Hi all,
I'm trying to set up a jailed user that can only SCP / SFTP files to their jailed directory. I'm using the backported packages for Debian stable (v2.21 I believe).
However, when I do this, I'm getting the following error in the logs:
Jun 7 17:46:19 xcp-filetransfer jk_chrootsh[1031]: now entering jail /jail for user jail (1003) with arguments -c scp -v -f test.txt
Jun 7 17:46:19 xcp-filetransfer jk_lsh[1031]: jk_lsh version 2.21, started
Jun 7 17:46:19 xcp-filetransfer jk_lsh[1031]: WARNING: user jail (1003) tried to run '/usr/bin/scp -v -f test.txt', which is not allowed according to /etc/jailkit/jk_lsh.ini
The following are the contents of /etc/jailkit/jk_lsh.ini and /jail/etc/jailkit/jk_lsh.ini:
root@xcp-filetransfer:/var/log# cat /etc/jailkit/jk_lsh.ini
## example for a user
#[test]
#paths= /usr/lib/
#executables= /usr/lib/sftp-server
#allow_word_expansion = 0
#umask = 002
#
##example for a group, there should be only 1 space inbetween the words!
#[group users]
#paths = /usr/bin
#executables = /usr/bin/cvs
#allow_word_expansion = 0
#environment= HELIX_PATH=/opt/RealPlayer/, TMP=/tmp/
[jail]
paths = /usr/bin/
executables = /usr/bin/scp
allow_word_expansion = 1
root@xcp-filetransfer:/var/log# cat /jail/etc/jailkit/jk_lsh.ini
## example for a user
#[test]
#paths= /usr/lib/
#executables= /usr/lib/sftp-server
#allow_word_expansion = 0
#umask = 002
#
##example for a group, there should be only 1 space inbetween the words!
#[group users]
#paths = /usr/bin
#executables = /usr/bin/cvs
#allow_word_expansion = 0
#environment= HELIX_PATH=/opt/RealPlayer/, TMP=/tmp/
[jail]
paths = /usr/bin, /usr/lib
executables = /usr/bin/scp /usr/lib/openssh/sftp-server
allow_word_expansion = 1
Can anyone offer any advice as to why this is happening?
Thanks
Andy