Thanks Oliver. Below is the information requested.
#1 Below are the directory and shells for the jail-scp user:
****************************************************
located in /etc/passwd :/myhome/jail/./home/jail-scp:/usr/sbin/jk_chrootsh
located in the jail :/home/jail-scp:/usr/sbin/jk_lsh
****************************************************
#3 Here is a snippet of the jk_init.ini file:
****************************************************
[scp]
comment = ssh secure copy
executables = /usr/bin/scp
includesections = netbasics, uidbasics
devices = /dev/urandom
[sftp]
comment = ssh secure ftp
executables = /usr/lib/sftp-server, /usr/lib/openssh/sftp-server, /usr/lib/misc/sftp-server
includesections = netbasics, uidbasics
devices = /dev/urandom, /dev/null
[ssh]
comment = ssh secure shell
executables = /usr/bin/ssh
includesections = netbasics, uidbasics
devices = /dev/urandom, /dev/tty
****************************************************
Here are the locations on my system of sftp-server:
/usr/lib/sftp-server
/usr/lib/openssh/sftp-server
****************************************************
From WinSCP logon attempt
Password failed twice
Cannot initialize SFTP protocol. Is the host running a SFTP server?
****************************************************
#4 I am attaching the following log exports:
jail-scp is the user account currently enabled
jailed was the original user account used - currently deleted
****************************************************
jail-scp.log grep jail-scp /var/log/* > jail-scp.log
jk.log grep jk_ /var/log/* > jk.log
****************************************************
I have not set up the logging inside the jail, I was hoping to so after I could verify I could get in.
Thanks in advance for your wonderful assistance.
David
______________________________________________________________________________________
On Fri, Aug 8, 2008 at 11:29 AM, Olivier Sessink
<address@hidden> wrote:
David Harper wrote:
I'm new to jailing a user so forgive the ignorance. I recently
attempted to jail a user (sftp/scp) on my Ubuntu 8.04 system. I am
able to get to the point of entering the password using WinSCP, so the
connection to my box is working. When I enter the password it states
that the login is incorrect. I have verified that the user is
identified in the sshd_config file, I changed the password as root and
ran jk_update, but still unable to login.
the password is in /etc/shadow, it is not inside your jail, so there is no need to run jk_update after a password change.
I deleted the entire jail and user, then reinstalled. This time it
states (in WinSCP) that sftp-server is not running on the host. I
verfied that it was running by logging in as a normal ssh user.
The sftp-server was probably available on your normal system, but perhaps not inside the chroot jail.
I also got errors during the jk_init process that some of the
sftp-server files did not exist. On my system sftp-server only resides
in the /usr/lib/sftp-server and openssh/sft-server and not in the
/usr/libexe directory (spelling maybe in correct as I'm not on my
system to verify now). I'm not sure if this is the issue?
the provided /etc/jailkit/jk_init.ini is only an example file, depending on your system you can modify it. Just make sure that the right location of your sftp-server is in there.
My end goal is to have a jail to allow someone to use WinSCP or
cmdline scp to my box. The user will only need the capability to
up/download data to that directory.
Any assistance is greatly appreciated.
Can you post the log messages from jailkit? `grep jk_ /var/log*` probably does the trick. Do you have logging inside the jail? (syslog or jk_socketd?)
regards,
Olivier
_______________________________________________
Jailkit-users mailing list
address@hidden