• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Please beaware of a breaking change in the REST API on the next Plesk release (18.0.62).
    Starting from Plesk Obsidian 18.0.62, requests to REST API containing the Content-Type header with a media-type directive other than “application/json” will result in the HTTP “415 Unsupported Media Type” client error response code. Read more here

chrooted bash not working after upgrade to 9.3/Lenny

D

dingding

Guest
Hello,

I recently upgraded my debian etch system to lenny. I thought it would be a good idea to update plesk as well and upgraded it to 9.3.

Everything seems to work fine, but the chroot access for website users (sftp) isn't working anymore. If i test via ssh i get the following error on the client terminal:
-: /lib/tls/libc.so.6: version `GLIBC_2.4' not found (required by -)

I couldn't find any helpful error logs on the server itself, only a few in auth.log (INFO level, DEBUG seemed alright too):
sshd[30234]: error opening /proc/self/oom_adj: No such file or directory
sshd[30234]: Accepted password for XXX from XXX port 54742 ssh2
sshd[30234]: pam_unix(sshd:session): session opened for user XXX by (uid=0)
sshd[30234]: pam_unix(sshd:session): session closed for user XXX

sshd works fine, i changed the Web hosting setup from /bin/bash/ (chrooted) to /bin/bash and it works (but gives the users full access ...).

I let /usr/local/psa/admin/sbin/chrootmng do its magic, but nothing changed either.

Has anybody stumbled upon similar problems, any advice?
Any ideas where to find more debugging information and look for logs?

Thank You!
 
Hi,

I have exactly the same problem.
Setting DEBUG-mode for ssh doesn't really help:

