[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Jailkit-users] Suse 64bit SFTP problem
From: |
Jere Retzer |
Subject: |
Re: [Jailkit-users] Suse 64bit SFTP problem |
Date: |
Tue, 13 Mar 2007 16:50:24 -0700 |
Thanks, Olivier
Sequence of actions below might have something useful - bottom line is success.
Thank you very much. Question: can the same user sftp from multiple machines at
the same time or would they be locked out?
First, tried jk_cp with no success. The correct path for sftp on Suse 64b (AMD)
is /usr/lib64/ssh/sftp-server
Then I edited the sftp section in jk_init.ini, replacing the sftp section with
this:
[sftp]
comment = ssh secure ftp
executables =/usr/lib64/ssh/sftp-server
includesections = netbasics, uidbasics
devices = /dev/null, /dev/urandom
Then I verified all the files move with ldd /usr/lib64/ssh/sftp-server and
jk_cp move the same files. I get the same results when I attempt to log in
(enters jail, finds the user in jk_lsh.ini and immediately closes)
Worked through the issue of the user /lib64/libnss* files (which were not
reported by ldd) reported by Norbert on March 6 (on RHEL4) The files are not
exactly the same between Opensuse 10.2, which I am using and RHEL that Norbert
is using. It seems to me that one potential trap involves copying /lib/libnss*
and/or /usr/lib/libnss* instead of /lib64/libnss* and usr/lib64/libnss* As I
looked over the files in my jail directories it looked to me like perhaps some
of the wrong files were copied (maybe when initializing with jk_lsh?) so my
solution was to cp -f -v libnss* from the /lib64 and /usr/lib64 to the
associated jail directory and now it works.
Thanks again.
Jere
>>> address@hidden 3/12/2007 11:52 PM >>>
Jere Retzer wrote:
> I'm now working on my target Suse machine, which uses 64bit linux
> having worked out the bugs on a test machine, which uses 32 bit linux
>
>
> I'm able to get the user into the jail, as reflected in my messages
> log but the session immediately terminates. When I use WinSCP, for
> example to test with the server it says "Cannot initialize SFTP
> protocol. Is the host running a SFTP server?" Here are (edited)
> messages from localhost:
>
> Accepted keyboard-interactive/pam for [username] from 127.0.0.1 port
> 52188 ssh2 subsystem request for sftp now entering jail /home/[jail]
> for user [username] (1003) jk_lsh version 2.3, started cannot find
> user name for uid 1003: Success
>
> I've discovered that the path for the sftp-server is different from
> the 32b to the 64b Suse, where the executable is in
> /usr/lib64/ssh/sftp-server I'm wondering if there are some associated
> files that need to get copied for the sftp-server to run.
if you use jk_cp to copy sftp-server into the jail the libraries will be
copied too.
you might want to check the archives of this list, there are some
postings from people that had problems with 64bit machines, I think most
were lacking the 64 bit equivalents for libnss* in their jails (from
/lib64 ?).
regards,
Olivier
_______________________________________________
Jailkit-users mailing list
address@hidden
http://lists.nongnu.org/mailman/listinfo/jailkit-users