Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- addgroup echoonly
- CHROOT=/var/chroot/echo
- mkdir -p "$CHROOT"
- chown root:root /var/chroot "$CHROOT"
- # dependig on distro it might be /usr/bin/cat -> check with `which echo`
- useradd -d "$CHROOT" -s /bin/cat -M -N -g echoonly echo
- passwd -d echo # make account passwordless
- # Let's make chroot
- mkdir -p "$CHROOT"/var/chroot/echo
- mkdir -p "$CHROOT"/bin
- cp /bin/cat "$CHROOT"/bin/echo
- mkdir "$CHROOT"/dev/pts
- echo '/dev/pts "$CHROOT"/dev/pts none defaults,bind 0 0' >> /etc/fstab
- mount "$CHROOT"/dev/pts
- $ $EDITOR /etc/ssh/sshd_config # add:
- # based on https://goo.gl/TjhrWd
- Match user echo
- ChrootDirectory /var/chroot/cat
- X11Forwarding no
- AllowTcpForwarding no
- ForceCommand /bin/echo
- PasswordAuthentication yes
- PermitEmptyPasswords yes
- ssh echo@1.2.3.4
- echo@1.2.3.4's password:
- Permission denied, please try again.
- /usr/sbin/sshd -ddd -p 1234
- (...)
- debug1: userauth-request for user echo service ssh-connection method password [preauth]
- debug1: attempt 2 failures 1 [preauth]
- debug2: input_userauth_request: try method password [preauth]
- debug3: mm_auth_password entering [preauth]
- debug3: mm_request_send entering: type 12 [preauth]
- debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD [preauth]
- debug3: mm_request_receive_expect entering: type 13 [preauth]
- debug3: mm_request_receive entering [preauth]
- debug3: mm_request_receive entering
- debug3: monitor_read: checking request 12
- debug3: PAM: sshpam_passwd_conv called with 1 messages
- debug1: PAM: password authentication failed for echo: Authentication failure
- debug3: mm_answer_authpassword: sending result 0
- debug3: mm_request_send entering: type 13
- Failed password for echo from 192.168.1.1 port 43816 ssh2
- debug3: mm_auth_password: user not authenticated [preauth]
- debug3: userauth_finish: failure partial=0 next methods="publickey,password" [preauth]
- sudo sed -i 's/nullok_secure/nullok/' /etc/pam.d/common-auth
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement