[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Jailkit-users] SuSE problem
|
From: |
Steve Follmer |
|
Subject: |
Re: [Jailkit-users] SuSE problem |
|
Date: |
Tue, 05 Jun 2007 13:32:30 +0800 |
|
User-agent: |
Thunderbird 2.0.0.0 (X11/20070418) |
I tried the suggestion and here is my new situation.
It just closes the session with no explanation:
sftp address@hidden
Connecting to localhost...
Password:
Connection closed
Nothing in /var/log/warn, this is in /var/log/messages:
Jun 5 13:07:11 suse sshd[8030]: Accepted keyboard-interactive/pam for
test from 127.0.0.1 port 59060 ssh2
Jun 5 13:07:11 suse sshd[8036]: subsystem request for sftp
Jun 5 13:07:11 suse jk_chrootsh[8037]: now entering jail /home/sftp for
user test (1005)
Jun 5 05:07:11 suse jk_lsh[8037]: jk_lsh version 2.3, started
Jun 5 05:07:11 suse jk_lsh[8037]: executing command
'/usr/lib/ssh/sftp-server' for user test (1005)
I tried this, but the trace file is empty...
ps axu | grep sshd | grep test
root 8079 0.0 0.1 7856 2492 ? Ss 13:13 0:00 sshd:
test [priv]
sshd 8083 0.0 0.0 7196 1344 ? S 13:13 0:00 sshd:
test [net]
root 8084 0.0 0.0 7988 1692 ? S 13:13 0:00 sshd:
test [pam]
# strace -p 8083 -ff -e trace=file -o t2
Process 8083 attached - interrupt to quit
Process 8083 detached
If you can suggest any further steps I can take I'd sure appreciate it.
--------
Some background:
I started over and created a new jail (though the old one has the same
behavior).
I changed /etc/jailkit/jk_init.ini (the line executables =):
[sftp]
comment = ssh secure ftp
executables = /usr/lib/ssh/sftp-server
includesections = netbasics, uidbasics
devices = /dev/urandom
Then I followed these instructions from the man page:
#initialise the jail
mkdir /home/sftproot
jk_init /home/sftproot jk_lsh
jk_init /home/sftproot sftp
jk_init /home/sftproot scp
# create the account
jk_addjailuser /home/sftproot test
# edit the jk_lsh configfile in the jail, see man jk_lsh
# you can use every editor you want, I chose 'joe'
joe /home/sftproot/etc/jailkit/jk_lsh.ini
# now restart jk_socketd
killall jk_socketd
jk_socketd
# test the account
sftp address@hidden
# check the logs if everything is correct
tail /var/log/daemon.log /var/log/auth.log
One minor issue, those log files don't exist anywhere on SuSE 10.2
(after updatedb). Also, after doing the above there was no
/home/sftp/home/test directory. So I created that as follows:
drwxr-xr-x 2 test users 4096 2007-06-05 12:53 test
/home/sftp/etc/jailkit/jk_lsh.ini now reads...
[test]
paths= /usr/bin, /usr/lib/ssh
executables= /usr/bin/scp, /usr/lib/ssh/sftp-server
allow_word_expansion = 0
umask = 002
Then I killed and restarted jk_socketd
>
> well, according to these logs you need to copy /usr/lib/ssh/sftp-server
> into the jail
> `jk_cp -v /home/sftpdom /usr/lib/ssh/sftp-server`
> and you need to edit /home/sftpdom/etc/jailkit/jk_lsh.ini so your user
> djdh is allowed to run this executable.
>
> (the /etc/jailkit/jk_init.ini has defaults for Ubuntu/Debian, but the
> file needs some changes for suse)
>
> regards,
> Olivier
>
- [Jailkit-users] SuSE problem, Steve Follmer, 2007/06/04
- Re: [Jailkit-users] SuSE problem, Olivier Sessink, 2007/06/04
- Re: [Jailkit-users] SuSE problem,
Steve Follmer <=
- Re: [Jailkit-users] SuSE problem, Steve Follmer, 2007/06/05
- Re: [Jailkit-users] SuSE problem, Olivier Sessink, 2007/06/05
- Re: [Jailkit-users] SuSE problem, Steve Follmer, 2007/06/05
- Re: [Jailkit-users] SuSE problem, Olivier Sessink, 2007/06/05
- Re: [Jailkit-users] SuSE problem, Steve Follmer, 2007/06/05
- Re: [Jailkit-users] SuSE problem, Olivier Sessink, 2007/06/06
- Re: [Jailkit-users] SuSE problem, Steve Follmer, 2007/06/06
- Re: [Jailkit-users] SuSE problem, Olivier Sessink, 2007/06/06
- Re: [Jailkit-users] SuSE problem, Steve Follmer, 2007/06/06
- [Jailkit-users] SuSE QA, Steve Follmer, 2007/06/07