tunnel reports chmod operation not permitted

[therocketgroup]

Version of Warden

0.13.1

Operating System and Installation Method

ubuntu 22

Image

panubo/sshd:1.1.0

warden svc

Describe the Bug

Starting SSHD

Found host keys in keys directory

Fingerprints for dsa host key
1024 MD5:fa:d9:64:2c:6c:19:e1:a3:b5:54:f9:e0:ec:8e:cc:38 root@c398647c1094 (DSA)
1024 SHA256:lSlVNq3uYoQSgBBz9Dlm1Y/WUX9p5Z5Xr7rZIkwzwfc root@c398647c1094 (DSA)
1024 SHA512:39lso0mf6F1cTnbn7YwdS9jPixcu3r/kPstJAxT8VEKKixQwlX5O3Kx54Uh4CZgs3wWVrBEZQZYj6CkEgfEN/A root@c398647c1094 (DSA)
Fingerprints for rsa host key
3072 MD5:91:3e:49:62:f2:7b:d2:b9:db:d1:c7:4a:14:36:6c:85 root@c398647c1094 (RSA)
3072 SHA256:+m+WixpWN0Pf5e3/9hEg5JN0DkBfyriXh04IG907OkQ root@c398647c1094 (RSA)
3072 SHA512:vvQxj46HBKjhHykclgM+0YphxYUwBt3XRxdvQ61kyWoDtgHu3a0cQFw9fq5Z3+fNneNtal4LOMFKaRLJKUEeRg root@c398647c1094 (RSA)
Fingerprints for ecdsa host key
256 MD5:80:4b:07:07:53:0f:30:db:30:0b:a0:9a:25:f2:e1:81 root@c398647c1094 (ECDSA)
256 SHA256:8wCMyi5W+D8WMf8Xxwx483Y0cq2S59l1c5whzc2rBpw root@c398647c1094 (ECDSA)
256 SHA512:X5mf6ZYans1k2T5Z5vnCeXDLvOhg0J24/riBpqiRLMhm4BcYrhjA3pIVe9pGOjWOPCz5In0XK4lMXwaIK38zMw root@c398647c1094 (ECDSA)
Fingerprints for ed25519 host key
256 MD5:69:1c:6c:97:50:ec:2f:40:08:19:a2:52:df:8f:e1:dc root@c398647c1094 (ED25519)
256 SHA256:5IccUhTO2C+prscoNI3Ow55kRhHr5dwPWmNaFAyoZB0 root@c398647c1094 (ED25519)
256 SHA512:NCR+GC6xsyrmEov43Kx88eOWeZcmLyyWtiQuGTu0AwWl5z+VCzaToCD2LV+vQ7iXZAeIuAvWpcd5bpZ2pjiTTg root@c398647c1094 (ED25519)
chmod: /etc/authorized_keys/user: Operation not permitted

To Reproduce

1. Go to 'warden svc up'

[

Expected Behavior

No response

Additional context

No response

[therocketgroup]

what intrigues me the most is that the panubo image is not in the docker hub images in the official repository

[navarr]

@therocketgroup That would be https://hub.docker.com/r/panubo/sshd

[therocketgroup]

Yes @navarr

[therocketgroup]

The authenticity of host '[127.0.0.1]:2222 ([127.0.0.1]:2222)' can't be established.
ED25519 key fingerprint is SHA256:s4g009T7f75zZtRPXQ/O9DjIbXLIc7/inieDSQ+cfsc.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[127.0.0.1]:2222' (ED25519) to the list of known hosts.
user@127.0.0.1: Permission denied (publickey,keyboard-interactive).

[therocketgroup]

@navarr very strange because it creates a directory with the same name as the public key making it impossible to connect to the tunnel

[therocketgroup]

