|
From: | Olivier Sessink |
Subject: | Re: [Jailkit-users] Newbie - Password Change |
Date: | Fri, 08 Aug 2008 17:29:36 +0200 |
User-agent: | Thunderbird 2.0.0.16 (X11/20080724) |
David Harper wrote:
I'm new to jailing a user so forgive the ignorance. I recently attempted to jail a user (sftp/scp) on my Ubuntu 8.04 system. I am able to get to the point of entering the password using WinSCP, so the connection to my box is working. When I enter the password it states that the login is incorrect. I have verified that the user is identified in the sshd_config file, I changed the password as root and ran jk_update, but still unable to login.
the password is in /etc/shadow, it is not inside your jail, so there is no need to run jk_update after a password change.
I deleted the entire jail and user, then reinstalled. This time it states (in WinSCP) that sftp-server is not running on the host. I verfied that it was running by logging in as a normal ssh user.
The sftp-server was probably available on your normal system, but perhaps not inside the chroot jail.
I also got errors during the jk_init process that some of the sftp-server files did not exist. On my system sftp-server only resides in the /usr/lib/sftp-server and openssh/sft-server and not in the /usr/libexe directory (spelling maybe in correct as I'm not on my system to verify now). I'm not sure if this is the issue?
the provided /etc/jailkit/jk_init.ini is only an example file, depending on your system you can modify it. Just make sure that the right location of your sftp-server is in there.
My end goal is to have a jail to allow someone to use WinSCP or cmdline scp to my box. The user will only need the capability to up/download data to that directory. Any assistance is greatly appreciated.
Can you post the log messages from jailkit? `grep jk_ /var/log*` probably does the trick. Do you have logging inside the jail? (syslog or jk_socketd?)
regards, Olivier
[Prev in Thread] | Current Thread | [Next in Thread] |