openSSH problèmes de droits - Logiciels - Windows & Software
MarshPosté le 17-12-2009 à 07:50:57
Salut!
j'ai un gros problème avec openSSH, utilisant cygwin sous windows2003 server. Avant je pouvait me connecter, jusqu'au moment ou je décide de passer du mode mot de passe au mode en clé. Je n'arrivait pas à me connecter avec les clés, alors, en suivant des forums j'ai commencé à modifier des droit...le problème c'est que comme une patate, je n'ai pas pensé de me rappeler les modifications faites... et maintenant je n'arrive plus à lancer mon service! j'arrive que en mode debug (-d -d -d) et à me connecter avec l'admin. Je ne peut pas lances le service avec la commande net, et même en mode débug je n'arriva pas à me connecter avec l'utilisateur.
Si je sart le service:
Administrator@SCBSPROD ~ $ net start sshd The sshd service is starting. The sshd service could not be started. The service did not report an error. More help is available by typing NET HELPMSG 3534.
Dans le log j'ai:
/var/empty must be owned by root and not group or world-writable.
Si je start en mode debug: /usr/sbin/sshd -D -d -d -d
Je peut me connecter une fois avec l'admin, mais pas avec on utilisateur!
Marsh Posté le 17-12-2009 à 07:50:57
Salut!
j'ai un gros problème avec openSSH, utilisant cygwin sous windows2003 server.
Avant je pouvait me connecter, jusqu'au moment ou je décide de passer du mode mot de passe au mode en clé.
Je n'arrivait pas à me connecter avec les clés, alors, en suivant des forums j'ai commencé à modifier des droit...le problème c'est que comme une patate, je n'ai pas pensé de me rappeler les modifications faites...
et maintenant je n'arrive plus à lancer mon service! j'arrive que en mode debug (-d -d -d) et à me connecter avec l'admin. Je ne peut pas lances le service avec la commande net, et même en mode débug je n'arriva pas à me connecter avec l'utilisateur.
Si je sart le service:
Administrator@SCBSPROD ~
$ net start sshd
The sshd service is starting.
The sshd service could not be started.
The service did not report an error.
More help is available by typing NET HELPMSG 3534.
Dans le log j'ai:
/var/empty must be owned by root and not group or world-writable.
Si je start en mode debug:
/usr/sbin/sshd -D -d -d -d
Je peut me connecter une fois avec l'admin, mais pas avec on utilisateur!
Si je me connecte avec le client admin:
Administrator@SCBSPROD ~
$ ssh userSFTP@10.4.15.5
userSFTP@10.4.15.5's password:
Last login: Wed Dec 16 17:56:34 2009 from scbsprod.servcenterxa.ch
debug1: permanently_set_uid: 1013/513
debug3: Copy environment: PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1,
GenuineIntel
debug3: Copy environment: WINDIR=C:\\WINDOWS
debug3: Copy environment: OS=Windows_NT
debug3: Copy environment: ALLUSERSPROFILE=C:\\Documents and Settings\\All Users
debug3: Copy environment: TEMP=/cygdrive/c/DOCUME~1/ADMINI~1.SCX/LOCALS~1/Temp
debug3: Copy environment: COMMONPROGRAMFILES=C:\\Program Files\\Common Files
debug3: Copy environment: PROCESSOR_LEVEL=15
debug3: Copy environment: PATH=/usr/local/binusr/binbinusr/X11R6/bincygd
rive/c/WINDOWS/system32cygdrive/c/WINDOWScygdrive/c/WINDOWS/System32/Wbemc
ygdrive/c/Program Files/Microsoft SQL Server/80/Tools/BINN: Ccygwin/bin
debug3: Copy environment: SYSTEMDRIVE=C:
debug3: Copy environment: CYGWIN=ntsec tty
debug3: Copy environment: PROCESSOR_ARCHITECTURE=x86
debug3: Copy environment: PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.W
SH
debug3: Copy environment: COMSPEC=C:\\WINDOWS\\system32\\cmd.exe
debug3: Copy environment: TMP=/cygdrive/c/DOCUME~1/ADMINI~1.SCX/LOCALS~1/Temp
debug3: Copy environment: SYSTEMROOT=C:\\WINDOWS
debug3: Copy environment: PROCESSOR_REVISION=0401
debug3: Copy environment: PROGRAMFILES=C:\\Program Files
debug3: Copy environment: NUMBER_OF_PROCESSORS=2
debug3: Copy environment: COMPUTERNAME=SCBSPROD
Environment:
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
WINDIR=C:\WINDOWS
OS=Windows_NT
ALLUSERSPROFILE=C:\Documents and Settings\All Users
