RE: [Jailkit-users] Trouble with authorized

jailkit-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Jailkit-users] Trouble with authorized_keys2 file

From:	Jason Richard
Subject:	RE: [Jailkit-users] Trouble with authorized_keys2 file
Date:	Tue, 21 Sep 2010 13:16:00 -0500

Wow, I apparently am too tired and should go home.  I could have swore I 
checked that.  Changed it to nfm:nfm and it is working perfect.  Thanks

Jason

-----Original Message-----
From: address@hidden [mailto:address@hidden On Behalf Of Lincoln Zuljewic Silva
Sent: Tuesday, September 21, 2010 1:14 PM
To: address@hidden
Subject: Re: [Jailkit-users] Trouble with authorized_keys2 file

Why the owner of the /home/retail/nfm/.ssh is root?

It should be "nfm".

 $ cd nfm/
 $ ls -la
total 28
drwxr--r-- 3 nfm  nfm  4096 Sep 21 08:26 ./
drwxr-xr-x 3 root root 4096 Sep 21 12:23 ../
-rw-r--r-- 1 nfm  nfm    34 Sep 21 08:19 .bash_logout
-rw-r--r-- 1 nfm  nfm   176 Sep 21 08:19 .bash_profile
-rw-r--r-- 1 nfm  nfm  1790 Sep 21 08:19 .bashrc
-rw-r--r-- 1 nfm  nfm   515 Sep 21 08:19 .emacs
drwx------ 2 root root 4096 Sep 21 12:36 .ssh/     <----#####

