Andrej
2010-06-23 00:22:43 UTC
Hi Gents,
for about week now I've been trying to get the sftp chroot jail feature on
RHEL/Centos (5.4 / 5) going.
The behaviour differs a bit between 5.2 and 5.5.
While compiling openssh (and the newer openssl) was no problem,
and following a variety of tutorials (walk-throughs) seemed easy enough
I can't for the life of me figure out why y chrooted user(s) have no permission
to do anything at all in their jail directory, not even an 'ls'.
Details:
openssh version 5.2p1 & 5.5p1 respectively
./configure --exec-prefix=/usr --datarootdir=/usr/share
--sysconfdir=/etc/ssh --libexecdir=/usr/libexec/openssh
--datadir=/usr/share/openssh --with-tcp-wrappers
--with-default-path=/usr/local/bin:/bin:/usr/bin
--with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
--with-privsep-path=/var/empty/sshd --disable-strip
--without-zlib-version-check --with-ssl-engine -with-pka --with-nss
--with-pam --with-selinux --with-linux-audit --with-kerberos5
/etc/passwd:
000000000:x:1002:1002:SFTP chroot user:/sftransfers/000000000:/bin/true
000000001:x:1002:1002:SFTP chroot user:/sftransfers/000000001:/bin/bash
sshd_config:
# egrep -v "^ *#|^ *$" /etc/ssh/sshd_config
Protocol 2
SyslogFacility AUTHPRIV
PermitRootLogin no
PasswordAuthentication yes
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
UsePAM yes
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL
X11Forwarding yes
Subsystem sftp internal-sftp
Match Group sftransfers
ChrootDirectory %h
ForceCommand internal-sftp
perms:
# ls -l
total 146
drwxr-xr-x 2 root root 4096 Jun 18 04:09 bin
drwxr-xr-x 4 root root 1024 Jun 18 02:18 boot
drwxr-xr-x 12 root root 3820 Jun 22 00:23 dev
drwxr-xr-x 83 root root 4096 Jun 22 03:20 etc
drwxr-xr-x 5 root root 4096 Jan 27 10:43 home
drwxr-xr-x 13 root root 12288 Jun 19 04:10 lib
drwx------ 2 root root 16384 May 27 22:38 lost+found
drwxr-xr-x 2 root root 4096 Jan 27 10:43 media
drwxr-xr-x 2 root root 0 Jun 22 00:23 misc
drwxr-xr-x 2 root root 4096 Jan 27 10:43 mnt
drwxr-xr-x 2 root root 0 Jun 22 00:23 net
drwxr-xr-x 2 root root 4096 Jan 27 10:43 opt
dr-xr-xr-x 93 root root 0 Jun 22 00:22 proc
drwxr-x--- 10 root root 4096 Jun 22 21:05 root
drwxr-xr-x 2 root root 12288 Jun 18 04:09 sbin
drwxr-xr-x 4 root root 0 Jun 22 00:22 selinux
drwx------ 3 root root 4096 Jun 19 02:54 sftransfers
drwxr-xr-x 2 root root 4096 Jan 27 10:43 srv
drwxr-xr-x 11 root root 0 Jun 22 00:22 sys
drwxrwxrwt 3 root root 4096 Jun 23 04:02 tmp
drwxr-xr-x 13 root root 4096 Jun 18 02:16 usr
drwxr-xr-x 19 root root 4096 Jun 18 02:16 var
# ls -l /sftransfers
total 8
drwx------ 14 root root 4096 Jun 19 02:39 000000000
drwx------ 14 root root 4096 Jun 19 02:39 000000001
With 5.2 I see
on the client:
sftp ***@centos
Connecting to centos...
