[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Jailkit-users] SFTP Jail closes connection after login
From: |
FOUCHECOURT FREDERIC |
Subject: |
RE: [Jailkit-users] SFTP Jail closes connection after login |
Date: |
Mon, 12 Mar 2007 10:12:09 +0100 |
Hi,
I'am a newby user of the jailkit, so ...
I just see in the file /etc/jailkit/jk_init.ini that scp and sftp
section are described like this :
[scp]
comment = ssh secure copy
executables = /usr/bin/scp
includesections = netbasics, uidbasics
devices = /dev/urandom
[sftp]
comment = ssh secure ftp
executables = /usr/lib/sftp-server, /usr/libexec/openssh/sftp-server,
/usr/lib/misc/sftp-server
includesections = netbasics, uidbasics
devices = /dev/urandom
So, perhaps, it's better to add the symlink /dev/urandom in the
/home/jail/dev and not /dev/null ? (To be tested)
Regards, Fred
-----Original Message-----
From:
address@hidden
[mailto:address@hidden
gnu.org] On Behalf Of James McGowan
Sent: 12 March 2007 06:41
To: address@hidden
Subject: RE: [Jailkit-users] SFTP Jail closes connection after login
I added a symlink in /home/jail/dev to /dev/null and it works. I realize
this may present security issues, so I've since disabled it and will
patch from CVS. On behalf of 64-bit SuSE 9 users everywhere, thank you!
james
-----Original Message-----
From: address@hidden
[mailto:address@hidden On
Behalf Of Ari Karhu
Sent: Tuesday, March 06, 2007 3:48 AM
To: address@hidden
Subject: Re: [Jailkit-users] SFTP Jail closes connection after login
Hi,
Thanks for your reply! The /dev/null suggestion that was in the other
mail seems to taken care of my problem. I just created a /dev/null node
with enough permissions and now I can use both SFTP and SCP.
// Ari
Olivier Sessink wrote:
> Ari Karhu wrote:
>> Tried to read old mails, but I'm still not able to make the system
work.
>> Idea is to provide only sftp/scp access to a user. My os uses
>> syslog-ng for logging so I'm not using jk_socketd. The syslog-ng is
>> configured to create a /dev/log into the jail.
>>
>> The system log looks like this when logging in with sftp:
>> -----
>> Mar 5 16:25:01 crapbox sshd[7429]: Accepted keyboard-interactive/pam
>> for test from xxx.xxx.xxx.xxx port 57361 ssh2 Mar 5 16:25:01 crapbox
>> sshd(pam_unix)[7434]: session opened for user test by (uid=0) Mar 5
>> 16:25:01 crapbox sshd[7434]: subsystem request for sftp Mar 5
>> 16:25:01 crapbox jk_chrootsh[7435]: now entering jail /var/www/test
>> for user test (1001) Mar 5 14:25:01 crapbox jk_lsh[7435]: jk_lsh
>> version 2.3, started Mar 5 14:25:01 crapbox jk_lsh[7435]: executing
>> command '/usr/lib/misc/sftp-server' for user test (1001) Mar 5
>> 16:25:01 crapbox sshd(pam_unix)[7434]: session closed for user test
>
> this looks 100% good, it seems to be the sftp-server process that
> closes the connection.. If jk_lsh fails to execute sftp-server it
> would log something like "WARNING: running /usr/lib/misc/sftp-server
> failed for user test (1001): Permission denied", but it doesn't, so I
> assume sftp-server is started correctly.
>
> which sftp client are you using?
>
>> /var/www/test/etc/jailkit/jk_lsh.ini:
>> [test]
>> paths= /usr/bin, /usr/lib/misc
>> executables= /usr/bin/scp, /usr/lib/misc/sftp-server
>> allow_word_expansion = 0
>
> since you allow scp as well, can you copy files by scp to account
'test'?
>
> regards,
> Olivier
>
_______________________________________________
Jailkit-users mailing list
address@hidden
http://lists.nongnu.org/mailman/listinfo/jailkit-users