Thanks Mike, I did more spelunking after your suggestion. Unfortunately I tinkered with so much I can't say for sure what "THE" problem was but its working now.
On Mon, 2004-07-19 at 21:05, Mike Johnson wrote: > Ryan Leathers [EMAIL PROTECTED] wrote: > > I am building an SFTP server with a chroot jail using: > > Redhat 9 > > openssh-3.5p1-6 > > rssh-2.2.1-1 > > > > I have based my efforts on Derek Martin's neat little write-up at > > http://www.sdri.co.jp/rssh/CHROOT_en.html > > Dumb question? Why the chroot? It's a pain in the ass to manage. rssh > does a good job of providing near equivalent security with much less > complexity. > > > note that the password I offered was not accepted. what could cause > > that? I have created the user test and modified test's home to be > > /usr/chroot/home/test. I also copied /etc/passwd to > > /usr/chroot/etc/passwd and trimmed it down to just the user test. Since > > the real passwd file uses shadow I wonder if I need to copy shadow over > > to the chroot'ed location as well. Could that be it? It was my > > understanding that the authentication would take place using the real > > /etc/passwd rather than the chrooted one. > > Any idea what the logs say? In the mkchroot.sh script provided by rssh, > there's a comment that you should pay attention to: > "Chroot jail configuration completed." > "NOTE: if you are not using the passwd file for authentication," > "you may need to copy some of the /lib/libnss_* files into the jail." > > Might be something to investigate. It may be that you're getting authd, > but getting kicked out due to something other than whether or not the > password worked. > > Mike > -- > "Spare me your space-age technobabble Atilla The Hun!" -- Zapp Brannigan > > GNUPG Key fingerprint = ACD2 2F2F C151 FB35 B3AF C821 89C4 DF9A 5DDD 95D1 > GNUPG Key = http://www.enoch.org/mike/mike.pubkey.asc -- Ryan Leathers <[EMAIL PROTECTED]> Global Knowledge -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