Adding user user with uid: 2000, gid: 2000.
2023-04-19 10:24:24 INFO: root account is now locked by default. Set SSH_ENABLE_ROOT to unlock the account.
2023-04-19 10:24:24 INFO: password authentication is disabled by default. Set SSH_ENABLE_PASSWORD_AUTH=true to enable.
2023-04-19 10:24:24 Running /usr/sbin/sshd -D -e -f /etc/ssh/sshd_config
2023-04-19 09:44:50 Server listening on 0.0.0.0 port 22.
2023-04-19 09:44:50 Server listening on :: port 22.
2023-04-19 10:05:47 Connection closed by 172.19.0.1 port 53272 [preauth]
2023-04-19 10:06:11 User user authorized keys /etc/authorized_keys/user is not a regular file
2023-04-19 10:06:11 User user authorized keys /etc/authorized_keys/user is not a regular file
2023-04-19 10:06:11 Connection closed by authenticating user user 172.19.0.1 port 49326 [preauth]
2023-04-19 10:22:34 User user authorized keys /etc/authorized_keys/user is not a regular file
2023-04-19 10:22:34 User user authorized keys /etc/authorized_keys/user is not a regular file
2023-04-19 10:22:34 Connection closed by authenticating user user 172.19.0.1 port 59746 [preauth]
2023-04-19 10:23:11 User user authorized keys /etc/authorized_keys/user is not a regular file
2023-04-19 10:23:11 User user authorized keys /etc/authorized_keys/user is not a regular file
2023-04-19 10:23:11 Connection closed by authenticating user user 172.19.0.1 port 33290 [preauth]
2023-04-19 10:24:10 Received signal 15; terminating.
2023-04-19 10:24:24 Server listening on 0.0.0.0 port 22.
2023-04-19 10:24:24 Server listening on :: port 22.
2023-04-19 10:24:27 kex_exchange_identification: client sent invalid protocol identifier "GET / HTTP/1.1"
2023-04-19 10:24:28 kex_exchange_identification: client sent invalid protocol identifier "GET / HTTP/1.1"
2023-04-19 10:24:32 kex_exchange_identification: client sent invalid protocol identifier "GET / HTTP/1.1"
2023-04-19 10:24:37 kex_exchange_identification: client sent invalid protocol identifier "GET / HTTP/1.1"
2023-04-19 10:25:08 kex_exchange_identification: client sent invalid protocol identifier "GET / HTTP/1.1"

[tiagosampaio]

I'm going through the same problem here. Any solutions or suspicions about it?

tunnel  | > Starting SSHD
tunnel  | >> Found host keys in keys directory
tunnel  | >>> Fingerprints for rsa host key
tunnel  | 3072 MD5:b8:7f:3a:bf:7f:bd:ba:04:10:7d:9b:55:8b:75:15:59 root@f4902c000f6e (RSA)
tunnel  | 3072 SHA256:FnMA9o+qol6lokoyB6QlSM+3OYhbEUXtf1TcK5GL5i4 root@f4902c000f6e (RSA)
tunnel  | 3072 SHA512:3Xamu8iN6cfBRoSr1FifXINsU2zl9qmvLFHAggQnO3AydHiUnq2Myz4Zrkhz2xkjStilbB3jcav/XWavqj346g root@f4902c000f6e (RSA)
tunnel  | >>> Fingerprints for ecdsa host key
tunnel  | 256 MD5:7d:19:0a:39:1f:8f:89:d9:8a:8e:2d:49:1f:0a:d5:49 root@f4902c000f6e (ECDSA)
tunnel  | 256 SHA256:Ri573nieCoiA+dexXq+jXvuGCX9KE3N3d9XX30Qndtc root@f4902c000f6e (ECDSA)
tunnel  | 256 SHA512:3Via2+Xan/tOFDWtaLMfDfPd0cs6pik2CxdFw0TubOQ011r7gOrMHPcHg0ZRyShUCKayUShNPqEAU2L91truaw root@f4902c000f6e (ECDSA)
tunnel  | >>> Fingerprints for ed25519 host key
tunnel  | 256 MD5:5b:47:2d:34:e6:54:b3:1b:ed:fa:56:cf:fc:a3:da:50 root@f4902c000f6e (ED25519)
tunnel  | 256 SHA256:1/uC4NDsJfHhFX386Mvgx6pHOQhyHICiAYxvmJbSKaA root@f4902c000f6e (ED25519)
tunnel  | 256 SHA512:lXberaxcJulDBbrHwQMjVqv+UrhaVa4yP38sbRZzznuF1CnS5hyrQtCV5OO2ABvdJFeGPtLCjGWQR35oK/1tSw root@f4902c000f6e (ED25519)
tunnel  | chmod: /etc/authorized_keys/user: Permission denied