API tools faq
paste
Guest User

Untitled

a guest
Sep 23rd, 2016
82
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.68 KB | None | 0 0
raw download clone embed print report
  1. $ grep root /etc/passwd
  2. root:x:0:0:root:/root:/bin/bash
  3.  
  4. $ ssh root@NAS
  5. root@NAS's password:
  6. Last login: Sun Dec 16 14:06:56 2012 from desktop
  7. #
  8.  
  9. $ grep joeuser /etc/passwd
  10. joeuser:x:1029:100:Joe User:/home/joeuser:/bin/bash
  11.  
  12. $ ssh joeuser@localhost
  13. joeuser@NAS's password:
  14. Last login: Sun Dec 16 14:07:22 2012 from desktop
  15. Permission denied, please try again.
  16. Connection to localhost closed.
  17.  
  18. $ grep joeuser /etc/passwd
  19. joeuser:x:1029:100:Joe User:/home/joeuser:/bin/sh
  20.  
  21. $ ssh joeuser@localhost
  22. Last login: Sun Dec 16 15:50:52 2012 from localhost
  23. $
  24.  
  25. LogLevel DEBUG
  26. LoginGraceTime 2m
  27. PermitRootLogin yes
  28. RSAAuthentication yes
  29. PubkeyAuthentication yes
  30. AuthorizedKeysFile %h/.ssh/authorized_keys
  31. ChallengeResponseAuthentication no
  32. UsePAM yes
  33. AllowTcpForwarding no
  34. ChrootDirectory none
  35. Subsystem sftp internal-sftp -f DAEMON -u 000
  36.  
  37. debug1: Config token is loglevel
  38. debug1: Config token is logingracetime
  39. debug1: Config token is permitrootlogin
  40. debug1: Config token is rsaauthentication
  41. debug1: Config token is pubkeyauthentication
  42. debug1: Config token is authorizedkeysfile
  43. debug1: Config token is challengeresponseauthentication
  44. debug1: Config token is usepam
  45. debug1: Config token is allowtcpforwarding
  46. debug1: Config token is chrootdirectory
  47. debug1: Config token is subsystem
  48. debug1: HPN Buffer Size: 87380
  49. debug1: sshd version OpenSSH_5.8p1-hpn13v11
  50. debug1: read PEM private key done: type RSA
  51. debug1: private host key: #0 type 1 RSA
  52. debug1: read PEM private key done: type DSA
  53. debug1: private host key: #1 type 2 DSA
  54. debug1: read PEM private key done: type ECDSA
  55. debug1: private host key: #2 type 3 ECDSA
  56. debug1: rexec_argv[0]='/usr/syno/sbin/sshd'
  57. debug1: rexec_argv[1]='-d'
  58. Set /proc/self/oom_adj from 0 to -17
  59. debug1: Bind to port 22 on ::.
  60. debug1: Server TCP RWIN socket size: 87380
  61. debug1: HPN Buffer Size: 87380
  62. Server listening on :: port 22.
  63. debug1: Bind to port 22 on 0.0.0.0.
  64. debug1: Server TCP RWIN socket size: 87380
  65. debug1: HPN Buffer Size: 87380
  66. Server listening on 0.0.0.0 port 22.
  67.  
  68. debug1: Server will not fork when running in debugging mode.
  69. debug1: rexec start in 6 out 6 newsock 6 pipe -1 sock 9
  70. debug1: inetd sockets after dupping: 4, 4
  71. Connection from 127.0.0.1 port 52212
  72. debug1: HPN Disabled: 0, HPN Buffer Size: 87380
  73. debug1: Client protocol version 2.0; client software version OpenSSH_5.8p1-hpn13v11
  74. SSH: Server;Ltype: Version;Remote: 127.0.0.1-52212;Protocol: 2.0;Client: OpenSSH_5.8p1-hpn13v11
  75. debug1: match: OpenSSH_5.8p1-hpn13v11 pat OpenSSH*
  76. debug1: Enabling compatibility mode for protocol 2.0
  77. debug1: Local version string SSH-2.0-OpenSSH_5.8p1-hpn13v11
  78. debug1: permanently_set_uid: 1024/100
  79. debug1: MYFLAG IS 1
  80. debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
  81. debug1: SSH2_MSG_KEXINIT sent
  82. debug1: SSH2_MSG_KEXINIT received
  83. debug1: AUTH STATE IS 0
  84. debug1: REQUESTED ENC.NAME is 'aes128-ctr'
  85. debug1: kex: client->server aes128-ctr hmac-md5 none
  86. SSH: Server;Ltype: Kex;Remote: 127.0.0.1-52212;Enc: aes128-ctr;MAC: hmac-md5;Comp: none
  87. debug1: REQUESTED ENC.NAME is 'aes128-ctr'
  88. debug1: kex: server->client aes128-ctr hmac-md5 none
  89. debug1: expecting SSH2_MSG_KEX_ECDH_INIT
  90. debug1: SSH2_MSG_NEWKEYS sent
  91. debug1: expecting SSH2_MSG_NEWKEYS
  92. debug1: SSH2_MSG_NEWKEYS received
  93. debug1: KEX done
  94. debug1: userauth-request for user joeuser service ssh-connection method none
  95. SSH: Server;Ltype: Authname;Remote: 127.0.0.1-52212;Name: joeuser
  96. debug1: attempt 0 failures 0
  97. debug1: Config token is loglevel
  98. debug1: Config token is logingracetime
  99. debug1: Config token is permitrootlogin
  100. debug1: Config token is rsaauthentication
  101. debug1: Config token is pubkeyauthentication
  102. debug1: Config token is authorizedkeysfile
  103. debug1: Config token is challengeresponseauthentication
  104. debug1: Config token is usepam
  105. debug1: Config token is allowtcpforwarding
  106. debug1: Config token is chrootdirectory
  107. debug1: Config token is subsystem
  108. debug1: PAM: initializing for "joeuser"
  109. debug1: PAM: setting PAM_RHOST to "localhost"
  110. debug1: PAM: setting PAM_TTY to "ssh"
  111. debug1: userauth-request for user joeuser service ssh-connection method password
  112. debug1: attempt 1 failures 0
  113. debug1: do_pam_account: called
  114. Accepted password for joeuser from 127.0.0.1 port 52212 ssh2
  115. debug1: monitor_child_preauth: joeuser has been authenticated by privileged process
  116. debug1: PAM: establishing credentials
  117. User child is on pid 9129
  118. debug1: Entering interactive session for SSH2.
