This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: More on SSH problems....


Ok... now I'm confused.  I wrote a little chroot how-to for cygwin.  Stephen
was using that to base his thoughts on.  I have to admit I use it for
passward authentication only but would like to setup up for PKI.

What is the proper way to use chroot?
What is the intendid use of chroot?

Would there be any issues from chrooting from the passwd file via a shell
script?

Would there be a way to just chroot from the passwd file with out the shell
script?

I guess this raises lots of questions for me.

----- Original Message -----
From: "Stephen C. Biggs" <yyyyy50@hotpop.com>
To: <cygwin@cygwin.com>
Sent: Monday, August 05, 2002 7:30 AM
Subject: Re: More on SSH problems....


> On 5 Aug 2002 at 13:12, Corinna Vinschen
> wrote:
>
> > On Mon, Aug 05, 2002 at 03:50:21AM -0700, Stephen C. Biggs wrote:
> > > > So it's not the sshd server chroot'ing (which isn't implemented
> > > > in the official ssh sources anyway).  The problem might be related
> > > > to the fact that sshd and the shell script (another bash, that is)
> > > > is still running not chrooted (using the Cygwin DLL in /bin) and
> > > > the child bash is running using the Cygwin DLL in the chroot jail.
> > >
> > > This sounds about right because it doesn't
> > > dump the connection until after it logs on.  But,
> > > it is the sshd server that dumps the connection,
> > > not ssh. (In the client side: "Connection to
> >
> > Sure.  Think about the situation.  Only ssh is running on the client
> > side.  sshd -> bash -> script -> chroot -> bash is running server side.
> >
> > > localhost closed by remote host").  This is now
> > > getting me very confused!  Unless something is
> > > being transmitted wrong, but it only seems to
> > > matter when public key authentication is being
> > > used.  Perhaps something needs the dll
> > > constantly in the client?  Bad news!
> >
> > Patches gratefully...
> >
>
> I'd consider it, if I knew where to even
> begin to start looking!
>
> The thing is, I just tried it where I
> changed the line for the alternate
> user in /etc/passwd to NOT execute the
> chroot shell, rather /bin/bash,
> like normal.
>
> Guess what, it still happens!  What's
> going on, here?  It seems related
> directly to public key authentication,
> because this now works if I allow
> PasswordAuthentication and
> PermitEmptyPassword.
>
> Also, changing back to chroot'ing with
> the empty password, it works.  It
> MUST be related somehow to the
> public key authentication.  Something
> isn't configured right, or a file is in the
> wrong place or wrong
> permissions, or something... maybe
> SSHD doesn't like a different user
> than the real UID, but you say that this
> works for you...
>
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting:         http://cygwin.com/bugs.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
>
>


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]