jailkit-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-users] Trouble with authorized_keys2 file

From: Lincoln Zuljewic Silva
Subject: Re: [Jailkit-users] Trouble with authorized_keys2 file
Date: Tue, 21 Sep 2010 15:18:33 -0300 
lol

No problems, this happens to me all the time..

Regards
Lincoln

On Tue, Sep 21, 2010 at 3:16 PM, Jason Richard
<address@hidden> wrote:
> Wow, I apparently am too tired and should go home.  I could have swore I 
> checked that.  Changed it to nfm:nfm and it is working perfect.  Thanks
>
> Jason
>
> -----Original Message-----
> From: address@hidden [mailto:address@hidden On Behalf Of Lincoln Zuljewic 
> Silva
> Sent: Tuesday, September 21, 2010 1:14 PM
> To: address@hidden
> Subject: Re: [Jailkit-users] Trouble with authorized_keys2 file
>
> Why the owner of the /home/retail/nfm/.ssh is root?
>
> It should be "nfm".
>
>  $ cd nfm/
>  $ ls -la
> total 28
> drwxr--r-- 3 nfm  nfm  4096 Sep 21 08:26 ./
> drwxr-xr-x 3 root root 4096 Sep 21 12:23 ../
> -rw-r--r-- 1 nfm  nfm    34 Sep 21 08:19 .bash_logout
> -rw-r--r-- 1 nfm  nfm   176 Sep 21 08:19 .bash_profile
> -rw-r--r-- 1 nfm  nfm  1790 Sep 21 08:19 .bashrc
> -rw-r--r-- 1 nfm  nfm   515 Sep 21 08:19 .emacs
> drwx------ 2 root root 4096 Sep 21 12:36 .ssh/     <----#####
>
> Regards,
> Lincoln
>
> On Tue, Sep 21, 2010 at 3:10 PM, Jason Richard
> <address@hidden> wrote:
>> I couldn't find much in the log, so I turned on debug.  I see it trying to 
>> look at the authorized_keys2 file, but than fails, but doesn't say why.  The 
>> uid for the user nfm is 612 and the nfm group is 606, so those look right.
>>
>> Sep 21 12:58:10 sccr101_temp sshd[23488]: debug1: rexec start in 4 out 4 
>> newsock 4 pipe 6 sock 7
>> Sep 21 12:58:10 sccr101_temp sshd[23301]: debug1: Forked child 23488.
>> Sep 21 12:58:10 sccr101_temp sshd[23488]: debug1: inetd sockets after 
>> dupping: 3, 3
>> Sep 21 12:58:10 sccr101_temp sshd[23488]: Connection from 172.23.1.213 port 
>> 1596
>> Sep 21 12:58:10 sccr101_temp sshd[23488]: debug1: Client protocol version 
>> 2.0; client software version WinSCP_release_4.2.8
>> Sep 21 12:58:10 sccr101_temp sshd[23488]: debug1: no match: 
>> WinSCP_release_4.2.8
>> Sep 21 12:58:10 sccr101_temp sshd[23488]: debug1: Enabling compatibility 
>> mode for protocol 2.0
>> Sep 21 12:58:10 sccr101_temp sshd[23488]: debug1: Local version string 
>> SSH-2.0-OpenSSH_4.3
>> Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: permanently_set_uid: 74/74
>> Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: list_hostkey_types: 
>> ssh-rsa,ssh-dss
>> Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: SSH2_MSG_KEXINIT sent
>> Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: SSH2_MSG_KEXINIT received
>> Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: kex: client->server 
>> aes256-ctr hmac-sha1 none
>> Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: kex: server->client 
>> aes256-ctr hmac-sha1 none
>> Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: 
>> SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received
>> Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: SSH2_MSG_KEX_DH_GEX_GROUP 
>> sent
>> Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: expecting 
>> SSH2_MSG_KEX_DH_GEX_INIT
>> Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: SSH2_MSG_KEX_DH_GEX_REPLY 
>> sent
>> Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: SSH2_MSG_NEWKEYS sent
>> Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: expecting SSH2_MSG_NEWKEYS
>> Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: SSH2_MSG_NEWKEYS received
>> Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: KEX done
>> Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: userauth-request for user 
>> nfm service ssh-connection method none
>> Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: attempt 0 failures 0
>> Sep 21 12:58:10 sccr101_temp sshd[23488]: debug1: PAM: initializing for "nfm"
>> Sep 21 12:58:10 sccr101_temp sshd[23488]: debug1: PAM: setting PAM_RHOST to 
>> "sccr350.securitycoverage.com"
>> Sep 21 12:58:10 sccr101_temp sshd[23488]: debug1: PAM: setting PAM_TTY to 
>> "ssh"
>> Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: userauth-request for user 
>> nfm service ssh-connection method publickey
>> Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: attempt 1 failures 1
>> Sep 21 12:58:10 sccr101_temp sshd[23489]: debug1: test whether pkalg/pkblob 
>> are acceptable
>> Sep 21 12:58:10 sccr101_temp sshd[23488]: debug1: temporarily_use_uid: 
>> 612/606 (e=0/0)
>> Sep 21 12:58:10 sccr101_temp sshd[23488]: debug1: trying public key file 
>> /home/retail/nfm/./home/nfm/.ssh/authorized_keys2
>> Sep 21 12:58:10 sccr101_temp sshd[23488]: debug1: restore_uid: 0/0
>> Sep 21 12:58:10 sccr101_temp sshd[23488]: debug1: temporarily_use_uid: 
>> 612/606 (e=0/0)
>> Sep 21 12:58:10 sccr101_temp sshd[23488]: debug1: trying public key file 
>> /home/retail/nfm/./home/nfm/.ssh/authorized_keys2
>> Sep 21 12:58:10 sccr101_temp sshd[23488]: debug1: restore_uid: 0/0
>> Sep 21 12:58:10 sccr101_temp sshd[23488]: Failed publickey for nfm from 
>> 172.23.1.213 port 1596 ssh2
>>
>> -----Original Message-----
>> From: address@hidden [mailto:address@hidden On Behalf Of Lincoln Zuljewic 
>> Silva
>> Sent: Tuesday, September 21, 2010 1:07 PM
>> To: address@hidden
>> Subject: Re: [Jailkit-users] Trouble with authorized_keys2 file
>>
>> Does /var/log/secure say something?
>>
>> Probably a problem with the $HOME of the user...
>>
>> Regards,
>> Lincoln
>>
>> On Tue, Sep 21, 2010 at 2:43 PM, Jason Richard
>> <address@hidden> wrote:
>>> I created a user using the below commands.  I can log in when I use the
>>> password, but I am trying to setup the authorized_keys2 file and that is not
>>> working.  I looked at other threads about this and they all say to check the
>>> permissions.  I'm pretty sure I have them right, but I have included a full
>>> list of the directory tree as well.  Anyone have any ideas what I might be
>>> missing?  If necessary, this is on a CentOS 5.5 machine.  Thanks
>>>
>>>
>>>
>>> jk_init -v -j /home/retail/nfm jk_lsh scp sftp
>>>
>>> groupadd nfm
>>>
>>> useradd nfm -g nfm
>>>
>>> echo test_pass | passwd --stdin nfm
>>>
>>> jk_cp -j /home/retail/nfm /usr/sbin/jk_lsh
>>>
>>> jk_jailuser -m -j /home/retail/nfm/ nfm
>>>
>>> chown nfm:nfm /home/retail/nfm/home/nfm
>>>
>>> echo "[nfm]" > /home/retail/nfm/etc/jailkit/jk_lsh.ini
>>>
>>> echo "paths= /usr/libexec/openssh/" >>
>>> /home/retail/nfm/etc/jailkit/jk_lsh.ini
>>>
>>> echo "executables= /usr/libexec/openssh/sftp-server" >>
>>> /home/retail/nfm/etc/jailkit/jk_lsh.ini
>>>
>>> echo "allow_word_expansion = 0" >> /home/retail/nfm/etc/jailkit/jk_lsh.ini
>>>
