TransWikia.com

SSH automatically logging out

Super User Asked by Myranda Rose on December 3, 2021

I have spent hours and hours on a “simple and fun” task on an online learning platform (site):

  • [Bash] executes the commands in a variety of different scripts. When Bash is invoked as an interactive login shell, it first reads and executes /etc/profile from the file (if that file exists). After reading that file, it looks for ~/.bash_profile, ~/.bash_login, or ~/.profile (in that order), then reads and executes commands from the first readable one that exists.

    When a login shell exits, Bash reads and executes commands from the file ~/.bash_logout (if it exists). When an interactive shell that is not a login shell is started, Bash reads and executes commands from ~/.bashrc if that file exists. This may be inhibited by using the –norc option. The –rcfile file option will force Bash to read and execute commands from the specified file instead of ~/.bashrc.

    In some cases, system owners enforce security through these scripts. The corresponding exercise for this skill area will need you to understand what the script could be running and try to intercept in some fashion.


The server connects, then closes the connection stating:

  • Sorry to have to tell you but this server does not allow you to login
    
    You will now be automatically logged off.
    Server Admin Connection to <ip> closed by remote host.
    Connection to <ip> closed.
    

As far as I can tell, the following should work:

  • ssh hostname "bash --noprofile"
    
    ssh -t hostname "bash --noprofile"
    
    ssh -t hostname "bash --noprofile --norc"
    
    ssh user@hostname /bin/bash
    

    This logs me in, doesn’t kick me out, but doesn’t appear to have any kind of shell.
    I can type commands, but don’t see a reaction of any kind, nor do I have an option to see the server directly so can’t check what’s in the scripts.


With -vvv enabled, the ssh server gives the following output:

  • What am I missing? This task supposedly should take 30 minutes and I’ve had no luck
OpenSSH_7.6p1 Debian-2, OpenSSL 1.0.2m  2 Nov 2017

debug1: Reading configuration data "/etc/ssh/ssh_config"
debug1: "/etc/ssh/ssh_config" line 19: Applying options for *
debug2: resolving "<ip>" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to <ip> [<ip>] port 22.
debug1: Connection established. debug1: permanently_set_uid: 0/0
debug1: key_load_public: No such file or directory
debug1: identity file "/root/.ssh/id_rsa" type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file "/root/.ssh/id_dsa" type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file "/root/.ssh/id_ecdsa" type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file "/root/.ssh/id_ed25519" type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Debian-2
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.1
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to <ip> as 'user'
debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:4
debug3: load_hostkeys: loaded 1 keys from <ip>
debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos: 
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected]
debug2: compression stoc: none,[email protected]
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:6O6B8ub+hwfuf607NjA85cersGNi6MrV/+1XQtv5ovU
debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:4
debug3: load_hostkeys: loaded 1 keys from <ip>
debug1: Host '<ip>' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:4
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug2: key: "/root/.ssh/id_rsa" ((nil))
debug2: key: "/root/.ssh/id_dsa" ((nil))
debug2: key: "/root/.ssh/id_ecdsa" ((nil))
debug2: key: "/root/.ssh/id_ed25519" ((nil))
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: "/root/.ssh/id_rsa"
debug3: no such identity: "/root/.ssh/id_rsa": No such file or directory
debug1: Trying private key: "/root/.ssh/id_dsa"
debug3: no such identity: "/root/.ssh/id_dsa": No such file or directory
debug1: Trying private key: "/root/.ssh/id_ecdsa"
debug3: no such identity: "/root/.ssh/id_ecdsa": No such file or directory
debug1: Trying private key: "/root/.ssh/id_ed25519"
debug3: no such identity: "/root/.ssh/id_ed25519": No such file or directory
debug2: we did not send a packet, disable method 
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password user@<ip''s password:
debug3: send packet: type 50
debug2: we sent a password packet, wait for reply
debug3: receive packet: type 52
debug1: Authentication succeeded (password). Authenticated to <ip> ([<ip>]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Requesting [email protected]
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: network
debug3: receive packet: type 80
debug1: client_input_global_request: rtype [email protected] want_reply 0
debug3: receive packet: type 91
debug2: channel_input_open_confirmation: channel 0: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: ssh_packet_set_tos: set IP_TOS 0x08
debug2: client_session2_setup: id 0
debug1: Sending environment.
debug3: Ignored env LS_COLORS
debug3: Ignored env XDG_MENU_PREFIX
debug1: Sending env LANG = en_GB.UTF-8
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env GDM_LANG
debug3: Ignored env DISPLAY
debug3: Ignored env COLORTERM
debug3: Ignored env USERNAME
debug3: Ignored env XDG_VTNR
debug3: Ignored env SSH_AUTH_SOCK
debug3: Ignored env S_COLORS
debug3: Ignored env XDG_SESSION_ID
debug3: Ignored env USER
debug3: Ignored env DESKTOP_SESSION
debug3: Ignored env PWD
debug3: Ignored env HOME
debug3: Ignored env JOURNAL_STREAM
debug3: Ignored env SSH_AGENT_PID
debug3: Ignored env QT_ACCESSIBILITY
debug3: Ignored env XDG_SESSION_TYPE
debug3: Ignored env XDG_DATA_DIRS
debug3: Ignored env XDG_SESSION_DESKTOP
debug3: Ignored env GJS_debug_OUTPUT
debug3: Ignored env GTK_MODULES
debug3: Ignored env WINDOWPATH
debug3: Ignored env TERM
debug3: Ignored env SHELL
debug3: Ignored env VTE_VERSION
debug3: Ignored env XDG_CURRENT_DESKTOP
debug3: Ignored env GPG_AGENT_INFO
debug3: Ignored env SHLVL
debug3: Ignored env XDG_SEAT
debug3: Ignored env WINDOWID
debug3: Ignored env GDMSESSION
debug3: Ignored env GNOME_DESKTOP_SESSION_ID
debug3: Ignored env LOGNAME
debug3: Ignored env DBUS_SESSION_BUS_ADDRESS
debug3: Ignored env XDG_RUNTIME_DIR
debug3: Ignored env XAUTHORITY
debug3: Ignored env PATH
debug3: Ignored env GJS_debug_TOPICS
debug3: Ignored env SESSION_MANAGER
debug3: Ignored env _
debug3: Ignored env OLDPWD
debug1: Sending command: /bin/bash -vvv
debug2: channel 0: request exec confirm 1
debug3: send packet: type 98
debug2: channel_input_open_confirmation: channel 0: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel 0: rcvd adjust 2097152
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: exec request accepted on channel 0

2 Answers

This is an old post, but to answer what was probably wanted by the test lab was the -t flag.

Example:

ssh -t 'yoursitename' -l 'username'

This forces open the pseudo-terminal session. It looks like this was tried with the bash etc. but not just with the -t.

EDIT: This could also be done using -T to disable pseudo-terminal instead

Answered by Dpo9 on December 3, 2021

Could you maybe specify another shell at the ssh command, e.g. /bin/sh (depending on what is installed) instead of bash? From there try and call bash --norc --noprofile

Note, that by (debian-)default the /bin/sh is implemented by dash, which uses $HOME/.profile and /etc/profile. Also, by default it doesn't provide a prompt like $.

Answered by Paul w. Muad'dib on December 3, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP