user@notty for virtual users on ssh

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

user@notty for virtual users on ssh

Postby kamihacker » Fri Jan 02, 2004 5:58 am

greetings, I'm using grsecurity (no ACLs activated yet) on my ensim based virtualhosting server

I already disabled the no mount chroot restriction in order to get ssh working as mentioned in post on this forum, but now I get no shell when I try to log in with ssh with virtual user (created for a specific domain hosted on the server)

the process name look like this

sshd: user@notty

would anyone give me a hint on what do I have to disable to get this working?

thx in advance

CR
kamihacker
 
Posts: 10
Joined: Fri Jan 02, 2004 5:52 am

Postby Sleight of Mind » Sat Jan 03, 2004 12:53 pm

read your logs, grsec will tell you what's wrong. Most likely the answer is in there.
Sleight of Mind
 
Posts: 92
Joined: Tue Apr 08, 2003 10:41 am

this what I get (same thing for a sendmail problem)

Postby kamihacker » Mon Jan 05, 2004 10:59 pm

Jan 5 23:10:37 shirley kernel: grsec: From 64.86.23.71: denied connect to abstract AF_UNIX socket outside of chroot by (sshd:3332) UID(0) EUID(0), parent (sshd:5059) UID(0) EUID(0)
Jan 5 23:10:37 shirley kernel: grsec: From 64.86.23.71: denied connect to abstract AF_UNIX socket outside of chroot by (sshd:3332) UID(0) EUID(0), parent (sshd:5059) UID(0) EUID(0)
Jan 5 23:10:37 shirley sshd[3332]: sendto failed 1 : Operation not permitted

any clues?

beats me since I'm no kernel literate
kamihacker
 
Posts: 10
Joined: Fri Jan 02, 2004 5:52 am

already found it on the kernel config

Postby kamihacker » Mon Jan 05, 2004 11:17 pm

Deny access to abstract AF_UNIX sockets out of chroot (NEW)

sorry hadn't checked
kamihacker
 
Posts: 10
Joined: Fri Jan 02, 2004 5:52 am


Return to grsecurity support