  119. debug1: server_init_dispatch_20
  120. debug1: server_input_channel_open: ctype session rchan 0 win 65536 max 16384
  121. debug1: input_session_request
  122. debug1: channel 0: new [server-session]
  123. debug1: session_new: session 0
  124. debug1: session_open: channel 0
  125. debug1: session_open: session 0: link with channel 0
  126. debug1: server_input_channel_open: confirm session
  127. debug1: server_input_global_request: rtype no-more-sessions@openssh.com want_reply 0
  128. debug1: server_input_channel_req: channel 0 request pty-req reply 1
  129. debug1: session_by_channel: session 0 channel 0
  130. debug1: session_input_channel_req: session 0 req pty-req
  131. debug1: Allocating pty.
  132. debug1: session_new: session 0
  133. debug1: session_pty_req: session 0 alloc /dev/pts/1
  134. debug1: server_input_channel_req: channel 0 request shell reply 1
  135. debug1: session_by_channel: session 0 channel 0
  136. debug1: session_input_channel_req: session 0 req shell
  137. debug1: Setting controlling tty using TIOCSCTTY.
  138.  
  139. debug1: Received SIGCHLD.
  140. debug1: session_by_pid: pid 9130
  141. debug1: session_exit_message: session 0 channel 0 pid 9130
  142. debug1: session_exit_message: release channel 0
  143. debug1: session_by_tty: session 0 tty /dev/pts/1
  144. debug1: session_pty_cleanup: session 0 release /dev/pts/1
  145. Received disconnect from 127.0.0.1: 11: disconnected by user
  146. debug1: do_cleanup
  147. debug1: do_cleanup
  148. debug1: PAM: cleanup
  149. debug1: PAM: closing session
  150. debug1: PAM: deleting credentials
  151.  
  152. # bash --version
  153. GNU bash, version 3.2.49(1)-release (arm-none-linux-gnueabi)
  154. Copyright (C) 2007 Free Software Foundation, Inc.
  155.  
  156. $ ls -la /bin/bash
  157. -rwxr-xr-x 1 root root 724676 Dec 15 23:57 /bin/bash
  158.  
  159. $ file /bin/bash
  160. /bin/bash: ELF 32-bit LSB executable, ARM, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.14, stripped
  161.  
  162. $ uname -a
  163. Linux NAS 2.6.32.12 #2661 Mon Nov 12 23:10:15 CST 2012 armv5tel GNU/Linux synology_88f6282_212+
  164.  
  165. $ grep bash /etc/shells
  166. /bin/bash
  167. /bin/bash2
  168.  
  169. void do_child(Session *s, const char *command)
  170. {
  171. ...
  172.  
  173. #ifdef MY_ABC_HERE
  174. char szValue[8];
  175. int RunSSH = 0;
  176. SSH_CMD SSHCmd = REQ_UNKNOWN;
  177.  
  178. if (1 == GetKeyValue("/etc/synoinfo.conf", "runssh", szValue, sizeof(szValue))) {
  179. if (strcasecmp(szValue, "yes") == 0) {
  180. RunSSH = 1;
  181. }
  182. }
  183.  
  184. if (IsSFTPReq(command)){
  185. SSHCmd = REQ_SFTP;
  186. } else if (IsRsyncReq(command)){
  187. SSHCmd = REQ_RSYNC;
  188. } else if (IsTimebkpRequest(command)){
  189. SSHCmd = REQ_TIMEBKP;
  190. } else if (RunSSH && IsAllowShell(pw)){
  191. SSHCmd = REQ_SHELL;
  192. } else {
  193. goto Err;
  194. }
  195.  
  196. if (REQ_RSYNC == SSHCmd) {
  197. pw = SYNOChgValForRsync(pw);
  198. }
  199. if (!SSHCanLogin(SSHCmd, pw)) {
  200. goto Err;
  201. }
  202. goto Pass;
  203.  
  204. Err:
  205. fprintf(stderr, "Permission denied, please try again.n");
  206. exit(1);
  207.  
  208. Pass:
  209. #endif /* MY_ABC_HERE */
  210. ...
  211. }
  212.  
  213. static int IsAllowShell(const struct passwd *pw)
  214. {
  215. struct passwd *pUnPrivilege = NULL;
  216. char *szUserName = NULL;
  217. if (!pw || !pw->pw_name) {
  218. return 0;
  219. }
  220. szUserName = pw->pw_name;
  221. if(!strcmp(szUserName, "root") || !strcmp(szUserName, "admin")){
  222. return 1;
  223. }
  224. if (NULL != (pUnPrivilege = getpwnam(szUserName))){
  225. if (!strcmp(pUnPrivilege->pw_shell, "/bin/sh") ||
  226. !strcmp(pUnPrivilege->pw_shell, "/bin/ash")) {
  227. return 1;
  228. }
  229. }
  230. return 0;
  231. }
  232.  
  233. [ -x /opt/bin/bash ] && exec /opt/bin/bash
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!