***@centos's password:
Read from remote host centos: Connection reset by peer
Couldn't read packet: Connection reset by peer
On the server:
==> secure <==
Jun 24 00:01:43 centos1 sshd[19662]: Accepted password for 000000000
from 10.68.66.17 port 50147 ssh2
Jun 24 00:01:44 centos1 sshd[19662]: pam_unix(sshd:session): session
opened for user 000000000 by (uid=0)
Jun 24 00:01:44 centos1 sshd[19664]: fatal: ssh_selinux_getctxbyname:
ssh_selinux_getctxbyname: security_getenforce() failed
Jun 24 00:01:44 centos1 sshd[19662]: pam_unix(sshd:session): session
closed for user 000000000
==> audit/audit.log <==
type=USER_ACCT msg=audit(1277290861.636:412): user pid=19533 uid=0
auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023
msg='PAM: accounting acct="root" : exe="/usr/sbin/crond" (hostname=?,
addr=?, terminal=cron res=success)'
type=CRED_ACQ msg=audit(1277290861.636:413): user pid=19533 uid=0
auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023
msg='PAM: setcred acct="root" : exe="/usr/sbin/crond" (hostname=?,
addr=?, terminal=cron res=success)'
type=LOGIN msg=audit(1277290861.641:414): login pid=19533 uid=0 old
auid=4294967295 new auid=0 old ses=4294967295 new ses=62
type=USER_START msg=audit(1277290861.646:415): user pid=19533 uid=0
auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session
open acct="root" : exe="/usr/sbin/crond" (hostname=?, addr=?,
terminal=cron res=success)'
type=CRED_DISP msg=audit(1277290861.675:416): user pid=19533 uid=0
auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred
acct="root" : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron
res=success)'
type=USER_END msg=audit(1277290861.676:417): user pid=19533 uid=0
auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session
close acct="root" : exe="/usr/sbin/crond" (hostname=?, addr=?,
terminal=cron res=success)'
type=USER_ACCT msg=audit(1277294461.804:418): user pid=19657 uid=0
auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023
msg='PAM: accounting acct="root" : exe="/usr/sbin/crond" (hostname=?,
addr=?, terminal=cron res=success)'
type=CRED_ACQ msg=audit(1277294461.805:419): user pid=19657 uid=0
auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023
msg='PAM: setcred acct="root" : exe="/usr/sbin/crond" (hostname=?,
addr=?, terminal=cron res=success)'
type=LOGIN msg=audit(1277294461.808:420): login pid=19657 uid=0 old
auid=4294967295 new auid=0 old ses=4294967295 new ses=63
type=USER_START msg=audit(1277294461.814:421): user pid=19657 uid=0
auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session
open acct="root" : exe="/usr/sbin/crond" (hostname=?, addr=?,
terminal=cron res=success)'
type=CRED_DISP msg=audit(1277294461.843:422): user pid=19657 uid=0
auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred
acct="root" : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron
res=success)'
type=USER_END msg=audit(1277294461.845:423): user pid=19657 uid=0
auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session
close acct="root" : exe="/usr/sbin/crond" (hostname=?, addr=?,
terminal=cron res=success)'
type=USER_AUTH msg=audit(1277294503.940:424): user pid=19662 uid=0
auid=679492 subj=user_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM:
authentication acct="000000000" : exe="/usr/sbin/sshd"
(hostname=client, addr=10.68.66.17, terminal=ssh res=success)'
type=USER_ACCT msg=audit(1277294503.981:425): user pid=19662 uid=0
auid=679492 subj=user_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM:
accounting acct="000000000" : exe="/usr/sbin/sshd" (hostname=client,
addr=10.68.66.17, terminal=ssh res=success)'
type=CRED_ACQ msg=audit(1277294504.031:426): user pid=19662 uid=0
auid=679492 subj=user_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM:
