /usr/libexec/openssh/" >>
> /home/retail/nfm/etc/jailkit/jk_lsh.ini
>
> echo "executables= /usr/libexec/openssh/sftp-server" >>
> /home/retail/nfm/etc/jailkit/jk_lsh.ini
>
> echo "allow_word_expansion = 0" >> /home/retail/nfm/etc/jailkit/jk_lsh.ini
>
> echo "umask = 002" >> /home/retail/nfm/etc/jailkit/jk_lsh.ini
>
>
>
>
>
> $ cd /home/retail/
>
>  $ ls -la
>
> total 32
>
> drwxr-xr-x 7 root root 4096 Sep 21 08:19 ./
>
> drwxr-xr-x 8 root root 4096 Sep 21 09:21 ../
>
> drwxr-xr-x 7 root root 4096 Sep 21 08:14 amtv/
>
> drwxr-xr-x 7 root root 4096 Sep 21 08:19 assurant/
>
> drwxr-xr-x 7 root root 4096 Sep 21 08:19 electronic_express/
>
> drwxr-xr-x 7 root root 4096 Sep 21 12:40 nfm/
>
> drwxr-xr-x 7 root root 4096 Sep 21 08:19 ntelos/
>
>  $ cd nfm/
>
>  $ ls -la
>
> total 28
>
> drwxr-xr-x 7 root root 4096 Sep 21 12:40 ./
>
> drwxr-xr-x 7 root root 4096 Sep 21 08:19 ../
>
> drwxr-xr-x 2 root root 4096 Sep 21 12:20 dev/
>
> drwxr-xr-x 3 root root 4096 Sep 21 12:28 etc/
>
> drwxr-xr-x 3 root root 4096 Sep 21 12:23 home/
>
> drwxr-xr-x 2 root root 4096 Sep 21 08:19 lib/
>
> drwxr-xr-x 5 root root 4096 Sep 21 08:19 usr/
>
>  $ cd home/
>
>  $ ls -la
>
> total 12
>
> drwxr-xr-x 3 root root 4096 Sep 21 12:23 ./
>
> drwxr-xr-x 7 root root 4096 Sep 21 12:40 ../
>
> drwxr--r-- 3 nfm  nfm  4096 Sep 21 08:26 nfm/
>
>  $ cd nfm/
>
>  $ ls -la
>
> total 28
>
> drwxr--r-- 3 nfm  nfm  4096 Sep 21 08:26 ./
>
> drwxr-xr-x 3 root root 4096 Sep 21 12:23 ../
>
> -rw-r--r-- 1 nfm  nfm    34 Sep 21 08:19 .bash_logout
>
> -rw-r--r-- 1 nfm  nfm   176 Sep 21 08:19 .bash_profile
>
> -rw-r--r-- 1 nfm  nfm  1790 Sep 21 08:19 .bashrc
>
> -rw-r--r-- 1 nfm  nfm   515 Sep 21 08:19 .emacs
>
> drwx------ 2 root root 4096 Sep 21 12:36 .ssh/
>
>  $ cd .ssh/
>
>  $ ls -la
>
> total 16
>
> drwx------ 2 root root 4096 Sep 21 12:36 ./
>
> drwxr--r-- 3 nfm  nfm  4096 Sep 21 08:26 ../
>
> -rw------- 1 nfm  nfm  1430 Sep 21 12:13 authorized_keys
>
> -rw------- 1 nfm  nfm  1429 Sep 21 12:36 authorized_keys2
>
>
>
>
>
> Jason
>
> _______________________________________________
> Jailkit-users mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/jailkit-users
>
>



-- 
Lincoln Zuljewic Silva
More contact info.: http://www.system.adm.br/contact.php

"How often must a question be asked before it's considered a
frequently asked question?"

_______________________________________________
Jailkit-users mailing list
address@hidden
http://lists.nongnu.org/mailman/listinfo/jailkit-users
reply via email to
[Prev in Thread] Current Thread [Next in Thread]