Regards,
Lincoln

On Tue, Sep 21, 2010 at 3:10 PM, Jason Richard
<address@hidden> wrote:
> I couldn't find much in the log, so I turned on debug.  I see it trying to 
> look at the authorized_keys2 file, but than fails, but doesn't say why.  The 
> uid for the user nfm is 612 and the nfm group is 606, so those look right.
>
> Sep 21 12:58:10 sccr101_temp sshd[23488]: debug1: rexec start in 4 out 4 
> newsock 4 pipe 6 sock 7
> Sep 21 12:58:10 sccr101_temp sshd[23301]: debug1: Forked child 23488.
> Sep 21 12:58:10 sccr101_temp sshd[23488]: debug1: inetd sockets after 
> dupping: 3, 3
> Sep 21 12:58:10 sccr101_temp sshd[23488]: Connection from 172.23.1.213 port 
> 1596
> Sep 21 12:58:10 sccr101_temp sshd[23488]: debug1: Client protocol version 
> 2.0; client software version WinSCP_release_4.2.8
> Sep 21 12:58:10 sccr101_temp sshd[23488]: debug1: no match: 
> WinSCP_release_4.2.8
> Sep 21 12:58:10 sccr101_temp sshd[23488]: debug1: Enabling compatibility mode 
> for protocol 2.0
> Sep 21 12:58:10 sccr101_temp sshd[23488]: debug1: Local version string 
> SSH-2.0-OpenSSH_4.3
> Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: permanently_set_uid: 74/74
> Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: list_hostkey_types: 
> ssh-rsa,ssh-dss
> Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: SSH2_MSG_KEXINIT sent
> Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: SSH2_MSG_KEXINIT received
> Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: kex: client->server 
> aes256-ctr hmac-sha1 none
> Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: kex: server->client 
> aes256-ctr hmac-sha1 none
> Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: 
> SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received
> Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: SSH2_MSG_KEX_DH_GEX_GROUP 
> sent
> Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: expecting 
> SSH2_MSG_KEX_DH_GEX_INIT
> Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: SSH2_MSG_KEX_DH_GEX_REPLY 
> sent
> Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: SSH2_MSG_NEWKEYS sent
> Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: expecting SSH2_MSG_NEWKEYS
> Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: SSH2_MSG_NEWKEYS received
> Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: KEX done
> Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: userauth-request for user 
> nfm service ssh-connection method none
> Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: attempt 0 failures 0
> Sep 21 12:58:10 sccr101_temp sshd[23488]: debug1: PAM: initializing for "nfm"
> Sep 21 12:58:10 sccr101_temp sshd[23488]: debug1: PAM: setting PAM_RHOST to 
> "sccr350.securitycoverage.com"
> Sep 21 12:58:10 sccr101_temp sshd[23488]: debug1: PAM: setting PAM_TTY to 
> "ssh"
> Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: userauth-request for user 
> nfm service ssh-connection method publickey
> Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: attempt 1 failures 1
> Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: test whether pkalg/pkblob 
> are acceptable
> Sep 21 12:58:10 sccr101_temp sshd[23488]: debug1: temporarily_use_uid: 
> 612/606 (e=0/0)
> Sep 21 12:58:10 sccr101_temp sshd[23488]: debug1: trying public key file 
> /home/retail/nfm/./home/nfm/.ssh/authorized_keys2
> Sep 21 12:58:10 sccr101_temp sshd[23488]: debug1: restore_uid: 0/0
> Sep 21 12:58:10 sccr101_temp sshd[23488]: debug1: temporarily_use_uid: 
> 612/606 (e=0/0)
> Sep 21 12:58:10 sccr101_temp sshd[23488]: debug1: trying public key file 
> /home/retail/nfm/./home/nfm/.ssh/authorized_keys2
> Sep 21 12:58:10 sccr101_temp sshd[23488]: debug1: restore_uid: 0/0
> Sep 21 12:58:10 sccr101_temp sshd[23488]: Failed publickey for nfm from 
> 172.23.1.213 port 1596 ssh2
>
> -----Original Message-----
> From: address@hidden [mailto:address@hidden On Behalf Of Lincoln Zuljewic 
> Silva
> Sent: Tuesday, September 21, 2010 1:07 PM
> To: address@hidden
> Subject: Re: [Jailkit-users] Trouble with authorized_keys2 file
>
> Does /var/log/secure say something?
>
> Probably a problem with the $HOME of the user...
>
> Regards,
> Lincoln
>
> On Tue, Sep 21, 2010 at 2:43 PM, Jason Richard
> <address@hidden> wrote:
>> I created a user using the below commands.  I can log in when I use the
>> password, but I am trying to setup the authorized_keys2 file and that is not
>> working.  I looked at other threads about this and they all say to check the
>> permissions.  I'm pretty sure I have them right, but I have included a full
>> list of the directory tree as well.  Anyone have any ideas what I might be
>> missing?  If necessary, this is on a CentOS 5.5 machine.  Thanks
>>
>>
>>
>> jk_init -v -j /home/retail/nfm jk_lsh scp sftp
>>
>> groupadd nfm
>>
>> useradd nfm -g nfm
>>
>> echo test_pass | passwd --stdin nfm
>>
>> jk_cp -j /home/retail/nfm /usr/sbin/jk_lsh
>>
>> jk_jailuser -m -j /home/retail/nfm/ nfm
>>
>> chown nfm:nfm /home/retail/nfm/home/nfm
>>
>> echo "[nfm]" > /home/retail/nfm/etc/jailkit/jk_lsh.ini
>>
>> echo "paths= /usr/libexec/openssh/" >>
>> /home/retail/nfm/etc/jailkit/jk_lsh.ini
>>
>> echo "executables= /usr/libexec/openssh/sftp-server" >>
>> /home/retail/nfm/etc/jailkit/jk_lsh.ini
>>
>> echo "allow_word_expansion = 0" >> /home/retail/nfm/etc/jailkit/jk_lsh.ini
>>
>> echo "umask = 002" >> /home/retail/nfm/etc/jailkit/jk_lsh.ini
>>
>>
>>
>>
>>
>> $ cd /home/retail/
>>
>>  $ ls -la
>>
>> total 32
>>
>> drwxr-xr-x 7 root root 4096 Sep 21 08:19 ./
>>
>> drwxr-xr-x 8 root root 4096 Sep 21 09:21 ../
>>
>> drwxr-xr-x 7 root root 4096 Sep 21 08:14 amtv/
>>
>> drwxr-xr-x 7 root root 4096 Sep 21 08:19 assurant/
>>
>> drwxr-xr-x 7 root root 4096 Sep 21 08:19 electronic_express/
>>
>> drwxr-xr-x 7 root root 4096 Sep 21 12:40 nfm/
>>
>> drwxr-xr-x 7 root root 4096 Sep 21 08:19 ntelos/
>>
>>  $ cd nfm/
>>
>>  $ ls -la
>>
>> total 28
>>
>> drwxr-xr-x 7 root root 4096 Sep 21 12:40 ./
>>
>> drwxr-xr-x 7 root root 4096 Sep 21 08:19 ../
>>
>> drwxr-xr-x 2 root root 4096 Sep 21 12:20 dev/
>>
>> drwxr-xr-x 3 root root 4096 Sep 21 12:28 etc/
>>
>> drwxr-xr-x 3 root root 4096 Sep 21 12:23 home/
>>
>> drwxr-xr-x 2 root root 4096 Sep 21 08:19 lib/
>>
>> drwxr-xr-x 5 root root 4096 Sep 21 08:19 usr/
>>
>>  $ cd home/
>>
>>  $ ls -la
>>
>> total 12
>>
>> drwxr-xr-x 3 root root 4096 Sep 21 12:23 ./
>>
>> drwxr-xr-x 7 root root 4096 Sep 21 12:40 ../
>>
>> drwxr--r-- 3 nfm  nfm  4096 Sep 21 08:26 nfm/
>>
>>  $ cd nfm/
>>
>>  $ ls -la
>>
>> total 28
>>
>> drwxr--r-- 3 nfm  nfm  4096 Sep 21 08:26 ./
>>
>> drwxr-xr-x 3 root root 4096 Sep 21 12:23 ../
>>
>> -rw-r--r-- 1 nfm  nfm    34 Sep 21 08:19 .bash_logout
>>
>> -rw-r--r-- 1 nfm  nfm   176 Sep 21 08:19 .bash_profile
>>
>> -rw-r--r-- 1 nfm  nfm  1790 Sep 21 08:19 .bashrc
>>
>> -rw-r--r-- 1 nfm  nfm   515 Sep 21 08:19 .emacs
>>
>> drwx------ 2 root root 4096 Sep 21 12:36 .ssh/
>>
>>  $ cd .ssh/
>>
>>  $ ls -la
>>
>> total 16
>>
>> drwx------ 2 root root 4096 Sep 21 12:36 ./
>>
>> drwxr--r-- 3 nfm  nfm  4096 Sep 21 08:26 ../
>>
>> -rw------- 1 nfm  nfm  1430 Sep 21 12:13 authorized_keys
>>
>> -rw------- 1 nfm  nfm  1429 Sep 21 12:36 authorized_keys2
>>
>>
>>
>>
>>
>> Jason
>>
>> _______________________________________________
>> Jailkit-users mailing list
>> address@hidden
>> http://lists.nongnu.org/mailman/listinfo/jailkit-users
>>
>>
>
>
>
> --
> Lincoln Zuljewic Silva
> More contact info.: http://www.system.adm.br/contact.php
>
> "How often must a question be asked before it's considered a
> frequently asked question?"
>
> _______________________________________________
> Jailkit-users mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/jailkit-users
>
> _______________________________________________
> Jailkit-users mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/jailkit-users
>