setcred acct="000000000" : exe="/usr/sbin/sshd" (hostname=client,
addr=10.68.66.17, terminal=ssh res=success)'
type=LOGIN msg=audit(1277294504.040:427): login pid=19662 uid=0 old
auid=679492 new auid=1002 old ses=1 new ses=64
type=USER_START msg=audit(1277294504.086:428): user pid=19662 uid=0
auid=1002 subj=user_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM:
session open acct="000000000" : exe="/usr/sbin/sshd" (hostname=client,
addr=10.68.66.17, terminal=ssh res=success)'
type=CRED_ACQ msg=audit(1277294504.137:429): user pid=19664 uid=0
auid=1002 subj=user_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM:
setcred acct="000000000" : exe="/usr/sbin/sshd" (hostname=client,
addr=10.68.66.17, terminal=ssh res=success)'
type=CRED_DISP msg=audit(1277294504.187:430): user pid=19662 uid=0
auid=1002 subj=user_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM:
setcred acct="000000000" : exe="/usr/sbin/sshd" (hostname=client,
addr=10.68.66.17, terminal=ssh res=success)'
type=USER_END msg=audit(1277294504.234:431): user pid=19662 uid=0
auid=1002 subj=user_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM:
session close acct="000000000" : exe="/usr/sbin/sshd"
(hostname=client, addr=10.68.66.17, terminal=ssh res=success)'
With 5.5 I see
on the client:
$ sftp ***@centos
Connecting to centos...
***@centos's password:
sftp> ls
Couldn't get handle: Permission denied
sftp>
$ sftp ***@centos
Connecting to centos...
***@centos's password:
sftp> ls
Couldn't get handle: Permission denied
sftp>
On the server:
==> secure <==
Jun 24 00:10:32 centos1 sshd[13709]: Received signal 15; terminating.
Jun 24 00:10:39 centos1 sshd[19820]: Server listening on :: port 22.
Jun 24 00:10:39 centos1 sshd[19820]: Server listening on 0.0.0.0 port 22.
Jun 24 00:10:54 centos1 sshd[19823]: Accepted password for 000000000
from 10.68.66.17 port 44427 ssh2
Jun 24 00:10:54 centos1 sshd[19823]: pam_unix(sshd:session): session
opened for user 000000000 by (uid=0)
Jun 24 00:10:55 centos1 sshd[19825]: subsystem request for sftp
==> audit/audit.log <==
type=USER_AUTH msg=audit(1277295054.778:432): user pid=19823 uid=0
auid=679492 subj=user_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM:
authentication acct="000000000" : exe="/usr/sbin/sshd"
(hostname=client, addr=10.68.66.17, terminal=ssh res=success)'
type=USER_ACCT msg=audit(1277295054.830:433): user pid=19823 uid=0
auid=679492 subj=user_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM:
accounting acct="000000000" : exe="/usr/sbin/sshd" (hostname=client,
addr=10.68.66.17, terminal=ssh res=success)'
type=CRED_ACQ msg=audit(1277295054.900:434): user pid=19823 uid=0
auid=679492 subj=user_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM:
setcred acct="000000000" : exe="/usr/sbin/sshd" (hostname=client,
addr=10.68.66.17, terminal=ssh res=success)'
type=LOGIN msg=audit(1277295054.912:435): login pid=19823 uid=0 old
auid=679492 new auid=1002 old ses=40 new ses=65
type=USER_START msg=audit(1277295054.956:436): user pid=19823 uid=0
auid=1002 subj=user_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM:
session open acct="000000000" : exe="/usr/sbin/sshd" (hostname=client,
addr=10.68.66.17, terminal=ssh res=success)'
type=CRED_ACQ msg=audit(1277295055.009:437): user pid=19825 uid=0
auid=1002 subj=user_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM:
setcred acct="000000000" : exe="/usr/sbin/sshd" (hostname=client,
addr=10.68.66.17, terminal=ssh res=success)'
Any pointers as to what I'm doing wrong, or how I can go about
finding out why this is failing would be greatly appreciated.
Cheers,
Andrej
for about week now I've been trying to get the sftp chroot jail feature on
RHEL/Centos (5.4 / 5) going.
