[FreeNX-kNX] still proving chroot for freenx

Hi albert682 at yahoo.com
Wed Mar 19 14:31:42 UTC 2008 

This is a hack using JailKit on a clean install of the
jail.

The authenticity of host '127.0.0.1 (127.0.0.1)' can't
be established.
RSA key fingerprint is
dd:a2:5d:1e:3f:f5:b1:fa:58:b5:6e:e6:6f:63:73:ad.
Are you sure you want to continue connecting (yes/no)?
Failed to add the host to the list of known hosts
(/var/lib/nxserver/home/.ssh/known_hosts).
bonanzaa at 127.0.0.1's password:
/etc/bashrc: line 8: id: command not found
/etc/bashrc: line 8: id: command not found
NX> 1000 NXNODE - Version 1.5.0-60 OS (GPL)
NX> 1004 Error: NX Agent exited with exit status 1.
NX> 1006 Session status: closed
/usr/libexec/nx/nxnode: line 137: rev: command not
found
/usr/libexec/nx/nxnode: line 137: rev: command not
found
NX> 105 mv: target
`/home/bonanzaa/.nx/F-C-expansion.foobar.at-1003-
6DDED3B8C17F11FF367CD724E11F22F2/' is not a directory:
No such file or directory
NX> 596 Session startup failed.

Seems like somehow I need to add my own localhost to
the list of knownHosts.  I'll see if I can do that by
hand.  There is an entry for 127.0.0.1 in that file.

Now the second problem is looking for the shell to
supply the mv executable (will check jail) no it is
there.  So then it looks for a file and can't find it.

So according to nxnode if I'm jumping in at the right
place.

. /etc/profile
[ -f ~/.bash_profile ] && . ~/.bash_profile

mkdir -p "$USER_FAKE_HOME/.nx/C-$sess_id/pids/"

It should make that directory.  (will try deleting to
see if it makes .nx inside jailed users home.)  It did
make the directory.

I have this in my .bash_profile

# .bash_profile

# Get the aliases and functions
if [ -f ~/.bashrc ]; then
	. ~/.bashrc
fi

# User specific environment and startup programs

PATH=$PATH:$HOME/bin

export PATH
unset USERNAME

So the question remains where is it trying to move it
to.  I have no /tmp in the jail.  More output...

Are you sure you want to continue connecting (yes/no)?
Failed to add the host to the list of known hosts
(/var/lib/nxserver/home/.ssh/known_hosts).
bonanzaa at 127.0.0.1's password:
/etc/bashrc: line 8: id: command not found
/etc/bashrc: line 8: id: command not found
NX> 1000 NXNODE - Version 1.5.0-60 OS (GPL)
NX> 1004 Error: NX Agent exited with exit status 1.
NX> 596 Session startup failed.
NX> 105 NX> 1006 Session status: closed
/usr/libexec/nx/nxnode: line 137: rev: command not
found
/usr/libexec/nx/nxnode: line 137: rev: command not
found
mv: target
`/home/bonanzaa/.nx/F-C-expansion.oil-gas.ca-1003-C9EA5B257D14EFB9D13BC170DF121BD3/'
is not a directory: No such file or directory

Hmm I'm still not sure If my server knows who it is
yet.  All connections to the machine are port
forwarded so it better.  Seems to proceed without too
much trouble without that answered anyhow.  The last
error encountered was the shell looking for the rev
command which was not copied when making the jail. 
There may be a few of these...  So very important not
to look at what the client reports in detail window. 
I'll go ahead and add /usr/bin/rev to the jail now.

Then I try to connect again and get.
/etc/bashrc: line 8: id: command not found
/etc/bashrc: line 8: id: command not found
mv: target
`/home/bonanzaa/.nx/F-C-expansion.oil-gas.ca-1003-70ED1C18484000BE32F3D14952353347/'
is not a directory: No such file or directory

This looks like something I can add to the jail
/usr/bin/id 
Line 8 of my /etc/bashrc:  if [ $UID -gt 99 ] && [
"`id -gn`" = "`id -un`" ];
So mark another shell command freenx-knx freenx-server
needs to have in the basicshell or extendedshell.

Lets try another run and hopefully the dreaded
mv:target will go away soon or we will just copy
/usr/bin /bin /usr/sbin all to the jail and say the
hell with this.

Okay the last output read no errors but the session
still failed.  As a last resort I'll try and add the
nx user to the jail and or look over my groups.  In
the mean time I grabbed some putty and ssh'd into this
machine so I shouldn't see it complaining about known
hosts.

Funny though I get this when I terminate a session
that is running from a user that is not in the jail. 
Seems like part of node.conf suggesting
# This directive controls if the temporary session
directory
# ($HOME/.nx/C-<hostname>-<display>-<session_id>)
should be kept after a
# session has ended. A successfully terminated session
will be saved as
# T-C-<hostname>-<display>-<session_id> while a failed
session will be saved
# as F-C-<hostname>-<display>-<session_id>.
# The default is to cleanup the directories.
SESSION_LOG_CLEAN=0

mv: target
`/home/nonjailuser/.nx/T-C-expansion.foobar.at-1003-25DA12B0FDABED36E6D845A05C9DB4D3/'
is not a directory: No such file or directory

Okay either way I'm out of leads.  I'm going to throw
everything I have at it in the way of libraries and
executables to see if I can make it budge.  I'll go
ahead and add the nx user to the jail first though and
see if that makes a difference.

Well that resolved the Known Host problem.  Haven't
resorted to the mass executable copy over yet.  One
more thing to try and that is changing the shells by
hand for the jailed user.  Will try the popular
/bin/bash in and out routine.

Just like I knew it would it let me connect with the
jailed user into an insecure jail by removing the
/usr/sbin/jk_chrootsh from the unjailed side of the
equation.  I'll try changing more of the passwd shells
around.

Short of rewritting where nx starts again in
nxloadconfig I'll stop here for now.  If anyone else
has jailed freenx it would be a pleasure to know how.







      ____________________________________________________________________________________
Never miss a thing.  Make Yahoo your home page. 
http://www.yahoo.com/r/hs

More information about the FreeNX-kNX mailing list