-- 
Lincoln Zuljewic Silva
More contact info.: http://www.system.adm.br/contact.php

"How often must a question be asked before it's considered a
frequently asked question?"

_______________________________________________
Jailkit-users mailing list
address@hidden
http://lists.nongnu.org/mailman/listinfo/jailkit-users

[Prev in Thread]

Current Thread

[Next in Thread]

[Jailkit-users] Trouble with authorized_keys2 file, Jason Richard, 2010/09/21
- Re: [Jailkit-users] Trouble with authorized_keys2 file, Lincoln Zuljewic Silva, 2010/09/21
  - RE: [Jailkit-users] Trouble with authorized_keys2 file, Jason Richard, 2010/09/21
    - Re: [Jailkit-users] Trouble with authorized_keys2 file, Lincoln Zuljewic Silva, 2010/09/21
    - RE: [Jailkit-users] Trouble with authorized_keys2 file, Jason Richard <=
    - Re: [Jailkit-users] Trouble with authorized_keys2 file, Lincoln Zuljewic Silva, 2010/09/21

Prev by Date: Re: [Jailkit-users] Trouble with authorized_keys2 file
Next by Date: Re: [Jailkit-users] Trouble with authorized_keys2 file
Previous by thread: Re: [Jailkit-users] Trouble with authorized_keys2 file
Next by thread: Re: [Jailkit-users] Trouble with authorized_keys2 file
Index(es):
- Date
- Thread