[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-users] SuSE problem

From: Steve Follmer
Subject: Re: [Jailkit-users] SuSE problem
Date: Tue, 05 Jun 2007 13:32:30 +0800
User-agent: Thunderbird (X11/20070418)

I tried the suggestion and here is my new situation.
It just closes the session with no explanation:

sftp address@hidden
Connecting to localhost...
Connection closed

Nothing in /var/log/warn, this is in /var/log/messages:

Jun  5 13:07:11 suse sshd[8030]: Accepted keyboard-interactive/pam for
test from port 59060 ssh2
Jun  5 13:07:11 suse sshd[8036]: subsystem request for sftp
Jun  5 13:07:11 suse jk_chrootsh[8037]: now entering jail /home/sftp for
user test (1005)
Jun  5 05:07:11 suse jk_lsh[8037]: jk_lsh version 2.3, started
Jun  5 05:07:11 suse jk_lsh[8037]: executing command
'/usr/lib/ssh/sftp-server' for user test (1005)

I tried this, but the trace file is empty...
ps axu | grep sshd | grep test
root      8079  0.0  0.1   7856  2492 ?        Ss   13:13   0:00 sshd:
test [priv]
sshd      8083  0.0  0.0   7196  1344 ?        S    13:13   0:00 sshd:
test [net]
root      8084  0.0  0.0   7988  1692 ?        S    13:13   0:00 sshd:
test [pam]

# strace -p 8083 -ff -e trace=file -o t2
Process 8083 attached - interrupt to quit
Process 8083 detached

If you can suggest any further steps I can take I'd sure appreciate it.


Some background:

I started over and created a new jail (though the old one has the same

I changed /etc/jailkit/jk_init.ini (the line executables =):

comment = ssh secure ftp
executables = /usr/lib/ssh/sftp-server
includesections = netbasics, uidbasics
devices = /dev/urandom

Then I followed these instructions from the man page:

       #initialise the jail
       mkdir /home/sftproot
       jk_init /home/sftproot jk_lsh
       jk_init /home/sftproot sftp
       jk_init /home/sftproot scp
       # create the account
       jk_addjailuser /home/sftproot test
       # edit the jk_lsh configfile in the jail, see man jk_lsh
       # you can use every editor you want, I chose 'joe'
       joe /home/sftproot/etc/jailkit/jk_lsh.ini
       # now restart jk_socketd
       killall jk_socketd
       # test the account
       sftp address@hidden
       # check the logs if everything is correct
       tail /var/log/daemon.log /var/log/auth.log

One minor issue, those log files don't exist anywhere on SuSE 10.2
(after updatedb). Also, after doing the above there was no
/home/sftp/home/test directory. So I created that as follows:

drwxr-xr-x 2 test users 4096 2007-06-05 12:53 test

/home/sftp/etc/jailkit/jk_lsh.ini now reads...
paths= /usr/bin, /usr/lib/ssh
executables= /usr/bin/scp, /usr/lib/ssh/sftp-server
allow_word_expansion = 0
umask = 002

Then I killed and restarted jk_socketd

> well, according to these logs you need to copy /usr/lib/ssh/sftp-server
> into the jail
> `jk_cp -v /home/sftpdom /usr/lib/ssh/sftp-server`
> and you need to edit /home/sftpdom/etc/jailkit/jk_lsh.ini so your user
> djdh is allowed to run this executable.
> (the /etc/jailkit/jk_init.ini has defaults for Ubuntu/Debian, but the
> file needs some changes for suse)
> regards,
>     Olivier

reply via email to

[Prev in Thread] Current Thread [Next in Thread]