Secure Shell
Problem with match address: Apr 23 2011 08:38AM
Nadid Skywalker (nadid skywalker gmail com)
Hi Im new in the list, I have two questions:

First, how can i search past messages for the list? I mean im sure
this question has been asked before so i would like to search over to
find it.

Second i have my sshd_config file with this:

Match address 172.30.34.0/24
AllowTcpForwarding yes
ChrootDirectory none

Match address !172.30.34.0/24
ChrootDirectory /home
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

But it seams to ignore de Chroot sentence. What am i doing wrong?. If
i change that with:

Match group sftponly
ChrootDirectory /home
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

Works perfect and gets chrooted to the /home folder.

Apr 23 10:29:42 host sshd[4932]: Connection from 87.221.192.89 port 8064
Apr 23 10:29:42 host sshd[4932]: debug1: Client protocol version 2.0;
client software version PuTTY_Release_0.60
Apr 23 10:29:42 host sshd[4932]: debug1: no match: PuTTY_Release_0.60
Apr 23 10:29:42 host sshd[4932]: debug1: Enabling compatibility mode
for protocol 2.0
Apr 23 10:29:42 host sshd[4932]: debug1: Local version string
SSH-2.0-OpenSSH_5.5p1 Debian-6
Apr 23 10:29:43 host sshd[4932]: debug1: PAM: initializing for "user"
Apr 23 10:29:43 host sshd[4932]: debug1: PAM: setting PAM_RHOST to
"89.192.221.87.dynamic.jazztel.es"
Apr 23 10:29:43 host sshd[4932]: debug1: PAM: setting PAM_TTY to "ssh"
Apr 23 10:29:43 host sshd[4932]: Failed none for user from
87.221.192.89 port 8064 ssh2
Apr 23 10:29:45 host sshd[4932]: debug1: PAM: password authentication
accepted for user
Apr 23 10:29:45 host sshd[4932]: debug1: do_pam_account: called
Apr 23 10:29:45 host sshd[4932]: Accepted password for user from
87.221.192.89 port 8064 ssh2
Apr 23 10:29:45 host sshd[4932]: debug1: monitor_child_preauth: user
has been authenticated by privileged process
Apr 23 10:29:45 host sshd[4932]: debug1: PAM: establishing credentials
Apr 23 10:29:45 host sshd[4932]: pam_unix(sshd:session): session
opened for user user by (uid=0)
Apr 23 10:29:45 host sshd[4932]: User child is on pid 4934
Apr 23 10:29:45 host sshd[4934]: debug1: SELinux support disabled
Apr 23 10:29:45 host sshd[4934]: debug1: PAM: establishing credentials
Apr 23 10:29:45 host sshd[4934]: debug1: permanently_set_uid: 1000/1000
Apr 23 10:29:45 host sshd[4934]: debug1: Entering interactive session for SSH2.
Apr 23 10:29:45 host sshd[4934]: debug1: server_init_dispatch_20
Apr 23 10:29:45 host sshd[4934]: debug1: server_input_channel_open:
ctype session rchan 256 win 16384 max 16384
Apr 23 10:29:45 host sshd[4934]: debug1: input_session_request
Apr 23 10:29:45 host sshd[4934]: debug1: channel 0: new [server-session]
Apr 23 10:29:45 host sshd[4934]: debug1: session_new: session 0
Apr 23 10:29:45 host sshd[4934]: debug1: session_open: channel 0
Apr 23 10:29:45 host sshd[4934]: debug1: session_open: session 0: link
with channel 0
Apr 23 10:29:45 host sshd[4934]: debug1: server_input_channel_open:
confirm session
Apr 23 10:29:45 host sshd[4934]: debug1: server_input_channel_req:
channel 0 request pty-req reply 1
Apr 23 10:29:45 host sshd[4934]: debug1: session_by_channel: session 0 channel 0
Apr 23 10:29:45 host sshd[4934]: debug1: session_input_channel_req:
session 0 req pty-req
Apr 23 10:29:45 host sshd[4934]: debug1: Allocating pty.
Apr 23 10:29:45 host sshd[4932]: debug1: session_new: session 0
Apr 23 10:29:45 host sshd[4932]: debug1: SELinux support disabled
Apr 23 10:29:45 host sshd[4934]: debug1: session_pty_req: session 0
alloc /dev/pts/0
Apr 23 10:29:45 host sshd[4934]: debug1: server_input_channel_req:
channel 0 request shell reply 1
Apr 23 10:29:45 host sshd[4934]: debug1: session_by_channel: session 0 channel 0
Apr 23 10:29:45 host sshd[4934]: debug1: session_input_channel_req:
session 0 req shell
Apr 23 10:29:45 host sshd[4935]: debug1: Setting controlling tty using
TIOCSCTTY.

What am i doing wrong?

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus