Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- $ grep root /etc/passwd
- root:x:0:0:root:/root:/bin/bash
- $ ssh root@NAS
- root@NAS's password:
- Last login: Sun Dec 16 14:06:56 2012 from desktop
- #
- $ grep joeuser /etc/passwd
- joeuser:x:1029:100:Joe User:/home/joeuser:/bin/bash
- $ ssh joeuser@localhost
- joeuser@NAS's password:
- Last login: Sun Dec 16 14:07:22 2012 from desktop
- Permission denied, please try again.
- Connection to localhost closed.
- $ grep joeuser /etc/passwd
- joeuser:x:1029:100:Joe User:/home/joeuser:/bin/sh
- $ ssh joeuser@localhost
- Last login: Sun Dec 16 15:50:52 2012 from localhost
- $
- LogLevel DEBUG
- LoginGraceTime 2m
- PermitRootLogin yes
- RSAAuthentication yes
- PubkeyAuthentication yes
- AuthorizedKeysFile %h/.ssh/authorized_keys
- ChallengeResponseAuthentication no
- UsePAM yes
- AllowTcpForwarding no
- ChrootDirectory none
- Subsystem sftp internal-sftp -f DAEMON -u 000
- debug1: Config token is loglevel
- debug1: Config token is logingracetime
- debug1: Config token is permitrootlogin
- debug1: Config token is rsaauthentication
- debug1: Config token is pubkeyauthentication
- debug1: Config token is authorizedkeysfile
- debug1: Config token is challengeresponseauthentication
- debug1: Config token is usepam
- debug1: Config token is allowtcpforwarding
- debug1: Config token is chrootdirectory
- debug1: Config token is subsystem
- debug1: HPN Buffer Size: 87380
- debug1: sshd version OpenSSH_5.8p1-hpn13v11
- debug1: read PEM private key done: type RSA
- debug1: private host key: #0 type 1 RSA
- debug1: read PEM private key done: type DSA
- debug1: private host key: #1 type 2 DSA
- debug1: read PEM private key done: type ECDSA
- debug1: private host key: #2 type 3 ECDSA
- debug1: rexec_argv[0]='/usr/syno/sbin/sshd'
- debug1: rexec_argv[1]='-d'
- Set /proc/self/oom_adj from 0 to -17
- debug1: Bind to port 22 on ::.
- debug1: Server TCP RWIN socket size: 87380
- debug1: HPN Buffer Size: 87380
- Server listening on :: port 22.
- debug1: Bind to port 22 on 0.0.0.0.
- debug1: Server TCP RWIN socket size: 87380
- debug1: HPN Buffer Size: 87380
- Server listening on 0.0.0.0 port 22.
- debug1: Server will not fork when running in debugging mode.
- debug1: rexec start in 6 out 6 newsock 6 pipe -1 sock 9
- debug1: inetd sockets after dupping: 4, 4
- Connection from 127.0.0.1 port 52212
- debug1: HPN Disabled: 0, HPN Buffer Size: 87380
- debug1: Client protocol version 2.0; client software version OpenSSH_5.8p1-hpn13v11
- SSH: Server;Ltype: Version;Remote: 127.0.0.1-52212;Protocol: 2.0;Client: OpenSSH_5.8p1-hpn13v11
- debug1: match: OpenSSH_5.8p1-hpn13v11 pat OpenSSH*
- debug1: Enabling compatibility mode for protocol 2.0
- debug1: Local version string SSH-2.0-OpenSSH_5.8p1-hpn13v11
- debug1: permanently_set_uid: 1024/100
- debug1: MYFLAG IS 1
- debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
- debug1: SSH2_MSG_KEXINIT sent
- debug1: SSH2_MSG_KEXINIT received
- debug1: AUTH STATE IS 0
- debug1: REQUESTED ENC.NAME is 'aes128-ctr'
- debug1: kex: client->server aes128-ctr hmac-md5 none
- SSH: Server;Ltype: Kex;Remote: 127.0.0.1-52212;Enc: aes128-ctr;MAC: hmac-md5;Comp: none
- debug1: REQUESTED ENC.NAME is 'aes128-ctr'
- debug1: kex: server->client aes128-ctr hmac-md5 none
- debug1: expecting SSH2_MSG_KEX_ECDH_INIT
- debug1: SSH2_MSG_NEWKEYS sent
- debug1: expecting SSH2_MSG_NEWKEYS
- debug1: SSH2_MSG_NEWKEYS received
- debug1: KEX done
- debug1: userauth-request for user joeuser service ssh-connection method none
- SSH: Server;Ltype: Authname;Remote: 127.0.0.1-52212;Name: joeuser
- debug1: attempt 0 failures 0
- debug1: Config token is loglevel
- debug1: Config token is logingracetime
- debug1: Config token is permitrootlogin
- debug1: Config token is rsaauthentication
- debug1: Config token is pubkeyauthentication
- debug1: Config token is authorizedkeysfile
- debug1: Config token is challengeresponseauthentication
- debug1: Config token is usepam
- debug1: Config token is allowtcpforwarding
- debug1: Config token is chrootdirectory
- debug1: Config token is subsystem
- debug1: PAM: initializing for "joeuser"
- debug1: PAM: setting PAM_RHOST to "localhost"
- debug1: PAM: setting PAM_TTY to "ssh"
- debug1: userauth-request for user joeuser service ssh-connection method password
- debug1: attempt 1 failures 0
- debug1: do_pam_account: called
- Accepted password for joeuser from 127.0.0.1 port 52212 ssh2
- debug1: monitor_child_preauth: joeuser has been authenticated by privileged process
- debug1: PAM: establishing credentials
- User child is on pid 9129
- debug1: Entering interactive session for SSH2.
