Hi all,
I'm trying to set up a jailed user that can only SCP / SFTP
files to their jailed directory. I'm using the backported
packages for Debian stable (v2.21 I believe).
However, when I do this, I'm getting the following error in
the logs:
Jun 7 17:46:19 xcp-filetransfer jk_chrootsh[1031]: now
entering jail /jail for user jail (1003) with arguments -c scp
-v -f test.txt
Jun 7 17:46:19 xcp-filetransfer jk_lsh[1031]: jk_lsh version
2.21, started
Jun 7 17:46:19 xcp-filetransfer jk_lsh[1031]: WARNING: user
jail (1003) tried to run '/usr/bin/scp -v -f test.txt', which
is not allowed according to /etc/jailkit/jk_lsh.ini
The following are the contents of /etc/jailkit/jk_lsh.ini
and /jail/etc/jailkit/jk_lsh.ini:
root@xcp-filetransfer:/var/log# cat /jail/etc/jailkit/jk_lsh.ini
## example for a user
#[test]
#paths= /usr/lib/
#executables= /usr/lib/sftp-server
#allow_word_expansion = 0
#umask = 002
#
##example for a group, there should be only 1 space inbetween the words!
#[group users]
#paths = /usr/bin
#executables = /usr/bin/cvs
#allow_word_expansion = 0
#environment= HELIX_PATH=/opt/RealPlayer/, TMP=/tmp/
[jail]
paths = /usr/bin, /usr/lib
executables = /usr/bin/scp /usr/lib/openssh/sftp-server
allow_word_expansion = 1
Can anyone offer any advice as to why this is happening?