Re: [Jailkit-users] sftp chroot - Connection Closed

From: Olivier Sessink
Subject: Re: [Jailkit-users] sftp chroot - Connection Closed
Date: Mon, 05 Jun 2006 14:06:38 +0200
Michael Groves wrote:
Oliver wrote:
the output of the command shows you whether jk_socketd is running. If you are not running it check the contents of
and if that seems correct start the daemon `jk_socketd`

As there was no output from running the command `ps ax|grep jk_socketd`
I assume jk_socketd is not running. I ran jk_socketd and nothing was
displayed. I ran ps ax|grep jk_socketd` and again nothing was diplayed.
My Jk_socketd.ini looks like this; is it correct?


if your jail is /home/jail and the directory /home/jail/dev exists this seems ok. what do the logs show about jk_socketd?

I tried sftp address@hidden again and still get 'Connection Closed'
But this time I have an entry in /var/log/warn
Linux jk_lsh[5534] : WARNING: user mike (1003) tried to run
'/usr/lib/ssh/sftp-server', which is not allowed according to

good, we have logging, so we can continue

My /etc/jailkit/jk_lsh.ini looks like this;

you mean the /home/jail/etc/jailkit/jk_lsh.ini ? if jk_lsh is running inside /home/jail its configfile is read in that jail.

[group users]
paths = /usr/bin
executables = /usr/bin/cvs
allow_word_expansion = 0
paths= /usr/bin, usr/lib
executables= /usr/bin/scp, /usr/lib/sftp-server
allow_word_expansion = 0
umask = 002

Having to manually type this I just noticed that there is no spaces
before some of the '=' signs in the user section, is this correct?

the space is not a problem. the problem is that /usr/lib/ssh/sftp-server is not listed in your /home/jail/etc/jailkit/jk_lsh.ini, and the log message tells you that the user tries to run it. Perhaps you need to add it, and that directory to jk_lsh.ini in the jail.


