jailkit-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-users] ssh from jailed user


From: Roger.Gottet
Subject: Re: [Jailkit-users] ssh from jailed user
Date: Mon, 17 Feb 2014 09:30:26 +0000

Hi,

Sure you can. I've setup the jail in a solaris env. and ssh does work to any destination.
I had to change the group of /dev/null to sys, but I think thats solaris specific.

Best regards
Roger
---



From: OCEANET - Cédric BASSAGET <address@hidden>
Reply-To: "address@hidden" <address@hidden>
Date: Monday, February 17, 2014 10:19 AM
To: "address@hidden" <address@hidden>
Subject: Re: [Jailkit-users] ssh from jailed user

So I can't ssh from a jailed account to the outside ?

Sh*t !! ;)

Thanks anyway for your help.

Olivier, any idea ?
Regards,
Cédric


Le 17/02/2014 10:15, Richard Scott a écrit :

Ah, so your SSH'ing "out" of a jailed account.

I've just tried it and get the same error:

$ ssh monkey
Couldn't open /dev/null: Permission denied
$ ls -al /dev/
total 0
drwxr-xr-x  2 root root   41 Feb 17 09:13 .
drwxr-xr-x 11 root root   99 Feb 17 09:13 ..
crw-rw-rw-  1 root root 1, 3 Feb 17 09:02 null
crw-rw-rw-  1 root root 5, 0 Feb 17 09:02 tty
crw-rw-rw-  1 root root 1, 9 Feb 17 09:02 urandom
$

I don't think its we've done then :-)

Rich

On 17/02/2014 08:43, OCEANET - Cédric BASSAGET wrote:

Hi,

I've created jail with jk_jailuser and jk_init.

I've tried many things :

address@hidden ~]# jk_init -j /srv/gan-w17-disk1/githplus terminfo ssh sftp scp
Device /srv/gan-w17-disk1/githplus/dev/urandom does exist already
Device /srv/gan-w17-disk1/githplus/dev/tty does exist already
Device /srv/gan-w17-disk1/githplus/dev/null does exist already
Copying /usr/libexec/openssh/sftp-server to /srv/gan-w17-disk1/githplus/usr/libexec/openssh/sftp-server
Copying /usr/bin/scp to /srv/gan-w17-disk1/githplus/usr/bin/scp

address@hidden ~]# ll /srv/gan-w17-disk1/githplus/dev/null
crwxrwxrwx 1 root root 1, 3 Feb 13 13:10 /srv/gan-w17-disk1/githplus/dev/null

address@hidden ~]# ssh address@hidden 
Password:
Last login: Mon Feb 17 09:32:29 2014 from XXX

address@hidden ~]$ whoami
githplus

address@hidden ~]$ pwd
/home/githplus

address@hidden ~]$ ls -la /dev/null
crwxrwxrwx 1 root root 1, 3 Feb 13 13:10 /dev/null

address@hidden ~]$ ssh -v 127.0.0.1  
Couldn't open /dev/null: Permission denied


.................
Any Idea ?
Regards,
Cédric


Le 14/02/2014 09:24, Richard Scott a écrit :

How did you create your Jail?

You should have a /dev/null inside your jail.


I create mine like this:

jk_init -j /myjail terminfo ssh sftp scp

and the "ssh sftp scp" option creates the required devices.

Rich

 

 

On 14/02/2014 08:06, OCEANET - Cédric BASSAGET wrote:

Hello Olivier,

I still have the same problem, with :

address@hidden ~]$ ls -la /dev/null   
crwxrwxrwx 1 root root 1, 3 Feb 13 13:10 /dev/null
address@hidden ~]$ ssh -v 10.10.10.10
Couldn't open /dev/null: Permission denied


Le 13/02/2014 21:49, Olivier Sessink a écrit :
On 02/13/2014 01:23 PM, OCEANET - Cédric BASSAGET wrote:


But I still have this error :
address@hidden ~]$ ssh -v 10.10.10.10
Couldn't open /dev/null: Permission denied

try

chmod a+rw /path/to/jail/dev/null

Olivier


-- 
Bluefish website http://bluefish.openoffice.nl/
Blog http://oli4444.wordpress.com/


_______________________________________________
Jailkit-users mailing list
address@hiddenhttps://lists.nongnu.org/mailman/listinfo/jailkit-users


_______________________________________________
Jailkit-users mailing list
address@hiddenhttps://lists.nongnu.org/mailman/listinfo/jailkit-users


_______________________________________________
Jailkit-users mailing list
address@hiddenhttps://lists.nongnu.org/mailman/listinfo/jailkit-users


_______________________________________________
Jailkit-users mailing list
address@hiddenhttps://lists.nongnu.org/mailman/listinfo/jailkit-users


_______________________________________________Jailkit-users mailing list
address@hiddenhttps://lists.nongnu.org/mailman/listinfo/jailkit-users


reply via email to

[Prev in Thread] Current Thread [Next in Thread]