sshd (openssh) on SunOS without root privileges

sayeo · #1 (**permalink**) 03-13-2008

Hi, I've just managed to install openssh in my home directory on a server I have access to by using --prefix=$HOME/local after ./configure. Another thing I was having trouble with without root access was privilege separation, so I disabled that in my sshd_config. However, when I run ~/local/sbin/sshd, nothing happens. There is no mention of sshd in the process list either. Is it because I can't start a server from my home directory when there is already one running from the root directory?

The reason why I'm trying to do all this is that I want to use this server as a "middleman" to run a reverse tunnel to my home machine which is behind a NAT firewall, so that I can connect to my home machine from anywhere thru the middleman, as described here.

Anyone have any suggestions?

jlliagre · #2 (**permalink**) 03-13-2008

Did you change the listen port to a non privileged one ?

sayeo · #3 (**permalink**) 03-13-2008

Yeah, I used 10000, like in the tutorial, which is > 1024. But besides, if I can't even start my sshd server, nothing will work, rght?

flatopokey · #4 (**permalink**) 03-13-2008

What version of Solaris is it?

jlliagre · #5 (**permalink**) 03-13-2008

and what says "sshd -de" ?

sayeo · #6 (**permalink**) 03-13-2008

OK, I think I'm getting somewhere....

I changed the ports in ssh_config and sshd_config to 10003 from 22. Then sshd -de gave me:

debug1: sshd version OpenSSH_4.7p1
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: setgroups() failed: Not owner
debug1: rexec_argv[0]='/home/shay/a/yeo/local/sbin/sshd'
debug1: rexec_argv[1]='-de'
debug1: Bind to port 10003 on ::.
Server listening on :: port 10003.
debug1: Bind to port 10003 on 0.0.0.0.
Server listening on 0.0.0.0 port 10003

then I did
user@destination$ ssh -R 10000:localhost:10003 middleuser@middle
from my home machine (destination)

then I did
user@remote$ ssh destinationuser@middle -p 10000
from a remote machine, and on the terminal which I ran sshd -de, this appears:
debug1: fd 6 clearing O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 6 out 6 newsock 6 pipe -1 sock 11
debug1: sshd version OpenSSH_4.7p1
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: setgroups() failed: Not owner
debug1: inetd sockets after dupping: 4, 4
Connection from 128.210.10.101 port 39851
debug1: Client protocol version 2.0; client software version OpenSSH_4.6
debug1: match: OpenSSH_4.6 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.7
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user yeo service ssh-connection method none
debug1: attempt 0 failures 0
Failed none for yeo from 128.210.10.101 port 39851 ssh2
debug1: userauth-request for user yeo service ssh-connection method keyboard-interactive
debug1: attempt 1 failures 1
debug1: keyboard-interactive devs
debug1: auth2_challenge: user=yeo devs=
debug1: kbdint_alloc: devices ''
Failed keyboard-interactive for yeo from 128.210.10.101 port 39851 ssh2
debug1: userauth-request for user yeo service ssh-connection method password
debug1: attempt 2 failures 2
Could not get shadow information for yeo
Failed password for yeo from 128.210.10.101 port 39851 ssh2

It seems I'm almost there except my server doesn't recognize the username that's SSHing in........
Oh, and the solaris running is version 10. Thanks for your help so far!

sayeo · #7 (**permalink**) 03-13-2008

OK, I realized, I was doing some things wrong and I fixed them, and this is what I have now: after doing
~/local/sbin/sshd -de
I get:

Code:

debug1: sshd version OpenSSH_4.7p1
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: setgroups() failed: Not owner
debug1: rexec_argv[0]='/home/shay/a/yeo/local/sbin/sshd'
debug1: rexec_argv[1]='-de'
debug1: Bind to port 10003 on ::.
Server listening on :: port 10003.
debug1: Bind to port 10003 on 0.0.0.0.
Server listening on 0.0.0.0 port 10003.