The behaviour differs a bit between 5.2 and 5.5.
While compiling openssh (and the newer openssl) was no problem,
and following a variety of tutorials (walk-throughs) seemed easy enough
I can't for the life of me figure out why y chrooted user(s) have no permission
to do anything at all in their jail directory, not even an 'ls'.
Details:
openssh version 5.2p1 & 5.5p1 respectively
./configure --exec-prefix=/usr --datarootdir=/usr/share
--sysconfdir=/etc/ssh --libexecdir=/usr/libexec/openssh
--datadir=/usr/share/openssh --with-tcp-wrappers
--with-default-path=/usr/local/bin:/bin:/usr/bin
--with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
--with-privsep-path=/var/empty/sshd --disable-strip
--without-zlib-version-check --with-ssl-engine -with-pka --with-nss
--with-pam --with-selinux --with-linux-audit --with-kerberos5
/etc/passwd:
000000000:x:1002:1002:SFTP chroot user:/sftransfers/000000000:/bin/true
000000001:x:1002:1002:SFTP chroot user:/sftransfers/000000001:/bin/bash
sshd_config:
# egrep -v "^ *#|^ *$" /etc/ssh/sshd_config
Protocol 2
SyslogFacility AUTHPRIV
PermitRootLogin no
PasswordAuthentication yes
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
UsePAM yes
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL
X11Forwarding yes
Subsystem sftp internal-sftp
Match Group sftransfers
ChrootDirectory %h
ForceCommand internal-sftp
perms:
# ls -l
total 146
drwxr-xr-x 2 root root 4096 Jun 18 04:09 bin
drwxr-xr-x 4 root root 1024 Jun 18 02:18 boot
drwxr-xr-x 12 root root 3820 Jun 22 00:23 dev
drwxr-xr-x 83 root root 4096 Jun 22 03:20 etc
drwxr-xr-x 5 root root 4096 Jan 27 10:43 home
drwxr-xr-x 13 root root 12288 Jun 19 04:10 lib
drwx------ 2 root root 16384 May 27 22:38 lost+found
drwxr-xr-x 2 root root 4096 Jan 27 10:43 media
drwxr-xr-x 2 root root 0 Jun 22 00:23 misc
drwxr-xr-x 2 root root 4096 Jan 27 10:43 mnt
drwxr-xr-x 2 root root 0 Jun 22 00:23 net
drwxr-xr-x 2 root root 4096 Jan 27 10:43 opt
dr-xr-xr-x 93 root root 0 Jun 22 00:22 proc
drwxr-x--- 10 root root 4096 Jun 22 21:05 root
drwxr-xr-x 2 root root 12288 Jun 18 04:09 sbin
drwxr-xr-x 4 root root 0 Jun 22 00:22 selinux
drwx------ 3 root root 4096 Jun 19 02:54 sftransfers
drwxr-xr-x 2 root root 4096 Jan 27 10:43 srv
drwxr-xr-x 11 root root 0 Jun 22 00:22 sys
drwxrwxrwt 3 root root 4096 Jun 23 04:02 tmp
drwxr-xr-x 13 root root 4096 Jun 18 02:16 usr
drwxr-xr-x 19 root root 4096 Jun 18 02:16 var
# ls -l /sftransfers
total 8
drwx------ 14 root root 4096 Jun 19 02:39 000000000
drwx------ 14 root root 4096 Jun 19 02:39 000000001
With 5.2 I see
on the client:
sftp ***@centos
Connecting to centos...
