right - so its the ones inside the chroot'ed filesystem that matter for authentication purposes jason?
the only thing that matters in the /etc/passwd is the path for the users home? that is what determines who gets chrooted unless Im more confused than I know On Mon, 2004-07-19 at 15:23, Jason Tower wrote: > yes, you will almost certainly need /etc/shadow, and /etc/groups and > gshadow wouldn't hurt either. the encrypted passwd is stored in shadow, > not passwd. > > jason > > > I am building an SFTP server with a chroot jail using: > > Redhat 9 > > openssh-3.5p1-6 > > rssh-2.2.1-1 > > > > I have based my efforts on Derek Martin's neat little write-up at > > http://www.sdri.co.jp/rssh/CHROOT_en.html > > > > I can log in as root and am NOT chroot'ed. This is what I want and > > expect. I can not log in as the user "test". > > > > Here is some output from sftp -vvv [EMAIL PROTECTED] > > > > debug1: authentications that can continue: > > publickey,password,keyboard-interactive > > debug3: userauth_kbdint: disable: no info_req_seen > > debug2: we did not send a packet, disable method > > debug3: authmethod_lookup password > > debug3: remaining preferred: > > debug3: authmethod_is_enabled password > > debug1: next auth method to try is password > > [EMAIL PROTECTED]'s password: > > debug3: packet_send2: adding 64 (len 53 padlen 11 extra_pad 64) > > debug2: we sent a password packet, wait for reply > > debug1: authentications that can continue: > > publickey,password,keyboard-interactive > > Permission denied, please try again. > > > > note that the password I offered was not accepted. what could cause > > that? I have created the user test and modified test's home to be > > /usr/chroot/home/test. I also copied /etc/passwd to > > /usr/chroot/etc/passwd and trimmed it down to just the user test. Since > > the real passwd file uses shadow I wonder if I need to copy shadow over > > to the chroot'ed location as well. Could that be it? It was my > > understanding that the authentication would take place using the real > > /etc/passwd rather than the chrooted one. > > > > My name is Ryan Leathers and I approved this email. > > > > -- > > Ryan Leathers <[EMAIL PROTECTED]> > > Global Knowledge > > > > -- > > TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug > > TriLUG Organizational FAQ : http://trilug.org/faq/ > > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ > > TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc > > > > -- Ryan Leathers <[EMAIL PROTECTED]> Global Knowledge -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