Then from my home machine I do
$ ssh -R 10000:localhost:22 -p 10003 user@middle
and the middle shows:

Code:

debug1: fd 6 clearing O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 6 out 6 newsock 6 pipe -1 sock 11
debug1: sshd version OpenSSH_4.7p1
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: setgroups() failed: Not owner
debug1: inetd sockets after dupping: 4, 4
Connection from 72.12.198.89 port 2477
debug1: Client protocol version 2.0; client software version OpenSSH_4.7
debug1: match: OpenSSH_4.7 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.7
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user yeo service ssh-connection method none
debug1: attempt 0 failures 0
Failed none for yeo from 72.12.198.89 port 2477 ssh2
debug1: userauth-request for user yeo service ssh-connection method publickey
debug1: attempt 1 failures 1
debug1: test whether pkalg/pkblob are acceptable
debug1: temporarily_use_uid: 166946/1 (e=166946/1)
debug1: trying public key file /home/shay/a/yeo/.ssh/authorized_keys
debug1: matching key found: file /home/shay/a/yeo/.ssh/authorized_keys, line 1
Found matching RSA key: xxxxxxxxxxxxxxx........
debug1: restore_uid: (unprivileged)
Postponed publickey for yeo from 72.12.198.89 port 2477 ssh2
debug1: userauth-request for user yeo service ssh-connection method publickey
debug1: attempt 2 failures 1
debug1: temporarily_use_uid: 166946/1 (e=166946/1)
debug1: trying public key file /home/shay/a/yeo/.ssh/authorized_keys
debug1: matching key found: file /home/shay/a/yeo/.ssh/authorized_keys, line 1
Found matching RSA key: xxxxxxxxxxxxxxx........
debug1: restore_uid: (unprivileged)
debug1: ssh_rsa_verify: signature correct
Accepted publickey for yeo from 72.12.198.89 port 2477 ssh2
debug1: Entering interactive session for SSH2.
debug1: server_init_dispatch_20
debug1: server_input_global_request: rtype tcpip-forward want_reply 1
debug1: server_input_global_request: tcpip-forward listen localhost port 10000
debug1: Local forwarding listening on :: port 10000.
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on 0.0.0.0 port 10000.
debug1: channel 1: new [port listener]
debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384
debug1: input_session_request
debug1: channel 2: new [server-session]
debug1: session_new: init
debug1: session_new: session 0
debug1: session_open: channel 2
debug1: session_open: session 0: link with channel 2
debug1: server_input_channel_open: confirm session
debug1: server_input_channel_req: channel 2 request pty-req reply 0
debug1: session_by_channel: session 0 channel 2
debug1: session_input_channel_req: session 0 req pty-req
debug1: Allocating pty.
debug1: session_pty_req: session 0 alloc /dev/pts/10
debug1: server_input_channel_req: channel 2 request shell reply 0
debug1: session_by_channel: session 0 channel 2
debug1: session_input_channel_req: session 0 req shell
debug1: Setting controlling tty using TIOCSCTTY.

then from a remote machine I do
ssh destinationuser@middle -p 10000
and the middle shows

Code:

debug1: Connection to port 10000 forwarding to localhost port 0 requested.
debug1: channel 3: new [forwarded-tcpip]
channel 3: open failed: connect failed: Connection refused
debug1: channel 3: free: forwarded-tcpip: listening port 10000 for localhost port 0, connect from 128.210.10.101 port 40031, nchannels 4

while the remote terminal shows

Code:

ssh_exchange_identification: Connection closed by remote host

I've done everything in the guide correctly and I'm out of ideas right now...does anyone have any suggestions? thanks!

More UNIX and Linux Forum Topics You Might Find Helpful
Thread	Thread Starter	Forum	Replies	Last Post
root privileges	madmat	UNIX for Dummies Questions & Answers	4	04-16-2008 07:00 AM
running sshd server from home directory without root access	sayeo	SUN Solaris	0	03-13-2008 04:53 PM
Change the root directory for apache, sshd and ftpd	Sergiu-IT	IP Networking	3	07-05-2006 07:47 AM
root privileges	sumsin	High Level Programming	21	12-30-2005 03:43 PM
Root privileges &Sudoer	blue_7	UNIX for Dummies Questions & Answers	2	06-09-2004 05:05 PM

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Switch to Linear Mode Hybrid Mode Switch to Threaded Mode	Rate This Thread: