similar to: chroot directory ownership

Hi all, Today, I was tasked at work with setting up a chroot SFTP server on a 64bit Arch Linux server. I naturally turned to Arch Linux's wiki article on the subject (http://wiki.archlinux.org/index.php/SFTP-chroot) and the directions were very clear. However, the directions did not work. I kept getting a "Write failed: Broken pipe" error after attempting to connect. Upon digging

https://bugzilla.mindrot.org/show_bug.cgi?id=1567 Summary: Insufficient privileges to chroot() on AIX Product: Portable OpenSSH Version: 5.2p1 Platform: PPC OS/Version: AIX Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy: bana

Hi, I'm looking for software that can perform kriging on systems with dimensionality higher than 3, say d=5. Are anyone aware of packages in R that can do this? Thanks, Eivind Sm??rgrav ------------------------------------------------------------------- The information contained in this message may be CONFIDENTIAL and is intended for the addressee only. Any unauthorised use,

Hi, I need to use sftp-only accounts, chroot()ed in their home dirs, on AIX 5.3 with OpenSSH_5.2p1. But there is a problem with the chroot() call. In the do_setusercontext() function, chroot() is called after the setpcred() (only AIX is concerned by the setpcred() call), so privileges are already dropped when chroot() is called. When not calling setpcred(), the chroot() does not fail and the

Hi, I have added calls to `check_ntsec()' to the code which checks for the ownership and modes of identity files and directories. As you might know, check_ntsec() tests if owner/modes are supported by the OS (9x/ME=no, NT/W2K=yes), the filesystem (FAT/FAT32=no, NTFS=yes) and the current Cygwin settings (ntea/ntsec). Corinna Index: auth-rhosts.c

https://bugzilla.mindrot.org/show_bug.cgi?id=1678 Summary: Insufficient privileges to chroot() on AIX Product: Portable OpenSSH Version: 5.3p1 Platform: PPC OS/Version: AIX Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy:

Nico Kadel-Garcia <nkadel at gmail.com> writes: > Dag-Erling Sm?rgrav <des at des.no> writes: > > Some OS distributions (FreeBSD, RHEL / CentOS, probably Fedora) have > > X11Forwarding enabled by default. > I'm not sure I see your point. With X11Forwarding off by default, one would assume that it is only enabled on a case-by-case basis for users or groups who

Plagued with an error I can't get past: ==> dovecot_info.log <== dovecot: Mar 04 22:09:06 Info: Dovecot starting up ==> dovecot.log <== dovecot-auth: Mar 04 22:09:07 Fatal: Can't open configuration file /usr/local/etc/dovecot-pgsql.conf: No such file or directory dovecot: Mar 04 22:09:07 Error: child 18211 (auth) returned error 89 dovecot: Mar 04 22:09:07 Error: Auth process

Nico Kadel-Garcia <nkadel at gmail.com> writes: > Dag-Erling Sm?rgrav <des at des.no> writes: > > It is relatively trivial to write a PAM module to do that. > Which will have the relevant configuration overwritten and disabled > the next time you run "authconfig" on Red Hat based sysems. I'm not > sure if this occurs with other systems, but tuning PAM is

https://bugzilla.mindrot.org/show_bug.cgi?id=3715 Bug ID: 3715 Summary: safely_chroot is a little too restrictive: noexec or nosuid should be enough Product: Portable OpenSSH Version: 9.8p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5

https://bugzilla.mindrot.org/show_bug.cgi?id=1461 Summary: session.c: don't chdir() after chroot() if chroot_path==pw->pw_dir Classification: Unclassified Product: Portable OpenSSH Version: 5.0p1

Hi, OpenSSH 6.0 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains a couple of new features and changes and bug fixes. Testing of the new sandboxed privilege separation mode (see below) would be particularly appreciated. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The

Hi, (please CC me as I'm not subscribed to the list) If compiled with SELinux support, OpenSSH 4.8 current cvs fails for accounts where the new ChrootDirectory option is active : debug1: PAM: establishing credentials debug3: PAM: opening session debug2: User child is on pid 1695 debug3: mm_request_receive entering debug1: PAM: establishing credentials debug3: safely_chroot: checking

Take the usual precautions when upgrading. Also note that I have changed some configuration defaults: the server no longer accepts protocol version 1 nor password authentication by default. If your ssh client does not support ssh protocol version 2 or keyboard-interactive authentication, the recommended measures are: 1) get a better client 2) get a better client (I mean it) 3) get a better

Lesley Kimmel <lesley.j.kimmel at gmail.com> writes: > So I probably shouldn't have said "arbitrary" script. What I really > want to do is to present a terms of service notice (/etc/issue). But I > also want to get the user to actually confirm (by typing 'y') that > they accept. If they try to exit or type anything other than 'y' they > will be

Could a clueful list admin take this d00f off the list... robertot@redix.it ----- Forwarded message from robertot@redix.it ----- Date: Sun, 12 Aug 2012 18:34:56 +0200 (CEST) From: robertot@redix.it To: jhellenthal@dataix.net Subject: Please confirm your message This message was created automatically by mail delivery software (TMDA). Your message attached below is being held because the

Cf. http://seclists.org/fulldisclosure/2008/Jul/0090.html This Mrdkaaa character claims to have exploited this, but does not say how. The issue is that if do_pam_account() fails, do_authloop() will call packet_disconnect() with loginmsg as the format string (classic printf(foo) instead of printf("%s", foo) bug). The stuff that do_authloop() appends to loginmsg is harmless (the user

Nico Kadel-Garcia <nkadel at gmail.com> writes: > I'm just trying to figure out under what normal circumstances a > connection with X11 forwarding enabled wouldn't be owned by a user who > already has normal system privileges for ssh, sftp, and scp access. Some OS distributions (FreeBSD, RHEL / CentOS, probably Fedora) have X11Forwarding enabled by default. DES --

Hi, A question regarding chroot, internal-sftp, and time zones: Is it possible to get the time stamps presented by the chrooted internal-sftp to always be aligned with the system global time zone setting? What is the reason this not done by default, that is couldn't the chrooted internal-sftp inherit the time zone information from the SSH daemon? /John -- John Olsson Ericsson AB

Hi Team, I am just a curious individual user who reviewed the OpenSSH;not working for a company. I was just wondering why there is a restriction for chroot directory to be owned by root. The line of code below in session.c show them. The basic UNIX security permissions provide a sufficient access control. Have you guys found a way to bypass security if the directory is not owned by root? -