[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Jailkit-users] help , Keith
From: |
RodgerK |
Subject: |
RE: [Jailkit-users] help , Keith |
Date: |
Wed, 13 Sep 2006 13:57:05 -0400 |
Olivier;
I change home jail passwd back to jk_lsh for user mike, and added
/usr/libexec/openssh/sftp-server as an executable in both
/etc/jailkit/jk_lsh.ini and /home/jail/etc/jailkit/jk_lsh.ini thinking
that might work but I get: I've included my jk_lsh.ini files
session opened for user mike by (uid=0)
Sep 13 11:51:16 fpsft jk_chrootsh[7746]: now entering jail /home/jail
for user mike (500)
Sep 13 15:51:16 fpsft jk_lsh[7746]: jk_lsh version 2.1, started
Sep 13 15:51:16 fpsft jk_lsh[7746]: WARNING: user mike (500) tried to
run '/usr/libexec/openssh/sftp-server', which is not allowed according
to /etc/jailkit/jk_lsh.ini
Sep 13 11:51:16 fpsft sshd(pam_unix)[7745]: session closed for user mike
/etc/jailkit/jk_lsh.ini:
## example for a user
[mike]
paths= /usr/lib/ /usr/bin /usr/sbin
executables= /usr/sbin/jk_lsh /usr/bin/scp /usr/bin/ssh
/usr/libexec/openssh/sftp-server
#allow_word_expansion = 0
#umask = 002
#
##example for a group, there should be only 1 space inbetween the words!
#[group users]
#paths = /usr/bin
#executables = /usr/bin/cvs
#allow_word_expansion = 0
#environment= HELIX_PATH=/opt/RealPlayer/, TMP=/tmp/
/home/jail/etc/jailkit/jk_lsh is the same....
Thanks for all your help Keith....
Ps whether or not you use a leading "/" it just adds or not the slash in
var/log/messages
-----Original Message-----
From: address@hidden
[mailto:address@hidden On Behalf Of
Olivier Sessink
Sent: Wednesday, September 13, 2006 12:57 PM
To: address@hidden
Subject: Re: [Jailkit-users] help , Keith
address@hidden wrote:
> I thought that your jk_lsh was like an alternative shell. What I want
is
> outside users to be able to scp, sftp, or login in to their jailed
> directories on this box in our dmz and not see anything but their home
> dirs. You are correct, I was doing
> Ssh address@hidden, I don't get why this is not ok, And I've been
> Doing **ix for 20 years so by interactive shells you just mean sh ksh
> bash etc?, I've never actually called them interactive, but if I think
> about it I guess they are interactive. What am I missing?
try the man page for jk_lsh, it is designed for users that don't need a
shell, but do need scp/sftp/rsync etc. which are often tunneled over a
secure shell connection.
regards,
Olivier
_______________________________________________
Jailkit-users mailing list
address@hidden
http://lists.nongnu.org/mailman/listinfo/jailkit-users
- Re: [Jailkit-users] help , Keith, (continued)
RE: [Jailkit-users] help , Keith, RodgerK, 2006/09/13
RE: [Jailkit-users] help , Keith, RodgerK, 2006/09/13
RE: [Jailkit-users] help , Keith,
RodgerK <=