RE: [Jailkit-users] help , Keith

jailkit-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Jailkit-users] help , Keith

From:	RodgerK
Subject:	RE: [Jailkit-users] help , Keith
Date:	Wed, 13 Sep 2006 13:57:05 -0400

Olivier;
I change home jail passwd back to jk_lsh for user mike, and added
/usr/libexec/openssh/sftp-server as an executable in both
/etc/jailkit/jk_lsh.ini and /home/jail/etc/jailkit/jk_lsh.ini thinking
that might work but I get: I've included my jk_lsh.ini files

session opened for user mike by (uid=0)
Sep 13 11:51:16 fpsft jk_chrootsh[7746]: now entering jail /home/jail
for user mike (500)
Sep 13 15:51:16 fpsft jk_lsh[7746]: jk_lsh version 2.1, started
Sep 13 15:51:16 fpsft jk_lsh[7746]: WARNING: user mike (500) tried to
run '/usr/libexec/openssh/sftp-server', which is not allowed according
to /etc/jailkit/jk_lsh.ini
Sep 13 11:51:16 fpsft sshd(pam_unix)[7745]: session closed for user mike

/etc/jailkit/jk_lsh.ini:
## example for a user
[mike]
paths= /usr/lib/ /usr/bin /usr/sbin
executables= /usr/sbin/jk_lsh /usr/bin/scp /usr/bin/ssh
/usr/libexec/openssh/sftp-server
#allow_word_expansion = 0
#umask = 002
#
##example for a group, there should be only 1 space inbetween the words!
#[group users]
#paths = /usr/bin
#executables = /usr/bin/cvs
#allow_word_expansion = 0
#environment= HELIX_PATH=/opt/RealPlayer/, TMP=/tmp/

/home/jail/etc/jailkit/jk_lsh is the same....

Thanks for all your help Keith....

Ps whether or not you use a leading "/" it just adds or not the slash in
var/log/messages

-----Original Message-----
From: address@hidden
[mailto:address@hidden On Behalf Of
Olivier Sessink
Sent: Wednesday, September 13, 2006 12:57 PM
To: address@hidden
Subject: Re: [Jailkit-users] help , Keith

address@hidden wrote:
> I thought that your jk_lsh was like an alternative shell. What I want
is
> outside users to be able to scp, sftp, or login in to their jailed
> directories on this box in our dmz and not see anything but their home
> dirs. You are correct, I was doing 
> Ssh address@hidden, I don't get why this is not ok, And I've been
> Doing **ix for 20 years so by interactive shells you just mean sh ksh
> bash etc?, I've never actually called them interactive, but if I think
> about it I guess they are interactive. What am I missing?

try the man page for jk_lsh, it is designed for users that don't need a
shell, but do need scp/sftp/rsync etc. which are often tunneled over a
secure shell connection.

regards,
        Olivier


_______________________________________________
Jailkit-users mailing list
address@hidden
http://lists.nongnu.org/mailman/listinfo/jailkit-users

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Jailkit-users] help , Keith, (continued)
- RE: [Jailkit-users] help , Keith, RodgerK, 2006/09/12
  - Re: [Jailkit-users] help , Keith, Stephen Tallowitz, 2006/09/12
    - Re: [Jailkit-users] help , Keith, Olivier Sessink, 2006/09/12
    - Re: [Jailkit-users] help , Keith, Stephen Tallowitz, 2006/09/13
    - Re: [Jailkit-users] help , Keith, Olivier Sessink, 2006/09/13
- RE: [Jailkit-users] help , Keith, RodgerK, 2006/09/13
  - Re: [Jailkit-users] help , Keith, Olivier Sessink, 2006/09/13
- RE: [Jailkit-users] help , Keith, RodgerK, 2006/09/13
  - Re: [Jailkit-users] help , Keith, Olivier Sessink, 2006/09/13
- RE: [Jailkit-users] help , Keith, RodgerK <=
  - Re: [Jailkit-users] help , Keith, Stephen Tallowitz, 2006/09/13

Prev by Date: Re: [Jailkit-users] help , Keith
Next by Date: Re: [Jailkit-users] help , Keith
Previous by thread: Re: [Jailkit-users] help , Keith
Next by thread: Re: [Jailkit-users] help , Keith
Index(es):
- Date
- Thread