Hi,
Not sure if this will help, but did you run this:
http://olivier.sessink.nl/jailkit/jk_update.8.html
This will refresh the changed files in the jail with ones from the Operating System.
Thanks,
Rich
On 21/07/2015 14:04, address@hidden wrote:
I've just upgraded one of my servers from SUSE Enterprise Linux 11 to SUSE Enterprise Linux 12. Prior to the upgrade Jailkit 2.16 was used to jail sftp and scp for many users. After the upgrade immediate disconnects result when these users use sftp or scp. I've upgraded to Jailkit 2.17 with no change.
I've verified and made changes to the paths in jk_init.ini. My path setting within this file is as follows: paths = /lib/libnsl.so.1, /lib64/libnsl.so.1, /lib/libnss*.so.2, /lib64/libnss*.so.2, /etc/nsswitch.conf, /etc/ld.so.conf
Within the sftp section I've set paths to: paths = /usr/lib/ssh/sftp-server, /usr/bin/scp
Within jk_lsh.ini I have the following: [group students] paths=/usr/bin, /usr/lib, /usr/lib/ssh, /bin, /lib, /lib64 executables=/usr/lib/ssh/sftp-server, /usr/bin/scp, /bin/bash
I've made these changes to /etc/jailkit/jk_lsh.ini and then copied this file to /jail/etc/jailkit.
Testing from the user bd0001 I encounter an immediate connection drop upon SFTP login and the following in the logs: 2015-07-21T08:36:00.911649-04:00 cis sshd[25553]: Accepted keyboard-interactive/pam for bd0001 from 10.1.1.10 port 56519 ssh2 2015-07-21T08:36:00.943868-04:00 cis jk_chrootsh[25559]: now entering jail /jail for user bd0001 (1002) with arguments -c /usr/lib/ssh/sftp-server 2015-07-21T08:36:00.945249-04:00 cis jk_lsh[25559]: jk_lsh version 2.17, started 2015-07-21T08:36:00.946093-04:00 cis jk_lsh[25559]: executing command '/usr/lib/ssh/sftp-server' for user bd0001 (1002) 2015-07-21T08:36:00.951347-04:00 cis sshd[25558]: Received disconnect from 10.1.1.10: 11: disconnected by user
The account looks ok. Within /etc/passwd: bd0001:x:1002:1001::/jail/./home/bd0001:/usr/sbin/jk_chrootsh
Within /etc/group: students:!:1001:
Within /jail/etc/passwd: bd0001:x:1002:1001::/home/bd0001:/usr/sbin/jk_lsh
I've tried adding additional paths which may be required for sftp-server. Using ldd /usr/lib/ssh/sftp-server I found the following: linux-vdso.so.1 (0x00007ffcf99e2000) libcrypto.so.1.0.0 => /lib64/libcrypto.so.1.0.0 (0x00007fc9d8e41000) libc.so.6 => /lib64/libc.so.6 (0x00007fc9d8a99000) libdl.so.2 => /lib64/libdl.so.2 (0x00007fc9d8895000) libz.so.1 => /lib64/libz.so.1 (0x00007fc9d867f000) /lib64/ld-linux-x86-64.so.2 (0x00007fc9d944b000) I've done the same for bash (ldd /bin/bash) linux-vdso.so.1 (0x00007ffca75a0000) libreadline.so.6 => /lib64/libreadline.so.6 (0x00007f987036e000) libtinfo.so.5 => (0x00007f987013a000) libdl.so.2 => /lib64/libdl.so.2 (0x00007f986ff36000) libc.so.6 => /lib64/libc.so.6 (0x00007f986fb8e000) /lib64/ld-linux-x86-64.so.2 (0x00007f98705b6000) My new path within jk_init.ini is: paths = /bin/bash, /lib/libnsl.so.1, /lib64/libnsl.so.1, /lib/libnss*.so.2, /lib64/libnss*.so.2, /etc/nsswitch.conf, /etc/ld.so.conf, /lib64/libcrypto.so.1.0.0, /lib64/libc.so.6, /lib64/libdl.so.2, /lib64/libz.so.1, /lib64/ld-linux-x86-64.so.2, /lib64/libreadline.so.6, /lib64/libtinfo.so.5
The problem still persists.
Within /jail/etc/password I changed the shell to /bin/bash for this user. Same problem.
Executing "jk_init -v -j /jail sftp scp" and "jk_init -v -j /jail jk_lsh" shows no errors (only messages stating files already exist).
Attempting to jail the user again results in the following: jk_jailuser -v -j /jail bd0001 user bd0001 already exists in /jail/etc/passwd user bd0001 has a correct home directory and shell already
Am I missing something obvious?
Thanks, Bob
_______________________________________________
Jailkit-users mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/jailkit-users
|