chroot ssh - No user exists

Support for security such as Firewalls and securing linux
Post Reply
hederilro
Posts: 3
Joined: 2017/09/22 08:10:03

chroot ssh - No user exists

Post by hederilro » 2017/09/22 08:19:43

I'm setting up a chrooted user with SSH and SCP capabilities.

I am having a hard time on just mere activation of SSH and SCP, and the error appeared when I tried to run "ssh" (even "ssh" without arguments) is:

Code: Select all

No user exists for uid 1001
Typing ls -al on the chrooted ssh login woud yield something like:

Code: Select all

drwxr-xr-x. 10 0    0    4096 Sep 22 12:51 .
drwxr-xr-x.  6 0    0      53 Sep 21 22:37 ..
-rw-------.  1 1001 1001  166 Sep 22 12:16 .bash_history
-rw-r--r--.  1 1001 1001   18 Nov 20  2015 .bash_logout
-rw-r--r--.  1 1001 1001  193 Nov 20  2015 .bash_profile
-rw-r--r--.  1 1001 1001  231 Nov 20  2015 .bashrc
drwxr-xr-x.  2 0    0      81 Sep 22 12:54 bin
drwxr-xr-x.  2 0    0      51 Sep 22 11:31 dev
drwxr-xr-x.  2 0    0      69 Sep 22 12:58 etc
drwxr-xr-x.  2 0    0    4096 Sep 22 12:17 lib64
drwxr-xr-x.  2 0    0      16 Sep 22 12:00 usr
drwxr-xr-x. 12 1001 1001 4096 Sep 22 11:25 www
Notice how the user and group fields which should be displaying the user and group names are just appearing as numbers, which for some reason it fails to read data from /etc/passwd file.

The etc directory in the chrooted directory contains the following, please take note of the permissions:

Code: Select all

-rw-r--r--.  1 root root  599 Sep 22 11:39 group
-rw-r--r--.  1 root root 1717 Sep 22 12:58 nsswitch.conf
-rw-r--r--.  1 root root 1312 Sep 22 11:39 passwd
-rw-r--r--.  1 root root   68 Sep 22 12:51 resolv.conf
I have tried each and every forums and blogs in the Internet and they don't work at all. I am giving up so I am writing this forum to help me out.

MartinR
Posts: 714
Joined: 2015/05/11 07:53:27
Location: UK

Re: chroot ssh - No user exists

Post by MartinR » 2017/09/22 09:11:30

Just a thought - are you sure that the /etc/passwd file within the chrooted environment matches that without? If user 1001 exists in the normal environment but not in the chrooted one you will get exactly this behaviour.

hederilro
Posts: 3
Joined: 2017/09/22 08:10:03

Re: chroot ssh - No user exists

Post by hederilro » 2017/09/22 10:21:56

MartinR wrote:Just a thought - are you sure that the /etc/passwd file within the chrooted environment matches that without? If user 1001 exists in the normal environment but not in the chrooted one you will get exactly this behaviour.
Yes, the chrooted directory has its own copy of /etc/passwd file, and the users in question is listed there. That is, I have two distinct copies aside from /etc/passwd file, there is also a /home/chrooted_user/etc/passwd file as well.

hederilro
Posts: 3
Joined: 2017/09/22 08:10:03

Re: chroot ssh - No user exists

Post by hederilro » 2017/09/22 12:20:51

Hi, I think I resolved it myself.

But it took me 6 hours figuring how this works until I arrived at this one. It involves using the Name Server Switch (or nss) and I have to copy nss-related libraries in lib64 folder in the chroot dir, like:

Code: Select all

cp /lib64/libnss* /home/chrooted_user/lib64/*
I would also not forget copying /etc/nsswitch.conf to the chrooted /etc/ folder.

ls will now be displaying names instead of numbers, and ssh will not be nagging about "unknown user".

Post Reply