----------------------------------------------------------------------------------------------------------------------------------
Feb 14 13:24:27 vsxxxxxx sshd[23971]: debug1: rexec start in 4 out 4 newsock 4 pipe 6 sock 7
Feb 14 13:24:27 vsxxxxxx sshd[9985]: debug1: Forked child 23971.
Feb 14 13:24:27 vsxxxxxx sshd[23971]: error opening /proc/self/oom_adj: No such file or directory
Feb 14 13:24:27 vsxxxxxx sshd[23971]: error opening /proc/self/oom_adj: No such file or directory
Feb 14 13:24:27 vsxxxxxx sshd[23971]: debug1: inetd sockets after dupping: 3, 3
Feb 14 13:24:27 vsxxxxxx sshd[23971]: Connection from xx.xx.xx.xxx port 58831
Feb 14 13:24:27 vsxxxxxx sshd[23971]: debug1: Client protocol version 2.0; client software version OpenSSH_5.1p1 Debian-6ubuntu2
Feb 14 13:24:27 vsxxxxxx sshd[23971]: debug1: match: OpenSSH_5.1p1 Debian-6ubuntu2 pat OpenSSH*
Feb 14 13:24:27 vsxxxxxx sshd[23971]: debug1: Enabling compatibility mode for protocol 2.0
Feb 14 13:24:27 vsxxxxxx sshd[23971]: debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-5
Feb 14 13:24:27 vsxxxxxx sshd[23971]: debug1: PAM: initializing for "xxx"
Feb 14 13:24:27 vsxxxxxx sshd[23971]: debug1: PAM: setting PAM_RHOST to "xdsl-87-79-85-199.netcologne.de"
Feb 14 13:24:27 vsxxxxxx sshd[23971]: debug1: PAM: setting PAM_TTY to "ssh"
Feb 14 13:24:27 vsxxxxxx sshd[23971]: Failed none for xxx from xx.xx.xx.xxx port 58831 ssh2
Feb 14 13:24:27 vsxxxxxx sshd[23971]: debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
Feb 14 13:24:27 vsxxxxxx sshd[23971]: debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
Feb 14 13:24:27 vsxxxxxx sshd[23971]: debug1: temporarily_use_uid: 10004/2523 (e=0/0)
Feb 14 13:24:27 vsxxxxxx sshd[23971]: debug1: trying public key file /var/www/vhosts/atheisten.org/.ssh/authorized_keys
Feb 14 13:24:27 vsxxxxxx sshd[23971]: debug1: restore_uid: 0/0
Feb 14 13:24:27 vsxxxxxx sshd[23971]: debug1: temporarily_use_uid: 10004/2523 (e=0/0)
Feb 14 13:24:27 vsxxxxxx sshd[23971]: debug1: trying public key file /var/www/vhosts/atheisten.org/.ssh/authorized_keys
Feb 14 13:24:27 vsxxxxxx sshd[23971]: debug1: restore_uid: 0/0
Feb 14 13:24:27 vsxxxxxx sshd[23971]: Failed publickey for xxx from xx.xx.xx.xxx port 58831 ssh2
Feb 14 13:24:33 vsxxxxxx sshd[23971]: debug1: PAM: password authentication accepted for xxx
Feb 14 13:24:34 vsxxxxxx sshd[23971]: debug1: do_pam_account: called
Feb 14 13:24:36 vsxxxxxx sshd[23971]: Accepted password for xxx from xx.xx.xx.xxx port 58831 ssh2
Feb 14 13:24:36 vsxxxxxx sshd[23971]: debug1: monitor_child_preauth: xxx has been authenticated by privileged process
Feb 14 13:24:36 vsxxxxxx sshd[23971]: debug1: PAM: establishing credentials
Feb 14 13:24:36 vsxxxxxx sshd[23971]: pam_unix(sshd:session): session opened for user xxx by (uid=0)
Feb 14 13:24:36 vsxxxxxx sshd[25942]: debug1: SELinux support disabled
Feb 14 13:24:36 vsxxxxxx sshd[25942]: debug1: PAM: establishing credentials
Feb 14 13:24:36 vsxxxxxx sshd[25942]: debug1: permanently_set_uid: 10004/2523
Feb 14 13:24:36 vsxxxxxx sshd[25942]: debug1: Entering interactive session for SSH2.
Feb 14 13:24:36 vsxxxxxx sshd[25942]: debug1: server_init_dispatch_20
Feb 14 13:24:36 vsxxxxxx sshd[23971]: User child is on pid 25942
Feb 14 13:24:36 vsxxxxxx sshd[25942]: debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384
Feb 14 13:24:36 vsxxxxxx sshd[25942]: debug1: input_session_request
Feb 14 13:24:36 vsxxxxxx sshd[25942]: debug1: channel 0: new [server-session]
Feb 14 13:24:36 vsxxxxxx sshd[25942]: debug1: session_new: session 0
Feb 14 13:24:36 vsxxxxxx sshd[25942]: debug1: session_open: channel 0
Feb 14 13:24:36 vsxxxxxx sshd[25942]: debug1: session_open: session 0: link with channel 0
Feb 14 13:24:36 vsxxxxxx sshd[25942]: debug1: server_input_channel_open: confirm session
Feb 14 13:24:36 vsxxxxxx sshd[25942]: debug1: server_input_global_request: rtype [email protected] want_reply 0
Feb 14 13:24:36 vsxxxxxx sshd[25942]: debug1: server_input_channel_req: channel 0 request pty-req reply 1
Feb 14 13:24:36 vsxxxxxx sshd[25942]: debug1: session_by_channel: session 0 channel 0
Feb 14 13:24:36 vsxxxxxx sshd[25942]: debug1: session_input_channel_req: session 0 req pty-req
Feb 14 13:24:36 vsxxxxxx sshd[25942]: debug1: Allocating pty.
Feb 14 13:24:36 vsxxxxxx sshd[23971]: debug1: session_new: session 0
Feb 14 13:24:36 vsxxxxxx sshd[23971]: debug1: SELinux support disabled
Feb 14 13:24:36 vsxxxxxx sshd[25942]: debug1: session_pty_req: session 0 alloc /dev/pts/2
Feb 14 13:24:37 vsxxxxxx sshd[25942]: debug1: server_input_channel_req: channel 0 request env reply 0
Feb 14 13:24:37 vsxxxxxx sshd[25942]: debug1: session_by_channel: session 0 channel 0
Feb 14 13:24:37 vsxxxxxx sshd[25942]: debug1: session_input_channel_req: session 0 req env
Feb 14 13:24:37 vsxxxxxx sshd[25942]: debug1: server_input_channel_req: channel 0 request shell reply 1
Feb 14 13:24:37 vsxxxxxx sshd[25942]: debug1: session_by_channel: session 0 channel 0
Feb 14 13:24:37 vsxxxxxx sshd[25942]: debug1: session_input_channel_req: session 0 req shell
Feb 14 13:24:37 vsxxxxxx sshd[26113]: debug1: Setting controlling tty using TIOCSCTTY.
Feb 14 13:24:37 vsxxxxxx sshd[25942]: debug1: Received SIGCHLD.
Feb 14 13:24:37 vsxxxxxx sshd[25942]: debug1: session_by_pid: pid 26113
Feb 14 13:24:37 vsxxxxxx sshd[25942]: debug1: session_exit_message: session 0 channel 0 pid 26113
Feb 14 13:24:37 vsxxxxxx sshd[25942]: debug1: session_exit_message: release channel 0
Feb 14 13:24:37 vsxxxxxx sshd[23971]: debug1: session_by_tty: session 0 tty /dev/pts/2
Feb 14 13:24:37 vsxxxxxx sshd[25942]: debug1: session_by_channel: session 0 channel 0
Feb 14 13:24:37 vsxxxxxx sshd[23971]: debug1: session_pty_cleanup: session 0 release /dev/pts/2
Feb 14 13:24:37 vsxxxxxx sshd[25942]: debug1: session_close_by_channel: channel 0 child 0
Feb 14 13:24:37 vsxxxxxx sshd[25942]: debug1: session_close: session 0 pid 0
Feb 14 13:24:37 vsxxxxxx sshd[25942]: debug1: channel 0: free: server-session, nchannels 1
Feb 14 13:24:37 vsxxxxxx sshd[25942]: Connection closed by xx.xx.xx.xxx
Feb 14 13:24:37 vsxxxxxx sshd[25942]: debug1: do_cleanup
Feb 14 13:24:37 vsxxxxxx sshd[25942]: Transferred: sent 2248, received 2256 bytes
Feb 14 13:24:37 vsxxxxxx sshd[25942]: Closing connection to xx.xx.xx.xxx port 58831
Feb 14 13:24:37 vsxxxxxx sshd[23971]: debug1: PAM: cleanup
Feb 14 13:24:37 vsxxxxxx sshd[23971]: debug1: PAM: deleting credentials
Feb 14 13:24:37 vsxxxxxx sshd[23971]: debug1: PAM: closing session
Feb 14 13:24:37 vsxxxxxx sshd[23971]: pam_unix(sshd:session): session closed for user xxx
----------------------------------------------------------------------------------------------------------------------------------
Click to expand...



During installation of Plesk 9.3 I got following message:
----------------------------------------------------------------------------------------------------------------------------------
Trying to install chrooted environment... `/bin/bash' -> `bash'
`/lib/libncurses.so.5' -> `/var/www/vhosts/chroot/lib/libncurses.so.5'
`/lib/libdl.so.2' -> `/var/www/vhosts/chroot/lib/libdl.so.2'
`/lib/libc.so.6' -> `/var/www/vhosts/chroot/lib/libc.so.6'
`/bin/cat' -> `cat'
`/lib/libc.so.6' -> `/var/www/vhosts/chroot/lib/libc.so.6'
`/bin/cp' -> `cp'
`/lib/libselinux.so.1' -> `/var/www/vhosts/chroot/lib/libselinux.so.1'
`/lib/libacl.so.1' -> `/var/www/vhosts/chroot/lib/libacl.so.1'
[...]
groups: text/x-shellscript
probably it will not work in chrooted acconts

WARNING!
During the register groups in chrooted environment found some problems
Continue...
----------------------------------------------------------------------------------------------------------------------------------
Click to expand...

But this message doesn't really help :(
 
Sorry, was gone for a few days. Yes, just had a look. Exactly the same error message!

Please help us!
 
I was wondering if it is a general problem with Lenny and Plesk 9.3 or if we have 'exceptional circumstances' on our server...

perhaps in near future more users have the same problem, because of the expired support for etch
 
Did you find a solution yet? I'm still stuck with root only access ...

Thanks
 
I solved the problem!
Plesk "forgot" to copy all libraries to lib-folder of chroot-location.

Here the libs I use:

root@xxx:/var/www/vhosts/xxx/lib# ls -l
-rwxr-xr-x 4 root root 113248 15. Mär 22:25 ld-linux.so.2
-rw-r--r-- 4 root root 24800 15. Mär 22:25 libacl.so.1
-rw-r--r-- 4 root root 14744 15. Mär 22:25 libattr.so.1
-rw-r--r-- 4 root root 8676 15. Mär 22:25 libcom_err.so.2
-rw-r--r-- 4 root root 1375588 12. Jan 08:29 libcrypto.so.0.9.8
-rw-r--r-- 4 root root 38296 15. Mär 22:25 libcrypt.so.1
-rwxr-xr-x 4 root root 1294572 15. Mär 22:25 libc.so.6
-rw-r--r-- 4 root root 9680 15. Mär 22:25 libdl.so.2
-rw-r--r-- 1 root root 49676 15. Mär 23:08 libgcc_s.so.1
-rw-r--r-- 4 root root 18588 7. Mär 2007 libgpm.so.1
-rw-r--r-- 4 root root 19140 30. Nov 2008 libgpm.so.2
-rw-r--r-- 4 root root 169076 7. Jan 21:58 libgssapi_krb5.so.2
-rw-r--r-- 4 root root 147392 7. Jan 21:58 libk5crypto.so.3
-rw-r--r-- 4 root root 5744 15. Mär 22:25 libkeyutils.so.1
-rw-r--r-- 4 root root 607284 7. Jan 21:58 libkrb5.so.3
-rw-r--r-- 4 root root 27876 7. Jan 21:58 libkrb5support.so.0
-rw-r--r-- 1 root root 149328 15. Mär 23:01 libm.so.6
-rw-r--r-- 1 root root 1995676 15. Mär 23:08 libmysqlclient.so.15
-rw-r--r-- 4 root root 202188 15. Mär 22:25 libncurses.so.5
-rw-r--r-- 4 root root 79608 15. Mär 22:25 libnsl.so.1
-rw-r--r-- 4 root root 30436 15. Mär 22:25 libnss_compat.so.2
-rw-r--r-- 4 root root 17880 15. Mär 22:25 libnss_dns.so.2
-rw-r--r-- 4 root root 38408 15. Mär 22:25 libnss_files.so.2
-rw-r--r-- 4 root root 17856 21. Jan 19:05 libnss_hesiod.so.2
-rw-r--r-- 4 root root 38340 21. Jan 19:05 libnss_nisplus.so.2
-rw-r--r-- 4 root root 34320 21. Jan 19:05 libnss_nis.so.2
-rw-r--r-- 1 root root 33284 15. Mär 23:02 libpopt.so.0
-rwxr-xr-x 4 root root 112012 15. Mär 22:25 libpthread.so.0
-rw-r--r-- 1 root root 200548 15. Mär 23:02 libreadline.so.5
-rw-r--r-- 4 root root 63312 15. Mär 22:25 libresolv.so.2
-rw-r--r-- 4 root root 30624 15. Mär 22:25 librt.so.1
-rw-r--r-- 4 root root 95964 15. Mär 22:25 libselinux.so.1
-rw-r--r-- 4 root root 219824 15. Nov 2006 libsepol.so.1
-rw-r--r-- 1 root root 946216 15. Mär 23:03 libstdc++.so.6
-rw-r--r-- 4 root root 9684 15. Mär 22:25 libutil.so.1
-rw-r--r-- 4 root root 81012 6. Apr 2008 libz.so.1
drwxr-xr-x 15 root root 4096 14. Feb 03:28 terminfo
 
Yay, chrooted bash is working again!

Thanks to subTH for the tipp! But: Just copying the missing library files didn't do the trick for me.

I had to manually overwrite an old libc.so.6 in the template chroot folder of plesk:

/var/www/vhosts/chroot/lib/tls

-rwxr-xr-x 1 root root 1294572 Mar 19 16:46 libc.so.6
-rwxr-xr-x 5 root psaserv 1245488 Nov 6 2008 libc.so.6.OLD

I noticed a difference in filesize while looking for the missing libs. Plesk itself didn't replace those files while upgrading. I took the libc.so.6 from /lib, copied it to the template folder, re-run /usr/local/psa/admin/sbin/chrootmng create/remove and voila, it's working again!
 
You must log in or register to reply here.

Similar threads

S
Issue Git Webhook executed in chroot, /bin/bash allowed in Web Hosting
Replies
1
Views
1K
pge
P
A
Issue chrooted SSH access does not work after migration
Replies
4
Views
3K
Paul_N
Paul_N
A
Issue /bin/bash(chrooted) SSH suddenly denied for all domains
Replies
3
Views
4K
AgBillings
A
J
chroot'd sftp fails with "connection closed"
Replies
0
Views
2K
jerrac
J
websavers
SFTP Not functioning with chrooted accounts on CentOS 6
Replies
0
Views
2K
websavers
websavers
Back
Top