TEMP=/cygdrive/c/DOCUME~1/ADMINI~1.SCX/LOCALS~1/Temp
COMMONPROGRAMFILES=C:\Program Files\Common Files
PROCESSOR_LEVEL=15
PATH=/usr/local/binusr/binbinusr/X11R6/bincygdrive/c/WINDOWS/system32:
/cygdrive/c/WINDOWScygdrive/c/WINDOWS/System32/Wbemcygdrive/c/Program Files/
Microsoft SQL Server/80/Tools/BINN: Ccyg
SYSTEMDRIVE=C:
CYGWIN=ntsec tty
PROCESSOR_ARCHITECTURE=x86
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
COMSPEC=C:\WINDOWS\system32\cmd.exe
TMP=/cygdrive/c/DOCUME~1/ADMINI~1.SCX/LOCALS~1/Temp
SYSTEMROOT=C:\WINDOWS
PROCESSOR_REVISION=0401
PROGRAMFILES=C:\Program Files
NUMBER_OF_PROCESSORS=2
COMPUTERNAME=SCBSPROD
USER=userSFTP
LOGNAME=userSFTP
HOME=/home/userSFTP
MAIL=/var/spool/mail/userSFTP
SHELL=/bin/bash
SSH_CLIENT=10.4.15.5 4547 22
SSH_CONNECTION=10.4.15.5 4547 10.4.15.5 22
SSH_TTY=/dev/tty2
TERM=cygwin
debug3: channel 0: close_fds r -1 w -1 e -1 c -1
/bin/bash: Permission denied
Connection to 10.4.15.5 closed.
Le serveur:
Administrator@SCBSPROD ~
$ /usr/sbin/sshd -D -d -d -d
debug2: load_server_config: filename /etc/sshd_config
debug2: load_server_config: done config len = 213
debug2: parse_server_config: config /etc/sshd_config len 213
debug3: /etc/sshd_config:13 setting Port 22
debug3: /etc/sshd_config:21 setting Protocol 2
debug3: /etc/sshd_config:42 setting StrictModes no
debug3: /etc/sshd_config:98 setting UsePrivilegeSeparation yes
debug3: /etc/sshd_config:113 setting Subsystem sftp /usr/sbin/sftp-server
debug1: sshd version OpenSSH_5.1p1
debug3: Not a RSA1 key file /etc/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug3: Not a RSA1 key file /etc/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-D'
debug1: rexec_argv[2]='-d'
debug1: rexec_argv[3]='-d'
debug1: rexec_argv[4]='-d'
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug1: fd 4 clearing O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 7 config len 213
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7
debug1: inetd sockets after dupping: 3, 3
Connection from 10.4.15.5 port 4547
debug1: Client protocol version 2.0; client software version OpenSSH_5.1
debug1: match: OpenSSH_5.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.1
debug2: fd 3 setting O_NONBLOCK
debug2: Network child is on pid 5456
debug3: preauth child monitor started
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug3: mm_request_receive entering
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-
roup-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour
28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-
tr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour
28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-
tr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd16
,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd16
,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-
roup-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour
28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-
tr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour
28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-
tr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd16
,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd16
,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug3: mm_request_send entering: type 0
debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI
debug3: monitor_read: checking request 0
debug3: mm_request_receive_expect entering: type 1
debug3: mm_answer_moduli: got parameters: 1024 1024 8192
debug3: mm_request_receive entering
debug3: mm_request_send entering: type 1
debug2: monitor_read: 0 used once, disabling now
debug3: mm_choose_dh: remaining 0
debug3: mm_request_receive entering
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug2: dh_gen_key: priv key bits set: 121/256
debug2: bits set: 511/1024
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug2: bits set: 534/1024
debug3: mm_key_sign entering
debug3: mm_request_send entering: type 4
debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN
debug3: monitor_read: checking request 4
debug3: mm_request_receive_expect entering: type 5
debug3: mm_answer_sign
debug3: mm_request_receive entering
debug3: mm_answer_sign: signature 0x1041c2a0(271)
debug3: mm_request_send entering: type 5
debug2: monitor_read: 4 used once, disabling now
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug3: mm_request_receive entering
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user userSFTP service ssh-connection method none
debug1: attempt 0 failures 0
debug3: mm_getpwnamallow entering
debug3: mm_request_send entering: type 6
debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM
debug3: monitor_read: checking request 6
debug3: mm_request_receive_expect entering: type 7
debug3: mm_answer_pwnamallow
debug3: mm_request_receive entering
debug3: Trying to reverse map address 10.4.15.5.
debug2: parse_server_config: config reprocess config len 213
debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
debug3: mm_request_send entering: type 7
debug2: monitor_read: 6 used once, disabling now
debug2: input_userauth_request: setting up authctxt for userSFTP
debug3: mm_request_receive entering
debug3: mm_inform_authserv entering
debug3: mm_request_send entering: type 3
debug2: input_userauth_request: try method none
debug3: monitor_read: checking request 3
debug3: mm_answer_authserv: service=ssh-connection, style=
debug3: mm_auth_password entering
debug2: monitor_read: 3 used once, disabling now
debug3: mm_request_send entering: type 10
debug3: mm_request_receive entering
debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD
debug3: monitor_read: checking request 10
debug3: mm_request_receive_expect entering: type 11
debug3: mm_answer_authpassword: sending result 0
debug3: mm_request_receive entering
debug3: mm_request_send entering: type 11
Failed none for userSFTP from 10.4.15.5 port 4547 ssh2
debug3: mm_auth_password: user not authenticated
debug3: mm_request_receive entering
debug1: userauth-request for user userSFTP service ssh-connection method keyboa
d-interactive
debug1: attempt 1 failures 0
debug2: input_userauth_request: try method keyboard-interactive
debug1: keyboard-interactive devs
debug1: auth2_challenge: user=userSFTP devs=
debug1: kbdint_alloc: devices ''
debug2: auth2_challenge_start: devices
debug1: userauth-request for user userSFTP service ssh-connection method passwo
d
debug1: attempt 2 failures 1
debug2: input_userauth_request: try method password
debug3: mm_auth_password entering
debug3: mm_request_send entering: type 10
debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD
debug3: monitor_read: checking request 10
debug3: mm_request_receive_expect entering: type 11
debug3: mm_request_receive entering
debug3: mm_answer_authpassword: sending result 1
debug3: mm_request_send entering: type 11
Accepted password for userSFTP from 10.4.15.5 port 4547 ssh2
debug3: mm_auth_password: user authenticated
debug1: monitor_child_preauth: userSFTP has been authenticated by privileged pr
cess
debug3: mm_send_keystate: Sending new keys: 0x1041ca80 0x1041b408
debug3: mm_get_keystate: Waiting for new keys
debug3: mm_newkeys_to_blob: converting 0x1041ca80
debug3: mm_request_receive_expect entering: type 24
debug3: mm_newkeys_to_blob: converting 0x1041b408
debug3: mm_request_receive entering
debug3: mm_send_keystate: New keys have been sent
debug3: mm_send_keystate: Sending compression state
debug3: mm_request_send entering: type 24
debug3: mm_send_keystate: Finished sending state
debug3: mm_newkeys_from_blob: 0x1041edc0(118)
debug2: mac_setup: found hmac-md5
debug3: mm_get_keystate: Waiting for second key
debug3: mm_newkeys_from_blob: 0x1041feb0(118)
debug2: mac_setup: found hmac-md5
debug3: mm_get_keystate: Getting compression state
debug3: mm_get_keystate: Getting Network I/O buffers
debug3: mm_share_sync: Share sync
debug3: mm_share_sync: Share sync end
debug2: set_newkeys: mode 0
debug2: set_newkeys: mode 1
debug1: Entering interactive session for SSH2.
debug2: fd 4 setting O_NONBLOCK
debug2: fd 5 setting O_NONBLOCK
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384
debug1: input_session_request
debug1: channel 0: new [server-session]
debug2: session_new: allocate (allocated 0 max 10)
debug3: session_unused: session id 0 unused
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_global_request: rtype no-more-sessions@openssh.com want_re
ly 0
debug1: server_input_channel_req: channel 0 request pty-req reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
debug1: Allocating pty.
debug1: session_pty_req: session 0 alloc /dev/tty2
debug3: tty_parse_modes: SSH2 n_bytes 246
debug3: tty_parse_modes: ospeed 38400
debug3: tty_parse_modes: ispeed 38400
debug1: server_input_channel_req: channel 0 request shell reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req shell
debug2: fd 3 setting TCP_NODELAY
debug2: channel 0: rfd 8 isatty
debug2: fd 8 setting O_NONBLOCK
debug2: fd 6 setting O_NONBLOCK
debug2: channel 0: read<=0 rfd 8 len 0
debug2: channel 0: read failed
debug2: channel 0: close_read
debug2: channel 0: input open -> drain
debug2: channel 0: ibuf empty
debug2: channel 0: send eof
debug2: channel 0: input drain -> closed
debug1: Received SIGCHLD.
debug1: session_by_pid: pid 4652
debug1: session_exit_message: session 0 channel 0 pid 4652
debug2: channel 0: request exit-status confirm 0
debug1: session_exit_message: release channel 0
debug2: channel 0: write failed
debug2: channel 0: close_write
debug2: channel 0: send eow
debug2: channel 0: output open -> closed
debug1: session_pty_cleanup: session 0 release /dev/tty2
debug2: channel 0: send close
debug3: channel 0: will not send data after close
debug2: notify_done: reading
debug3: channel 0: will not send data after close
debug2: channel 0: rcvd close
debug3: channel 0: will not send data after close
debug2: channel 0: is dead
debug2: channel 0: gc: notify user
debug1: session_by_channel: session 0 channel 0
debug1: session_close_by_channel: channel 0 child 0
debug1: session_close: session 0 pid 0
debug3: session_unused: session id 0 unused
debug2: channel 0: gc: user detached
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: server-session, nchannels 1
debug3: channel 0: status: The following connections are open:
#0 server-session (t4 r0 i3/0 o3/0 fd -1/-1 cfd -1)
debug3: channel 0: close_fds r -1 w -1 e -1 c -1
Connection closed by 10.4.15.5
debug1: do_cleanup
Transferred: sent 4984, received 1712 bytes
Closing connection to 10.4.15.5 port 4547
Les droits de mon répertoire empty:
> Administrator@SCBSPROD /
> $ ls -l var
> total 0
> drwxrwx---+ 3 Administrator Users 0 Dec 16 17:30 cache
> drwxr-xr-x+ 2 Administrator None 0 Dec 16 17:37 empty
> drwxrwx---+ 3 Administrator Users 0 Dec 16 17:30 lib
> drwxrwxrwx+ 2 Administrator Users 0 Dec 16 17:39 log
> drwxrwxrwx+ 2 Administrator Users 0 Dec 16 17:30 run
> drwxrwx---+ 2 Administrator Users 0 Dec 16 17:30 tmp
Quelqu'un peut m'aider svp???