[Ubuntu-server] chroot sftp + ssh

Kusajika · Le 23/01/2014, à 21:00

Bonsoir, je rencontre pas mal de soucis pour chroot les utilisateurs lorsqu'ils se connectent sur le port 22, j'ai test pas mal de chose dans mon fichier sshd_config dont mettre:

ChrootDirectory /var/rien

qui a été évoqué sur ce forum mais j'ai l’erreur suivante en me connectant

respinfo@respinfo-ndsion:~$ ssh administrateur@192.168.121.99
administrateur@192.168.121.99's password:
Write failed: Broken pipe

Lorsque j'essai d'activer le chroot en faisant:

ssh: connect to host 192.168.121.99 port 22: Connection refused
respinfo@respinfo-ndsion:~$ ssh -v administrateur@192.168.121.99
OpenSSH_6.2p2 Ubuntu-6ubuntu0.1, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.121.99 [192.168.121.99] port 22.
debug1: Connection established.
debug1: identity file /home/respinfo/.ssh/id_rsa type -1
debug1: identity file /home/respinfo/.ssh/id_rsa-cert type -1
debug1: identity file /home/respinfo/.ssh/id_dsa type -1
debug1: identity file /home/respinfo/.ssh/id_dsa-cert type -1
debug1: identity file /home/respinfo/.ssh/id_ecdsa type -1
debug1: identity file /home/respinfo/.ssh/id_ecdsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2p2 Ubuntu-6ubuntu0.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2p2 Ubuntu-6ubuntu0.1
debug1: match: OpenSSH_6.2p2 Ubuntu-6ubuntu0.1 pat OpenSSH*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 77:6b:d1:74:69:eb:ed:ff:73:87:99:4c:9b:11:2a:fa
debug1: Host '192.168.121.99' is known and matches the ECDSA host key.
debug1: Found key in /home/respinfo/.ssh/known_hosts:2
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/respinfo/.ssh/id_rsa
debug1: Trying private key: /home/respinfo/.ssh/id_dsa
debug1: Trying private key: /home/respinfo/.ssh/id_ecdsa
debug1: Next authentication method: password
administrateur@192.168.121.99's password:
debug1: Authentication succeeded (password).
Authenticated to 192.168.121.99 ([192.168.121.99]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = fr_FR.UTF-8
Last login: Tue Jan 21 16:31:31 2014

Je ne sais vraiment plus quoi faire...

Kusajika · Le 23/01/2014, à 22:14

Merci pour l'info je vais tester ça ,
le problème c'est qu'a l'origine je voulais chroot les utilisateur dans leurs /home en mettant /home/%u mais ça n'a pas été possible, lorsque je met :

 Subsystem sftp internal-sftp
 Match group sftp
     ChrootDirectory /home/%u
     ForceCommand internal-sftp
     AllowTcpForwarding no
     X11forwarding no

dans mon sshd_config alors le service fail au démarrage et me met comme erreur la ligne Subsystem sftp internal-sftp ....

Ubuntu-fr

Navigation

Liens de recherche

Annonce

#1 Le 23/01/2014, à 21:00

[Ubuntu-server] chroot sftp + ssh

#2 Le 23/01/2014, à 22:14

Re : [Ubuntu-server] chroot sftp + ssh

Pied de page des forums