***@centos's password:
Read from remote host centos: Connection reset by peer
Couldn't read packet: Connection reset by peer
On the server:
==> secure <==
Jun 24 00:01:43 centos1 sshd[19662]: Accepted password for 000000000
from 10.68.66.17 port 50147 ssh2
Jun 24 00:01:44 centos1 sshd[19662]: pam_unix(sshd:session): session
opened for user 000000000 by (uid=0)
Jun 24 00:01:44 centos1 sshd[19664]: fatal: ssh_selinux_getctxbyname:
ssh_selinux_getctxbyname: security_getenforce() failed
Jun 24 00:01:44 centos1 sshd[19662]: pam_unix(sshd:session): session
closed for user 000000000
==> audit/audit.log <==
type=USER_ACCT msg=audit(1277290861.636:412): user pid=19533 uid=0
auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023
msg='PAM: accounting acct="root" : exe="/usr/sbin/crond" (hostname=?,
addr=?, terminal=cron res=success)'
type=CRED_ACQ msg=audit(1277290861.636:413): user pid=19533 uid=0
auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023
msg='PAM: setcred acct="root" : exe="/usr/sbin/crond" (hostname=?,
addr=?, terminal=cron res=success)'
type=LOGIN msg=audit(1277290861.641:414): login pid=19533 uid=0 old
auid=4294967295 new auid=0 old ses=4294967295 new ses=62
type=USER_START msg=audit(1277290861.646:415): user pid=19533 uid=0
auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session
open acct="root" : exe="/usr/sbin/crond" (hostname=?, addr=?,
terminal=cron res=success)'
type=CRED_DISP msg=audit(1277290861.675:416): user pid=19533 uid=0
auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred
acct="root" : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron
res=success)'
type=USER_END msg=audit(1277290861.676:417): user pid=19533 uid=0
auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session
close acct="root" : exe="/usr/sbin/crond" (hostname=?, addr=?,
terminal=cron res=success)'
type=USER_ACCT msg=audit(1277294461.804:418): user pid=19657 uid=0
auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023
msg='PAM: accounting acct="root" : exe="/usr/sbin/crond" (hostname=?,
addr=?, terminal=cron res=success)'
type=CRED_ACQ msg=audit(1277294461.805:419): user pid=19657 uid=0
auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023
msg='PAM: setcred acct="root" : exe="/usr/sbin/crond" (hostname=?,
addr=?, terminal=cron res=success)'
type=LOGIN msg=audit(1277294461.808:420): login pid=19657 uid=0 old
auid=4294967295 new auid=0 old ses=4294967295 new ses=63
type=USER_START msg=audit(1277294461.814:421): user pid=19657 uid=0
auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session
open acct="root" : exe="/usr/sbin/crond" (hostname=?, addr=?,
terminal=cron res=success)'
type=CRED_DISP msg=audit(1277294461.843:422): user pid=19657 uid=0
auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred
acct="root" : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron
res=success)'
type=USER_END msg=audit(1277294461.845:423): user pid=19657 uid=0
auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session
close acct="root" : exe="/usr/sbin/crond" (hostname=?, addr=?,
terminal=cron res=success)'
type=USER_AUTH msg=audit(1277294503.940:424): user pid=19662 uid=0
auid=679492 subj=user_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM:
authentication acct="000000000" : exe="/usr/sbin/sshd"
(hostname=client, addr=10.68.66.17, terminal=ssh res=success)'
type=USER_ACCT msg=audit(1277294503.981:425): user pid=19662 uid=0
auid=679492 subj=user_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM:
accounting acct="000000000" : exe="/usr/sbin/sshd" (hostname=client,
addr=10.68.66.17, terminal=ssh res=success)'
type=CRED_ACQ msg=audit(1277294504.031:426): user pid=19662 uid=0
auid=679492 subj=user_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM:
setcred acct="000000000" : exe="/usr/sbin/sshd" (hostname=client,
addr=10.68.66.17, terminal=ssh res=success)'
type=LOGIN msg=audit(1277294504.040:427): login pid=19662 uid=0 old
auid=679492 new auid=1002 old ses=1 new ses=64
type=USER_START msg=audit(1277294504.086:428): user pid=19662 uid=0
auid=1002 subj=user_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM:
session open acct="000000000" : exe="/usr/sbin/sshd" (hostname=client,
addr=10.68.66.17, terminal=ssh res=success)'
type=CRED_ACQ msg=audit(1277294504.137:429): user pid=19664 uid=0
auid=1002 subj=user_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM:
setcred acct="000000000" : exe="/usr/sbin/sshd" (hostname=client,
addr=10.68.66.17, terminal=ssh res=success)'
type=CRED_DISP msg=audit(1277294504.187:430): user pid=19662 uid=0
auid=1002 subj=user_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM:
setcred acct="000000000" : exe="/usr/sbin/sshd" (hostname=client,
addr=10.68.66.17, terminal=ssh res=success)'
type=USER_END msg=audit(1277294504.234:431): user pid=19662 uid=0
auid=1002 subj=user_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM:
session close acct="000000000" : exe="/usr/sbin/sshd"
(hostname=client, addr=10.68.66.17, terminal=ssh res=success)'
With 5.5 I see
on the client:
$ sftp ***@centos
Connecting to centos...
