LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-11-2014, 05:58 AM   #1
antriksh
Member
 
Registered: Aug 2010
Location: In my world
Distribution: Oracle Linux 6
Posts: 81

Rep: Reputation: 0
Unable to connect through sftp for a jailed user


Below are the steps followed:

1. create filesystem( /wlslogs ) to be used as the jail; ownership = root:root; permissions = 755

2. copy executable( sftp, scp, ksh ) from their source locations( /usr/bin/sftp ) into the jail ( /wlslogs/usr/bin/sftp )

3. find required library files for the executables with the 'ldd' command and copy them into the jail( /wlslogs/lib64.... ); this included both regular files and any links that might exist

4. add user id and jail directory to /etc/security/chroot.conf;
i400742 /wlslogs

5. if not already there, add line below to /etc/pam.d/sshd
session required pam_chroot.so

6. add 'UsePAM yes' to /etc/ssh/sshd_config

7. in the jail( /wlslogs ) -

- files etc/group, etc/passwd and directory home should include only the user that will access the jail


When i try to do sftp -vvv i400742@naohdubjsi501 i get below error:

debug1: fd 0 clearing O_NONBLOCK
debug3: fd 1 is not O_NONBLOCK
Transferred: sent 1760, received 2040 bytes, in 0.4 seconds
Bytes per second: sent 4824.4, received 5591.9
debug1: Exit status 1
Connection closed

If I comment out the line below from /etc/security/chroot.conf, I can successfully sftp as i400742 using WinSCP or the command line.

#i400742 /wlslogs

I am also able to connect via command line 'sftp' or WinSCP if I change permissions on /wlslogs to be 777.


Can anyone assist me what is wrong i am doing.
 
Old 07-14-2014, 07:36 AM   #2
antriksh
Member
 
Registered: Aug 2010
Location: In my world
Distribution: Oracle Linux 6
Posts: 81

Original Poster
Rep: Reputation: 0
Hello ALL.. May be it looks lengthy and non understandable. So i am posting the question in short. Can anyone simply guide me how to configure sftp access to a server for a jailed user?
 
Old 07-14-2014, 08:29 AM   #3
eklavya
Member
 
Registered: Mar 2013
Posts: 619

Rep: Reputation: 136Reputation: 136
If you want that user, should be jailed in a directory, who logged in using sftp. Follow the process.
http://www.thegeekstuff.com/2012/03/chroot-sftp-setup/
 
Old 08-04-2014, 10:23 AM   #4
antriksh
Member
 
Registered: Aug 2010
Location: In my world
Distribution: Oracle Linux 6
Posts: 81

Original Poster
Rep: Reputation: 0
Hello..This article worked and jail is working fine for sftp now. But i am looking for a guide to allow scp also with sftp. But when i try to do scp i get below error:

# scp i400742@nakylexwls501:./.profile a073867@sapb8003:./myprofile
i400742@nakylexwls501's password:
This service allows sftp connections only.

Any idea what is wrong?
 
Old 08-05-2014, 05:55 AM   #5
fortran
Member
 
Registered: Nov 2011
Location: Cairo, Egypt
Distribution: CentOS, RHEL, Fedora
Posts: 300
Blog Entries: 2

Rep: Reputation: 51
Open /etc/ssh/sshd_config on the server and comment following line.
Code:
ForceCommand internal-sftp
Restart ssh on the server and try to run the command again.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Unable to SFTP with a user made for only to perform SFTP raj2arora2009 Linux - Security 1 04-10-2012 08:23 AM
Pam immediatly closes sftp session for jailed users, but not for scp Carroarmato0 Linux - Server 3 09-15-2009 09:21 AM
Unable to connect to SFTP using VSFTP on Linux server ayami Linux - Server 4 04-07-2008 11:07 AM
let a user only connect via sftp FORESTHUS Linux - Security 7 01-16-2004 11:09 AM


All times are GMT -5. The time now is 09:17 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration