HPE Community
Operating System - HP-UX
1833857 Members
3509 Online
110063 Solutions
New Discussion

Re: public key auth. by SFTP does not work on chrooted accounts

 
Haralambos
Advisor

‎01-20-2006 08:47 AM

‎01-20-2006 08:47 AM

public key auth. by SFTP does not work on chrooted accounts

Hello,

I am using an SSH 3.91 server on HP-UX 11i.

I have used the HP provided script, ssh_chroot_setup.sh, to set up an chrooted sftp account.

My problem is that when I sftp into the account I am only being authenticated for passwd, which if I provide I am successfully login in. But, I want to use public key authentication instead. Is this doable? Where should the .ssh dir go?

I tried adding .ssh under the chrooted home account but sftp does not seem to be seeing it.

regards,
haralambos.

PS. The ssh_chroot_setup.sh, even the one that comes with HPUX 4.2p1 seems to be not seting the chrooted dir structures right. It gives 777 perms to a lot of dirs, the group file is not set, the passwd file does not contain the user's entry & the user does not own his chrooted home dir. All of this I fixed and I can use sftp just fine; except of course the authentcation part.
0 Kudos
4 REPLIES 4
Sanjay_6
Honored Contributor

‎01-20-2006 09:57 AM

‎01-20-2006 09:57 AM

Re: public key auth. by SFTP does not work on chrooted accounts

Hi,

I would guess that the .ssh2 directory should go into the newhome for the chrooted user.

Say the user home directory after chrooted conenctionis /new_home

the .ssh2 directory should go under /new_home

If the /new_home is "/" then the .ssh2 will be /.ssh2 for the chrooted user. Remember "/" in this situation is the chrooted root for the user and not the real "/".

Hope this helps.

regds
0 Kudos
Haralambos
Advisor

‎01-23-2006 02:07 AM

‎01-23-2006 02:07 AM

Re: public key auth. by SFTP does not work on chrooted accounts

Yes indeed it workds. I must have done something wrong the other day; either with the .ssh ownership or the permissions.

So, I have created /newroot/home/sftpaccnt/.ssh and have added the authorized_keys file in there. The sftpaccnt user owns the authorized file which has 600 perms on it.

So, now my chrooted account is first being prompted for public key authentication and passwd authentication is the fallback one.

thanks for your input.

Haralambos

0 Kudos
Haralambos
Advisor

‎01-23-2006 02:10 AM

‎01-23-2006 02:10 AM

Re: public key auth. by SFTP does not work on chrooted accounts

problem fixed.

Just amazed though that the ssh_chroot_setup.sh is not creating dirs and files with correct perms and data.

regards

ps. Another thing that I did today is to restart sshd, something that I did not do after I created the chrooted sftp accnt. Even though I do not thing that this was the problem, I would still like to mention it.
0 Kudos
Haralambos
Advisor

‎01-23-2006 02:21 AM

‎01-23-2006 02:21 AM

Re: public key auth. by SFTP does not work on chrooted accounts

closing
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.