[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-users] Newbie - Password Change

From: Olivier Sessink
Subject: Re: [Jailkit-users] Newbie - Password Change
Date: Fri, 08 Aug 2008 17:29:36 +0200
User-agent: Thunderbird (X11/20080724)

David Harper wrote:
I'm new to jailing a user so forgive the ignorance. I recently
attempted to jail a user (sftp/scp) on my Ubuntu 8.04 system. I am
able to get to the point of entering the password using WinSCP, so the
connection to my box is working. When I enter the password it states
that the login is incorrect. I have verified that the user is
identified in the sshd_config file, I changed the password as root and
ran jk_update, but still unable to login.

the password is in /etc/shadow, it is not inside your jail, so there is no need to run jk_update after a password change.

I deleted the entire jail and user, then reinstalled. This time it
states (in WinSCP) that sftp-server is not running on the host. I
verfied that it was running by logging in as a normal ssh user.

The sftp-server was probably available on your normal system, but perhaps not inside the chroot jail.

I also got errors during the jk_init process that some of the
sftp-server files did not exist.  On my system sftp-server only resides
in the /usr/lib/sftp-server and openssh/sft-server and not in the
/usr/libexe directory (spelling maybe in correct as I'm not on my
system to verify now). I'm not sure if this is the issue?

the provided /etc/jailkit/jk_init.ini is only an example file, depending on your system you can modify it. Just make sure that the right location of your sftp-server is in there.

My end goal is to have a jail to allow someone to use WinSCP or
cmdline scp to my box. The user will only need the capability to
up/download data to that directory.

Any assistance is greatly appreciated.

Can you post the log messages from jailkit? `grep jk_ /var/log*` probably does the trick. Do you have logging inside the jail? (syslog or jk_socketd?)


reply via email to

[Prev in Thread] Current Thread [Next in Thread]