>>> echo "umask = 002" >> /home/retail/nfm/etc/jailkit/jk_lsh.ini
>>>
>>>
>>>
>>>
>>>
>>> $ cd /home/retail/
>>>
>>>  $ ls -la
>>>
>>> total 32
>>>
>>> drwxr-xr-x 7 root root 4096 Sep 21 08:19 ./
>>>
>>> drwxr-xr-x 8 root root 4096 Sep 21 09:21 ../
>>>
>>> drwxr-xr-x 7 root root 4096 Sep 21 08:14 amtv/
>>>
>>> drwxr-xr-x 7 root root 4096 Sep 21 08:19 assurant/
>>>
>>> drwxr-xr-x 7 root root 4096 Sep 21 08:19 electronic_express/
>>>
>>> drwxr-xr-x 7 root root 4096 Sep 21 12:40 nfm/
>>>
>>> drwxr-xr-x 7 root root 4096 Sep 21 08:19 ntelos/
>>>
>>>  $ cd nfm/
>>>
>>>  $ ls -la
>>>
>>> total 28
>>>
>>> drwxr-xr-x 7 root root 4096 Sep 21 12:40 ./
>>>
>>> drwxr-xr-x 7 root root 4096 Sep 21 08:19 ../
>>>
>>> drwxr-xr-x 2 root root 4096 Sep 21 12:20 dev/
>>>
>>> drwxr-xr-x 3 root root 4096 Sep 21 12:28 etc/
>>>
>>> drwxr-xr-x 3 root root 4096 Sep 21 12:23 home/
>>>
>>> drwxr-xr-x 2 root root 4096 Sep 21 08:19 lib/
>>>
>>> drwxr-xr-x 5 root root 4096 Sep 21 08:19 usr/
>>>
>>>  $ cd home/
>>>
>>>  $ ls -la
>>>
>>> total 12
>>>
>>> drwxr-xr-x 3 root root 4096 Sep 21 12:23 ./
>>>
>>> drwxr-xr-x 7 root root 4096 Sep 21 12:40 ../
>>>
>>> drwxr--r-- 3 nfm  nfm  4096 Sep 21 08:26 nfm/
>>>
>>>  $ cd nfm/
>>>
>>>  $ ls -la
>>>
>>> total 28
>>>
>>> drwxr--r-- 3 nfm  nfm  4096 Sep 21 08:26 ./
>>>
>>> drwxr-xr-x 3 root root 4096 Sep 21 12:23 ../
>>>
>>> -rw-r--r-- 1 nfm  nfm    34 Sep 21 08:19 .bash_logout
>>>
>>> -rw-r--r-- 1 nfm  nfm   176 Sep 21 08:19 .bash_profile
>>>
>>> -rw-r--r-- 1 nfm  nfm  1790 Sep 21 08:19 .bashrc
>>>
>>> -rw-r--r-- 1 nfm  nfm   515 Sep 21 08:19 .emacs
>>>
>>> drwx------ 2 root root 4096 Sep 21 12:36 .ssh/
>>>
>>>  $ cd .ssh/
>>>
>>>  $ ls -la
>>>
>>> total 16
>>>
>>> drwx------ 2 root root 4096 Sep 21 12:36 ./
>>>
>>> drwxr--r-- 3 nfm  nfm  4096 Sep 21 08:26 ../
>>>
>>> -rw------- 1 nfm  nfm  1430 Sep 21 12:13 authorized_keys
>>>
>>> -rw------- 1 nfm  nfm  1429 Sep 21 12:36 authorized_keys2
>>>
>>>
>>>
>>>
>>>
>>> Jason
>>>
>>> _______________________________________________
>>> Jailkit-users mailing list
>>> address@hidden
>>> http://lists.nongnu.org/mailman/listinfo/jailkit-users
>>>
>>>
>>
>>
>>
>> --
>> Lincoln Zuljewic Silva
>> More contact info.: http://www.system.adm.br/contact.php
>>
>> "How often must a question be asked before it's considered a
>> frequently asked question?"
>>
>> _______________________________________________
>> Jailkit-users mailing list
>> address@hidden
>> http://lists.nongnu.org/mailman/listinfo/jailkit-users
>>
>> _______________________________________________
>> Jailkit-users mailing list
>> address@hidden
>> http://lists.nongnu.org/mailman/listinfo/jailkit-users
>>
>
>
>
> --
> Lincoln Zuljewic Silva
> More contact info.: http://www.system.adm.br/contact.php
>
> "How often must a question be asked before it's considered a
> frequently asked question?"
>
> _______________________________________________
> Jailkit-users mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/jailkit-users
>
> _______________________________________________
> Jailkit-users mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/jailkit-users
>



-- 
Lincoln Zuljewic Silva
More contact info.: http://www.system.adm.br/contact.php

"How often must a question be asked before it’s considered a
frequently asked question?"
reply via email to
[Prev in Thread] Current Thread [Next in Thread]