Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Yet another openssh issue -> chroot after upgrade

Status
Not open for further replies.
TSch

TSch

Technical User
Jul 12, 2001
557
DE
Hi folks,

I heroically managed to set up a chroot environment under openssh V4.7 and it was even working perfectly :)

However: After using smit to upgrade the openssh packages to Version 5.0 the chroot environment broke apart and the chrooted user was able to cd .. to the whole machine.

So far I was able to find out about the new "ChrootDirectory" sshd_config parameter and updated the file accordingly ...

Since that the openssh started to refuse my ssh-key.
Strange, because we didn't change anything on the system. The only thing we did was upgrade V4.7 to V5.0

After doing a lot of googling I got the hint, that there might be something wrong with the file AND directory permissions for the authorized_keys file and all the directories above that, but it didn't become clear in what way the permissions might have to be changed. Anything I tried so far didn't solve the problem.

Here are the sshd debug messages I got so far:

Code: 
debug1: trying public RSA key file /usr/edi/.//.ssh/authorized_keys
debug1: restore_uid: 0/0
debug3: mm_request_send entering: type 32
Failed rsa for axway from 172.16.17.13 port 4199
debug1: audit event euid 0 user axway event 6 (SSH_failpubkey)

Note: /usr/edi/ is the chrooted directory !

Permissions are:

Code: 
-rw-------    1 chrootuser    staff          1726 Feb 09 15:41 authorized_keys
drwx------    2 chrootuser    staff           256 Feb 09 15:52 .ssh
drwxr-xr-x   12 root     staff          8192 Nov 18 16:26 edi

Any ideas what's wrong here ?

Regards
Thomas
 
Sort by date Sort by votes
Maybe you need to remove the entries in authorized_keys and let them to be regenerated.
 
Upvote 0 Downvote
We even tried this with different key versions / types and keep getting the same error all the time ...
 
Upvote 0 Downvote
Hi,

I noticed that you used the user axway in your post.

"Failed rsa for axway from 172.16.17.13 port 4199"

Are you using the Axway Synchrony Gateway_Interchange server & if so have you managed to run it in a chrooted cell?

I would like to do this.

Best regards.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

jkc2023
  • Locked
  • Question
AIX TL and SP upgrade
Replies
0
Views
441
jkc2023
jkc2023
CLampros
  • Locked
  • Question
PHP upgrade
Replies
0
Views
113
CLampros
CLampros
JC01
  • Locked
  • Question
rpm -ivh libgcc-6.3.0-1.aix7.2.ppc.rpm error: Failed dependencies: AIX-rpm >= 7.2.0.0 is needed
Replies
2
Views
279
JC01
JC01
PravinKatkade
  • Locked
  • Question
AIX IP filtering issue
Replies
1
Views
152
unixfreak
unixfreak
spricer
  • Locked
  • Question
Virtual I/O Ethernet Adapter not showing up in VIO after adding virtual adapter in profile
Replies
0
Views
187
spricer
spricer

Part and Inventory Search

Sponsor

Back
Top