- debug1: server_init_dispatch_20
- debug1: server_input_channel_open: ctype session rchan 0 win 65536 max 16384
- debug1: input_session_request
- debug1: channel 0: new [server-session]
- debug1: session_new: session 0
- debug1: session_open: channel 0
- debug1: session_open: session 0: link with channel 0
- debug1: server_input_channel_open: confirm session
- debug1: server_input_global_request: rtype no-more-sessions@openssh.com want_reply 0
- debug1: server_input_channel_req: channel 0 request pty-req reply 1
- debug1: session_by_channel: session 0 channel 0
- debug1: session_input_channel_req: session 0 req pty-req
- debug1: Allocating pty.
- debug1: session_new: session 0
- debug1: session_pty_req: session 0 alloc /dev/pts/1
- debug1: server_input_channel_req: channel 0 request shell reply 1
- debug1: session_by_channel: session 0 channel 0
- debug1: session_input_channel_req: session 0 req shell
- debug1: Setting controlling tty using TIOCSCTTY.
- debug1: Received SIGCHLD.
- debug1: session_by_pid: pid 9130
- debug1: session_exit_message: session 0 channel 0 pid 9130
- debug1: session_exit_message: release channel 0
- debug1: session_by_tty: session 0 tty /dev/pts/1
- debug1: session_pty_cleanup: session 0 release /dev/pts/1
- Received disconnect from 127.0.0.1: 11: disconnected by user
- debug1: do_cleanup
- debug1: do_cleanup
- debug1: PAM: cleanup
- debug1: PAM: closing session
- debug1: PAM: deleting credentials
- # bash --version
- GNU bash, version 3.2.49(1)-release (arm-none-linux-gnueabi)
- Copyright (C) 2007 Free Software Foundation, Inc.
- $ ls -la /bin/bash
- -rwxr-xr-x 1 root root 724676 Dec 15 23:57 /bin/bash
- $ file /bin/bash
- /bin/bash: ELF 32-bit LSB executable, ARM, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.14, stripped
- $ uname -a
- Linux NAS 2.6.32.12 #2661 Mon Nov 12 23:10:15 CST 2012 armv5tel GNU/Linux synology_88f6282_212+
- $ grep bash /etc/shells
- /bin/bash
- /bin/bash2
- void do_child(Session *s, const char *command)
- {
- ...
- #ifdef MY_ABC_HERE
- char szValue[8];
- int RunSSH = 0;
- SSH_CMD SSHCmd = REQ_UNKNOWN;
- if (1 == GetKeyValue("/etc/synoinfo.conf", "runssh", szValue, sizeof(szValue))) {
- if (strcasecmp(szValue, "yes") == 0) {
- RunSSH = 1;
- }
- }
- if (IsSFTPReq(command)){
- SSHCmd = REQ_SFTP;
- } else if (IsRsyncReq(command)){
- SSHCmd = REQ_RSYNC;
- } else if (IsTimebkpRequest(command)){
- SSHCmd = REQ_TIMEBKP;
- } else if (RunSSH && IsAllowShell(pw)){
- SSHCmd = REQ_SHELL;
- } else {
- goto Err;
- }
- if (REQ_RSYNC == SSHCmd) {
- pw = SYNOChgValForRsync(pw);
- }
- if (!SSHCanLogin(SSHCmd, pw)) {
- goto Err;
- }
- goto Pass;
- Err:
- fprintf(stderr, "Permission denied, please try again.n");
- exit(1);
- Pass:
- #endif /* MY_ABC_HERE */
- ...
- }
- static int IsAllowShell(const struct passwd *pw)
- {
- struct passwd *pUnPrivilege = NULL;
- char *szUserName = NULL;
- if (!pw || !pw->pw_name) {
- return 0;
- }
- szUserName = pw->pw_name;
- if(!strcmp(szUserName, "root") || !strcmp(szUserName, "admin")){
- return 1;
- }
- if (NULL != (pUnPrivilege = getpwnam(szUserName))){
- if (!strcmp(pUnPrivilege->pw_shell, "/bin/sh") ||
- !strcmp(pUnPrivilege->pw_shell, "/bin/ash")) {
- return 1;
- }
- }
- return 0;
- }
- [ -x /opt/bin/bash ] && exec /opt/bin/bash
Add Comment
Please, Sign In to add comment