jailkit-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-users] JailKit and SFTP


From: Olivier Sessink
Subject: Re: [Jailkit-users] JailKit and SFTP
Date: Fri, 20 Nov 2009 21:34:39 +0100
User-agent: Thunderbird 2.0.0.23 (X11/20090817)

Luiz Casey wrote:
> Following the instructions
> http://olivier.sessink.nl/jailkit/howtos_ssh_only.html . Users can
> still sftp onto the system and transverse the chroot/jail. So it
> technically is not a ssh only howto. People would need to either
> disable sftp subsystem completely or run two instances of ssh one
> with sftp enable another with it disabled. If you could put
> "subsystem" within a match directive would be even better.

I cannot reproduce that. My /srv/jail/etc/jailkit/jk_lsh.ini only allows
ssh. This is what happens if I try to sftp:

Nov 20 21:31:49 cort sshd[1577]: Accepted keyboard-interactive/pam for
jailtest from 127.0.0.1 port 44123 ssh2
Nov 20 21:31:49 cort sshd[1581]: pam_unix(sshd:session): session opened
for user jailtest by (uid=0)
Nov 20 21:31:49 cort sshd[1581]: subsystem request for sftp
Nov 20 21:31:49 cort jk_chrootsh[1582]: now entering jail /srv/jail for
user jailtest (1005)
Nov 20 21:31:49 cort jk_lsh[1582]: jk_lsh version 2.10, started
Nov 20 21:31:49 cort jk_lsh[1582]: the requested executable
/usr/lib/sftp-server is not found
Nov 20 21:31:49 cort jk_lsh[1582]: WARNING: user jailtest (1005) tried
to run '/usr/lib/sftp-server', which is not allowed according to
/etc/jailkit/jk_lsh.ini
Nov 20 21:31:49 cort sshd[1581]: pam_unix(sshd:session): session closed
for user jailtest


are you sure jk_lsh is configured to deny sftp ? are you using jk_lsh ?
(the first example in the tutorial uses bash!)

Olivier




reply via email to

[Prev in Thread] Current Thread [Next in Thread]