|Subject:||Re: [Jailkit-users] Users connected via SFTP not jailed|
|Date:||Fri, 4 Apr 2014 10:13:31 +0300|
jk_jailuser -m -j /home/chrootssh/ test-anebi
In auth.log following things happen:
When i connect with SFTP:
Apr 4 09:06:25 labs sshd: Accepted password for test-anebi from 126.96.36.199 port 60208 ssh2
Apr 4 09:06:25 labs sshd: pam_unix(sshd:session): session opened for user test-anebi by (uid=0)
Apr 4 09:06:26 labs sshd: subsystem request for sftp by user test-anebi
When i connect with SSH
Apr 4 09:07:03 labs sshd: Accepted password for test-anebi from 188.8.131.52 port 60253 ssh2
Apr 4 09:07:03 labs sshd: pam_unix(sshd:session): session opened for user test-anebi by (uid=0)
Apr 4 09:07:03 labs jk_chrootsh: now entering jail /home/chrootssh for user test-anebi (1008) with arguments
Olivier, yes, i do have little bit changed ssh config, i have changed SFTP subsystem
Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp
# Rules for sftponly group
Match group sftponly
I tried yesterday reverting this change, but still same problem, so i am not sure if this can cause this problem.
I will try to reproduce the problem on a clean system without any configuration changes to see if it will happen there.
On 04/03/2014 11:49 AM, Ali Nebi wrote:all processes that are started via the shell of the user will be jailed
> I have installed jailkit on ubuntu 12.04 and it is working perfectly
> for SSH accesses for jailed users. They are in jail dir and all is ok.
> But i noticed today that when users connect via SFTP, they see and can
> browse in real system - they are not jailed. I checked all libraries,
> all device files related to sftp and all is copied to jail dir. Can
> you give me advices how to get this working?
(because the shell it jk_chrootsh). Any process that is not started via
the shell is not jailed. Normally openssh will start sftp via the shell
and thus the user is jailed. So my first guesses are:
- you could be using a different ssh server, or differently configured ?
- you could be using ftps (ftp over ssl) and not sftp (ftp over ssh),
and the ftps server is not in a jail
Bluefish website http://bluefish.openoffice.nl/
Jailkit-users mailing list
|[Prev in Thread]||Current Thread||[Next in Thread]|