[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-users] sftp/scp jailkit setup on OpenBSD 4.1

From: Olivier Sessink
Subject: Re: [Jailkit-users] sftp/scp jailkit setup on OpenBSD 4.1
Date: Wed, 11 Jul 2007 08:05:20 +0200
User-agent: Icedove (X11/20070607)

. . wrote:
O/S: OpenBSD 4.1
JailKit: jailkit-2.3
Home: /sftp

Instructions: http://olivier.sessink.nl/jailkit/howtos_sftp_scp_only.html

I was following the instructions for setting up jailkit for sftp/scp according to the above instructions.

1) Everything was going fine until this step:

jk_jailuser -m -j /home/jail mike

At that point I received the following error:

# jk_jailuser -m -j /sftp/ mike
Traceback (most recent call last):
 File "/usr/sbin/jk_jailuser", line 300, in <module>
 File "/usr/sbin/jk_jailuser", line 291, in main
   jailuser(jail, username, movehome, config)
 File "/usr/sbin/jk_jailuser", line 180, in jailuser
   shutil.copy(oldhome, newhome)
 File "/usr/local/lib/python2.5/shutil.py", line 80, in copy
   copyfile(src, dst)
 File "/usr/local/lib/python2.5/shutil.py", line 46, in copyfile
   fsrc = open(src, 'rb')
IOError: [Errno 21] Is a directory

hmm I have to look into that.. it seems that the python shutil.copy() function cannot handle directories...

Jul 10 22:33:30 sftp jk_lsh[6154]: WARNING: user mike (1002) tried to run '/usr/libexec/sftp-server', which is not allowed according to /etc/jailkit/jk_lsh.ini

4) So I modified the /etc/jailkit/jk_lsh.ini and /sftp/etc/jailkit/jk_lsh.ini to add /usr/libexec/sftp-server

Changing only /sftp/etc/jailkit/jk_lsh.ini is good enough (but changing both is not a problem).

Then I received this:
Jul 10 16:38:52 sftp sshd[11660]: Accepted password for mike from ::1 port 48980 ssh2
Jul 10 16:38:52 sftp sshd[4143]: subsystem request for sftp
Jul 10 16:38:52 sftp jk_chrootsh[19000]: now entering jail /sftp for user mike (1002)
Jul 10 22:38:52 sftp jk_lsh[19000]: jk_lsh version 2.3, started
Jul 10 22:38:52 sftp jk_lsh[19000]: executing command '/usr/libexec/sftp-server' for user mike (1002) Jul 10 22:38:52 sftp jk_lsh[19000]: WARNING: running /usr/libexec/sftp-server failed for user mike (1002): Unknown error: -1

is /sftp/usr/libexec/sftp-server executable (permissions)? if you look at `ldd /sftp/usr/libexec/sftp-server` are all the listed libraries available within /sftp ?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]