Re: [CentOS] After update to 4.4, sshd chroot misconfigured

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

Jed Reynolds wrote:

Kanwar Ranbir Sandhu wrote:

On Tue, 2006-05-09 at 09:58 -0700, Jed Reynolds wrote:
Some googling revealed that the version of sshd I am now running is chrooted, but the chroot environment is incomplete. Instructions for completing the chroot environment can be found here: 

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=193184


Which one of the "solutions" worked for you?  I tried the last one, but
I don't see any changes in the logs.

BTW, thanks for bringing this up.  I was wondering what was going on,
but I haven't looked into it yet.  Good to see it's a known problem!
Irritatingly, it seems to have worked on one of my systems but not another. However, I might have to do a full restart on that system. 

I tried the first one, but I'll try the second one today.
OK, I believe it might be a permissions issue, but I don't understand why when I connect from some hosts to 192.168.0.20 I get the error and from others I don't.
I don't see the time being wierd. I just see it generating an error message after reading the timezone file. I did an strace -s 512 -f -p... on sshd to check what it was complaining about. 

[pid 16309] open("/usr/share/zoneinfo/America/Vancouver", O_RDONLY) = 7
[pid 16309] fstat(7, {st_mode=S_IFREG|0644, st_size=1037, ...}) = 0
[pid 16309] fstat(7, {st_mode=S_IFREG|0644, st_size=1037, ...}) = 0
[pid 16309] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2a9557c000 [pid 16309] read(7, "TZif\0\0\0\ [SNIP] ...25IT \02697\20\27)6 \30\"S"..., 4096) = 1037 
[pid 16309] close(7)                    = 0
[pid 16309] munmap(0x2a9557c000, 4096)  = 0
[pid 16309] sendto(6, "<86>Sep 6 13:50:01 sshd[16309]: Postponed publickey for root from ::ffff:192.168.0.12 port 38488 ssh2", 102, MSG_NOSIGNAL, NULL, 0) = 102 


If it couldn't read the file, then that'd be a different error.
I don't think I can go any further than I have. I'm just going to have to ignore those messages for now. 

Jed
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux