linux – 无法使用Synology NAS上的 binbash shell通过SSH登录任何帐户

概述我正在尝试将bash安装为在嵌入式设备(Synology DS212 NAS)上运行的ARM Linux上的默认shell.但是有些事情确实存在问题,我无法弄清楚它是什么. 症状： 1)Root有/ bin / bash作为默认shell,可以通过SSH正常登录： $grep root /etc/passwdroot:x:0:0:root:/root:/bin/bash$ssh root@N 我正在尝试将bash安装为在嵌入式设备(Synology DS212 NAS)上运行的ARM Linux上的默认shell.但是有些事情确实存在问题,我无法弄清楚它是什么.

症状：

1)Root有/ bin / bash作为默认shell,可以通过SSH正常登录：

$grep root /etc/passwdroot:x:0:0:root:/root:/bin/bash$ssh root@NASroot@NAS's password:Last login: Sun Dec 16 14:06:56 2012 from desktop#

2)joeuser将/ bin / bash作为默认shell,并在尝试通过SSH登录时收到“权限被拒绝”：

$grep joeuser /etc/passwdjoeuser:x:1029:100:Joe User:/home/joeuser:/bin/bash$ssh joeuser@localhostjoeuser@NAS's password:Last login: Sun Dec 16 14:07:22 2012 from desktopPermission denIEd,please try again.Connection to localhost closed.

3)将joeuser的shell更改回/ bin / sh：

$grep joeuser /etc/passwdjoeuser:x:1029:100:Joe User:/home/joeuser:/bin/sh$ssh joeuser@localhostLast login: Sun Dec 16 15:50:52 2012 from localhost$

为了让事情变得更奇怪,我可以使用串行控制台(！)使用/ bin / bash以joeuser身份登录.另外一个su – joeuser作为root工作正常,所以bash二进制文件本身工作正常.

在绝望的行为中,我在/ etc / passwd上将joeuser的uID更改为0,但也没有工作,因此它似乎与某些权限无关.

似乎bash正在做一些sshd不喜欢的额外检查,并阻止非root用户的连接.也许某种健全性检查 – 或终端仿真 – 触发SIGCHLD,但仅在通过ssh调用时.

我已经浏览了sshd_config上的每个项目,并且还将SSHD置于调试模式,但没有发现任何奇怪的内容.这是我的/ etc / ssh / sshd_config：

LogLevel DEBUGLoginGraceTime 2mPermitRootLogin yesRSAAuthentication yesPubkeyAuthentication yesAuthorizedKeysfile      %h/.ssh/authorized_keysChallengeResponseAuthentication noUsePAM yesAllowTcpForwarding noChrootDirectory noneSubsystem       sftp    internal-sftp -f DAEMON -u 000

这是来自/usr/syno / sbin / sshd -d的输出,显示了joeuser尝试登录失败的尝试,使用/ bin / bash作为shell：

deBUG1: Config token is logleveldeBUG1: Config token is logingracetimedeBUG1: Config token is permitrootlogindeBUG1: Config token is rsaauthenticationdeBUG1: Config token is pubkeyauthenticationdeBUG1: Config token is authorizedkeysfiledeBUG1: Config token is challengeresponseauthenticationdeBUG1: Config token is usepamdeBUG1: Config token is allowtcpforwardingdeBUG1: Config token is chrootdirectorydeBUG1: Config token is subsystemdeBUG1: HPN Buffer Size: 87380deBUG1: sshd version OpenSSH_5.8p1-hpn13v11deBUG1: read PEM private key done: type RSAdeBUG1: private host key: #0 type 1 RSAdeBUG1: read PEM private key done: type DSAdeBUG1: private host key: #1 type 2 DSAdeBUG1: read PEM private key done: type ECDSAdeBUG1: private host key: #2 type 3 ECDSAdeBUG1: rexec_argv[0]='/usr/syno/sbin/sshd'deBUG1: rexec_argv[1]='-d'Set /proc/self/oom_adj from 0 to -17deBUG1: Bind to port 22 on ::.deBUG1: Server TCP RWIN socket size: 87380deBUG1: HPN Buffer Size: 87380Server Listening on :: port 22.deBUG1: Bind to port 22 on 0.0.0.0.deBUG1: Server TCP RWIN socket size: 87380deBUG1: HPN Buffer Size: 87380Server Listening on 0.0.0.0 port 22.deBUG1: Server will not fork when running in deBUGging mode.deBUG1: rexec start in 6 out 6 newsock 6 pipe -1 sock 9deBUG1: inetd sockets after dupPing: 4,4Connection from 127.0.0.1 port 52212deBUG1: HPN Disabled: 0,HPN Buffer Size: 87380deBUG1: ClIEnt protocol version 2.0; clIEnt software version OpenSSH_5.8p1-hpn13v11SSH: Server;Ltype: Version;Remote: 127.0.0.1-52212;Protocol: 2.0;ClIEnt: OpenSSH_5.8p1-hpn13v11deBUG1: match: OpenSSH_5.8p1-hpn13v11 pat OpenSSH*deBUG1: Enabling compatibility mode for protocol 2.0deBUG1: Local version string SSH-2.0-OpenSSH_5.8p1-hpn13v11deBUG1: permanently_set_uID: 1024/100deBUG1: MYFLAG IS 1deBUG1: List_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256deBUG1: SSH2_MSG_KEXINIT sentdeBUG1: SSH2_MSG_KEXINIT receiveddeBUG1: AUTH STATE IS 0deBUG1: REQUESTED ENC.name is 'aes128-ctr'deBUG1: kex: clIEnt->server aes128-ctr hmac-md5 noneSSH: Server;Ltype: Kex;Remote: 127.0.0.1-52212;Enc: aes128-ctr;MAC: hmac-md5;Comp: nonedeBUG1: REQUESTED ENC.name is 'aes128-ctr'deBUG1: kex: server->clIEnt aes128-ctr hmac-md5 nonedeBUG1: expecting SSH2_MSG_KEX_ECDH_INITdeBUG1: SSH2_MSG_NEWKEYS sentdeBUG1: expecting SSH2_MSG_NEWKEYSdeBUG1: SSH2_MSG_NEWKEYS receiveddeBUG1: KEX donedeBUG1: userauth-request for user joeuser service ssh-connection method noneSSH: Server;Ltype: Authname;Remote: 127.0.0.1-52212;name: joeuserdeBUG1: attempt 0 failures 0deBUG1: Config token is logleveldeBUG1: Config token is logingracetimedeBUG1: Config token is permitrootlogindeBUG1: Config token is rsaauthenticationdeBUG1: Config token is pubkeyauthenticationdeBUG1: Config token is authorizedkeysfiledeBUG1: Config token is challengeresponseauthenticationdeBUG1: Config token is usepamdeBUG1: Config token is allowtcpforwardingdeBUG1: Config token is chrootdirectorydeBUG1: Config token is subsystemdeBUG1: PAM: initializing for "joeuser"deBUG1: PAM: setting PAM_RHOST to "localhost"deBUG1: PAM: setting PAM_TTY to "ssh"deBUG1: userauth-request for user joeuser service ssh-connection method passworddeBUG1: attempt 1 failures 0deBUG1: do_pam_account: calledAccepted password for joeuser from 127.0.0.1 port 52212 ssh2deBUG1: monitor_child_preauth: joeuser has been authenticated by privileged processdeBUG1: PAM: establishing credentialsUser child is on pID 9129deBUG1: Entering interactive session for SSH2.deBUG1: server_init_dispatch_20deBUG1: server_input_channel_open: ctype session rchan 0 win 65536 max 16384deBUG1: input_session_requestdeBUG1: channel 0: new [server-session]deBUG1: session_new: session 0deBUG1: session_open: channel 0deBUG1: session_open: session 0: link with channel 0deBUG1: server_input_channel_open: confirm sessiondeBUG1: server_input_global_request: rtype [email protected] want_reply 0deBUG1: server_input_channel_req: channel 0 request pty-req reply 1deBUG1: session_by_channel: session 0 channel 0deBUG1: session_input_channel_req: session 0 req pty-reqdeBUG1: Allocating pty.deBUG1: session_new: session 0deBUG1: session_pty_req: session 0 alloc /dev/pts/1deBUG1: server_input_channel_req: channel 0 request shell reply 1deBUG1: session_by_channel: session 0 channel 0deBUG1: session_input_channel_req: session 0 req shelldeBUG1: Setting controlling tty using TIOCSCTTY.deBUG1: Received SIGCHLD.deBUG1: session_by_pID: pID 9130deBUG1: session_exit_message: session 0 channel 0 pID 9130deBUG1: session_exit_message: release channel 0deBUG1: session_by_tty: session 0 tty /dev/pts/1deBUG1: session_pty_cleanup: session 0 release /dev/pts/1Received disconnect from 127.0.0.1: 11: disconnected by userdeBUG1: do_cleanupdeBUG1: do_cleanupdeBUG1: PAM: cleanupdeBUG1: PAM: closing sessiondeBUG1: PAM: deleting credentials

在这里你有full output of sshd -dd,together with ssh -vv.

击：

# bash --versionGNU bash,version 3.2.49(1)-release (arm-none-linux-gnueabi)copyright (C) 2007 Free Software Foundation,Inc.

bash二进制文件是从源代码交叉编译的.我也试过使用Optware distribution的预编译二进制文件,但是遇到了完全相同的问题.我使用objdump -x检查了缺少的共享库,但它们都在那里.

任何想法可能导致这个“权限被拒绝,请再试一次.”？我几乎潜入了bash源代码进行调查,但试图避免数小时追逐可能是愚蠢的事情.

编辑：添加有关bash和系统的更多信息

$ls -la /bin/bash-rwxr-xr-x    1 root     root        724676 Dec 15 23:57 /bin/bash$ file /bin/bash/bin/bash: ELF 32-bit LSB executable,ARM,version 1 (SYSV),dynamically linked (uses shared libs),for GNU/linux 2.6.14,stripped$ uname -alinux NAS 2.6.32.12 #2661 Mon Nov 12 23:10:15 CST 2012 armv5tel GNU/linux synology_88f6282_212+$grep bash /etc/shells/bin/bash/bin/bash2

解决方法 供将来参考：经过太多时间研究和调试这个问题,我终于找到了根本原因.

Synology使用的OpenSSH版本是一个高度定制的版本,其行为与原始代码不同.它有很多Hacks和ad-hoc自定义 – 例如,在接受登录之前进行额外检查以查看是否在Web界面中启用了SSH服务,或者从rsync命令中剥离特殊字符(;,|,’),或者..等待它…避免普通用户使用不同于/ bin / sh或/ bin / ash的shell.是的,在二进制文件中硬编码.

这是OpenSSH 5.8p1的代码片段,由Synology在其源代码(DSM4.1 – branch 2636)上分发,文件session.c：

voID do_child(Session *s,const char *command){...#ifdef MY_ABC_HERE   char szValue[8];   int RunSSH = 0;   SSH_CMD SSHCmd = REQ_UNKNowN;   if (1 == Getkeyvalue("/etc/synoinfo.conf","runssh",szValue,sizeof(szValue))) {           if (strcasecmp(szValue,"yes") == 0) {                   RunSSH = 1;           }   }   if (IsSFTPReq(command)){           SSHCmd = REQ_SFTP;   } else if (IsRsyncReq(command)){           SSHCmd = REQ_RSYNC;   } else if (IsTimebkpRequest(command)){           SSHCmd = REQ_TIMEBKP;   } else if (RunSSH && IsAllowShell(pw)){           SSHCmd = REQ_SHELL;   } else {           goto Err;   }   if (REQ_RSYNC == SSHCmd) {           pw = SYNOChgValForRsync(pw);   }   if (!SSHCanLogin(SSHCmd,pw)) {           goto Err;   }   goto Pass; Err:   fprintf(stderr,"Permission denIEd,please try again.\n");   exit(1); Pass:   #endif /* MY_ABC_HERE */...}

可以想象,IsAllowShell(pw)是罪魁祸首：

static int IsAllowShell(const struct passwd *pw){     struct passwd *pUnPrivilege = NulL;     char *szUsername = NulL;     if (!pw || !pw->pw_name) {             return 0;     }     szUsername = pw->pw_name;     if(!strcmp(szUsername,"root") || !strcmp(szUsername,"admin")){             return 1;     }     if (NulL != (pUnPrivilege = getpwnam(szUsername))){             if (!strcmp(pUnPrivilege->pw_shell,"/bin/sh") ||                      !strcmp(pUnPrivilege->pw_shell,"/bin/ash")) {                     return 1;             }     }     return 0;}

难怪我为什么会遇到这种奇怪的行为.对于不同于root或admin的用户,只接受shells / bin / sh和/ bin / ash.这不管是什么uID(我测试过也使joeuser uID = 0,它没有用.现在很明显为什么).

确定原因后,修复很简单：只需删除对IsAllowShell()的调用即可.我花了一些时间来获得正确的配置来交叉编译openssh及其所有依赖项,但最终它运行良好.

如果有人有兴趣做同样的事情(或尝试交叉编译Synology的其他内核模块或二进制文件),here’s my version of Makefile.它已经过OpenSSH-5.8p1 source测试,适用于运行Marvell Kirkwood mv6281 / mv6282 @R_419_6947@(如DS212)的模型.我使用了运行Ubuntu 12.10 x64的主机.

底线：糟糕的做法,可怕的代码,以及不做的事情的一个很好的例子.我理解有时OEM需要开发特殊的自定义,但是在挖掘太深之前他们应该三思而后行.这不仅会导致代码无法维护,还会产生各种不可预见的问题.值得庆幸的是,GPL的存在是为了让他们诚实 – 并且开放.

总结

以上是内存溢出为你收集整理的linux – 无法使用Synology NAS上的/ bin / bash shell通过SSH登录任何帐户全部内容，希望文章能够帮你解决linux – 无法使用Synology NAS上的/ bin / bash shell通过SSH登录任何帐户所遇到的程序开发问题。

如果觉得内存溢出网站内容还不错，欢迎将内存溢出网站推荐给程序员好友。