Hi ! I've got strange issue recently, not sure after what it happens, either to 3.1.13 or latest updates of Debian Stretch. non-root ssh users immediately disconnected. I suspect this could be somehow related to jailkit but I'm not sure. Root user can connect just fine. tail -n 10000 auth.log | grep client_ssh_login Aug 28 18:46:35 mail sshd[31261]: Accepted password for client_ssh_login from ip1.xx.xx.xx port yyy ssh2 Aug 28 18:46:35 mail sshd[31261]: pam_unix(sshd:session): session opened for user client_ssh_login by (uid=0) Aug 28 18:46:35 mail sshd[31261]: pam_unix(sshd:session): session closed for user client_ssh_login This is really strange. Especially taking into account that port yyy every time is different, and is in 4xxxxx range which I don't use at all. Server is in DMZ zone after router/firewall. All other services running fine. What could be the problem? Thanks in advance.
Try running the ssh session with -vvv to get more verbose output. Like so: Code: ssh -vvv [email protected] Then try to as root su to ssh user, log in as root and Code: su - user
After successful login: Last login: Tue Aug 28 18:47:12 2018 from ip.xx.xx.xx debug3: receive packet: type 96 debug2: channel 0: rcvd eof debug2: channel 0: output open -> drain debug2: channel 0: obuf empty debug2: channel 0: close_write debug2: channel 0: output drain -> closed debug3: receive packet: type 98 debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 debug3: receive packet: type 98 debug1: client_input_channel_req: channel 0 rtype [email protected] reply 0 debug2: channel 0: rcvd eow debug2: channel 0: close_read debug2: channel 0: input open -> closed debug3: receive packet: type 97 debug2: channel 0: rcvd close debug3: channel 0: will not send data after close debug2: channel 0: almost dead debug2: channel 0: gc: notify user debug2: channel 0: gc: user detached debug2: channel 0: send close debug3: send packet: type 97 debug2: channel 0: is dead debug2: channel 0: garbage collecting debug1: channel 0: free: client-session, nchannels 1 debug3: channel 0: status: The following connections are open: #0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cc -1) debug3: send packet: type 1 Connection to ip1.xx.xx.xx closed. Transferred: sent 2200, received 2696 bytes, in 0.1 seconds Bytes per second: sent 15360.3, received 18823.4 debug1: Exit status 53
After login, I can't su to ISPConfig shell user client_ssh_login, it simply does nothing (no error messages) and remain root. su wrong_user results in No passwd entry for user 'wrong_user' May be I should use webxx user instead ?
Yes, you can try to su to the web user. In regard to the external shall user login, please take a look at the /etc/passwd file and post the line that you find there for that user.
client_ssh_login:x:5005:5005::/var/www/clients/client1/web10/./home/client_ssh_login:/usr/sbin/jk_chrootsh BTW, su webxx also results in nothing. No error message, just don't work without any message.
I removed chroot shell jailkit option in web control panel, no change. Created another carbon copy shell user, login terminated instantly. Reinstalled jalkit, all same. Path is correct /var/www/clients/client1/web10/ Quite strange, I can su in another web user without problem.
The line from passwd file looks fine for a jailed user. So su'ing into this web user fails while su'ing into another web user works? Then the web[ID] user might be missing or damaged. Please check if the web user exists in passwd and shadow file and that its uid (5005) is the same than the one of the client_ssh_login user.
su from root doesn't work neither to web10 neither to client_ssh_login, path in /etc/passwd is correct. su to another web user works. web10:x:5005:5005::/var/www/clients/client1/web10/./home/web10:/usr/sbin/jk_chrootsh client_ssh_login:x:5005:5005::/var/www/clients/client1/web10/home/client_ssh_login:/usr/sbin/jk_chrootsh
cd /var/www/clients/client1 ls -la drwxr-xr-x 20 root root 4096 Apr 1 00:04 web10 drwxr-xr-x 19 root root 4096 Aug 29 10:16 web8 su to web8 works, to web10 doesn't.
Those are not home directories for ssh users. Code: ls -lh /var/www/clients/client1/web10/ Code: ls -lh /var/www/clients/client1/web8/
ls -lh /var/www/clients/client1/web10/ drwxr-xr-x 2 web10 client1 4.0K Apr 1 00:04 backup drwxr-xr-x 2 web10 client1 4.0K Mar 29 13:14 bin drwxr-xr-x 2 web10 client1 4.0K May 22 2017 cgi-bin drwxr-xr-x 2 web10 client1 4.0K Aug 29 10:11 dev drwxr-xr-x 6 web10 client1 4.0K Mar 29 13:14 etc drwxr-xr-x 5 root root 4.0K Aug 29 10:17 home drwxr-xr-x 4 web10 client1 4.0K Mar 29 13:14 lib drwxr-xr-x 2 web10 client1 4.0K Mar 29 13:14 lib64 drwxr-xr-x 2 root root 4.0K Aug 29 00:05 log drwx--x--- 2 web10 client1 4.0K May 22 2017 private drwxr-xr-x 3 web10 client1 4.0K Mar 29 13:14 run drwxr-xr-x 2 root root 4.0K Mar 29 13:14 ssl drwxrwxrwx 2 web10 client1 4.0K May 8 15:48 tmp drwxr-xr-x 6 web10 client1 4.0K Mar 29 13:14 usr drwxr-xr-x 2 web10 client1 4.0K Mar 29 13:14 var drwx--x--x 18 web10 client1 4.0K Mar 29 13:17 web drwx--x--- 2 web10 client1 4.0K Mar 29 13:14 webdav ls -lh /var/www/clients/client1/web10/home/ drwxr-x--- 6 web10 client1 4.0K Aug 29 10:18 client_ssh_login drwxr-x--- 2 web10 client1 4.0K Jan 18 2018 web10 Strange enough, same client_ssh_login directory exists also in ls -lh /var/www/clients/client1/web8/home/ drwxr-x--- 4 web8 client1 4.0K Jan 18 2018 client_ssh_login drwxr-x--- 2 web8 client1 4.0K Aug 29 11:46 web8
Directory web10/home is owned by root:root. Use Code: chown web10:client1 web10/home And use code block when you paste listings, makes it easier to read.
Did chown as above, restarted ssh service, nothing changed. Probably have to completely delete all staff related to this user. Made another shell user with jailkit, it logins succesfully. Really strange glitch.
I wiped out all problematic staff, and recreated again. Its really strange, I didn't changed anything of that web10 user for a months, only web programmer did uploaded some stuff about 2 months ago (he used chrooted shell access).