***@centos's password:
sftp> ls
Couldn't get handle: Permission denied
sftp>
$ sftp ***@centos
Connecting to centos...
***@centos's password:
sftp> ls
Couldn't get handle: Permission denied
sftp>
On the server:
==> secure <==
Jun 24 00:10:32 centos1 sshd[13709]: Received signal 15; terminating.
Jun 24 00:10:39 centos1 sshd[19820]: Server listening on :: port 22.
Jun 24 00:10:39 centos1 sshd[19820]: Server listening on 0.0.0.0 port 22.
Jun 24 00:10:54 centos1 sshd[19823]: Accepted password for 000000000
from 10.68.66.17 port 44427 ssh2
Jun 24 00:10:54 centos1 sshd[19823]: pam_unix(sshd:session): session
opened for user 000000000 by (uid=0)
Jun 24 00:10:55 centos1 sshd[19825]: subsystem request for sftp
==> audit/audit.log <==
type=USER_AUTH msg=audit(1277295054.778:432): user pid=19823 uid=0
auid=679492 subj=user_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM:
authentication acct="000000000" : exe="/usr/sbin/sshd"
(hostname=client, addr=10.68.66.17, terminal=ssh res=success)'
type=USER_ACCT msg=audit(1277295054.830:433): user pid=19823 uid=0
auid=679492 subj=user_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM:
accounting acct="000000000" : exe="/usr/sbin/sshd" (hostname=client,
addr=10.68.66.17, terminal=ssh res=success)'
type=CRED_ACQ msg=audit(1277295054.900:434): user pid=19823 uid=0
auid=679492 subj=user_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM:
setcred acct="000000000" : exe="/usr/sbin/sshd" (hostname=client,
addr=10.68.66.17, terminal=ssh res=success)'
type=LOGIN msg=audit(1277295054.912:435): login pid=19823 uid=0 old
auid=679492 new auid=1002 old ses=40 new ses=65
type=USER_START msg=audit(1277295054.956:436): user pid=19823 uid=0
auid=1002 subj=user_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM:
session open acct="000000000" : exe="/usr/sbin/sshd" (hostname=client,
addr=10.68.66.17, terminal=ssh res=success)'
type=CRED_ACQ msg=audit(1277295055.009:437): user pid=19825 uid=0
auid=1002 subj=user_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM:
setcred acct="000000000" : exe="/usr/sbin/sshd" (hostname=client,
addr=10.68.66.17, terminal=ssh res=success)'
Any pointers as to what I'm doing wrong, or how I can go about
finding out why this is failing would be greatly appreciated.
Cheers,
Andrej
--
Please don't top post, and don't use HTML e-Mail :} Make your quotes concise.
http://www.georgedillon.com/web/html_email_is_evil.shtml
Please don't top post, and don't use HTML e-Mail :} Make your quotes concise.
http://www.georgedillon.com/web/html_email_is_evil.shtml