Ladies & Gents I have been trying to set up a chroot jail for some ssh users. I have been using this how-to http://www.howtoforge.org/chrooted-s...l-debian-lenny I tried an earlier one from the same author and didn't have success either. I am at this point. I am able to login as the "testuser" provided that I change the sshd_config and comment out the settings for "testuser". The error is Code: :~$ ssh testuser@kingbee Debian GNU/Linux squeeze/sid testuser@kingbee's password: /bin/bash: Permission denied Connection to kingbee closed. :~$ The auth.log contains Code: Sep 29 18:07:56 Kingbee sshd[25831]: Connection from 127.0.1.1 port 33898 Sep 29 18:07:56 Kingbee sshd[25831]: Failed none for testuser from 127.0.1.1 port 33898 ssh2 Sep 29 18:08:01 Kingbee sshd[25831]: Accepted password for testuser from 127.0.1.1 port 33898 ssh2 Sep 29 18:08:01 Kingbee sshd[25831]: pam_unix(sshd:session): session opened for user testuser by (uid=0) Sep 29 18:08:01 Kingbee sshd[25839]: Changed root directory to "/home" Sep 29 18:08:01 Kingbee sshd[25831]: User child is on pid 25839 Sep 29 18:08:01 Kingbee sshd[25831]: pam_unix(sshd:session): session closed for user testuser So far nothing I have tried has helped. There were 2 entries in /home/etc/passwd & shadow in the jail for "testuser". The first one I think was a left over from the first attempt, so I deleted them. That didn't change things. The /etc/passwd only contain one line for "testuser" and it looks like this Code: testuser:x:1002:1003::/home/home/testuser:/bin/bash the one in the jail /home/etc/passwd looks like Code: testuser:x:1002:1003::/home/testuser:/bin/bash The only difference I see is that the home directory is different and points inside the jail from outside. The permissions on /home/testuser are drwx------(700) and all the files and folders in it are owned by testuser. The script that builds the jail comes form http://www.fuschlberger.net/programs...p-chroot-jail/ and talks about pam causing login problems. But I don't have /home/jail/etc/pam.d/su I have the folder but not the file. But my error says nothing about a module. I do have /home/etc/pam.d/su and the above is commented out. I am able to manually enter the jail as root. Thanks for any advice you can give me.
Thanks falko, The jail is as built by the script you reference. /home I made no changes to the script as downloaded. I have discovered that for some reason the script set the permissions on the links and files as 700 and 600 instead of 755 and 644. I have gone through the files and folders and set the permissions as they are on my Debian Squeeze amd64 install. I may have missed something though. Then I ran into a different problem with sftp and the user not being recognized. I fixed that by setting the permissions it /etc/passwd & shadow. Now I get what looks like a half login? At least the cursor goes to the next line and I can enter text & some commands but pressing return only sends the cursor to the next line or closes the connection. My install is an upgrade form Lenny when it was testing. When the repos opened for testing squeeze I upgraded. So it has never really run stable. There is a directory /home/jail with some of a root file system in it but it is very limited. Not sure how it got there. This is what /var/log/auth.log shows Code: Oct 1 13:34:08 Kingbee sshd[7153]: Connection from 127.0.1.1 port 49251 Oct 1 13:34:08 Kingbee sshd[7153]: Failed none for testuser from 127.0.1.1 port 49251 ssh2 Oct 1 13:34:11 Kingbee sshd[7153]: Accepted password for testuser from 127.0.1.1 port 49251 ssh2 Oct 1 13:34:11 Kingbee sshd[7153]: pam_unix(sshd:session): session opened for user testuser by (uid=0) Oct 1 13:34:11 Kingbee sshd[7161]: Changed root directory to "/home" Oct 1 13:34:11 Kingbee sshd[7153]: User child is on pid 7161 Oct 1 13:34:24 Kingbee sshd[7153]: pam_unix(sshd:session): session closed for user testuser kingbee@Kingbee:~$ A quick look through the other log files shows nothing else. Any ideas? Thanks
mostly SOLVED check this for more detail http://www.linuxquestions.org/questions/linux-general-1/failing-at-chroot-101-758547/#post3705048
