LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   Pam immediatly closes sftp session for jailed users, but not for scp (http://www.linuxquestions.org/questions/linux-server-73/pam-immediatly-closes-sftp-session-for-jailed-users-but-not-for-scp-750881/)

Carroarmato0 08-28-2009 10:03 AM

Pam immediatly closes sftp session for jailed users, but not for scp
 
I'm running a student server in which all students are jailed in their respective folders.

Login in using scp gives no issues, except for when they try loging in with sftp.

I checked the logs, and it looks like sftp does it's job. The connection is established, credentials are checked, they are jailed into their folder. But then all of a sudden, pam closes the connection immediately with a session:closed entry.

Quote:

Aug 28 17:02:04 eduserv sshd[20432]: Accepted password for cfk from xx.xxx.xxx.xx port 64163 ssh2
Aug 28 17:02:04 eduserv sshd[20432]: pam_unix(sshd:session): session opened for user cfk by (uid=0)
Aug 28 17:02:04 eduserv sshd[20439]: subsystem request for sftp
Aug 28 17:02:04 eduserv jk_chrootsh[20440]: now entering jail /home/jail for user cfk (1000)
Aug 28 17:02:04 eduserv sshd[20432]: pam_unix(sshd:session): session closed for user cfk
Loging in with scp gives no such problem.

Carroarmato0 08-28-2009 11:11 AM

I found out, that changing the Subsystem to use the internal-sftp works, however, using this doesn't jails the users.

Carroarmato0 08-28-2009 02:15 PM

Tried playing around with the Match directives in sshd... but those don't seem to work one tiny bit.

Carroarmato0 09-15-2009 08:21 AM

I have solved my problem. When a user wants to login in his jail through sftp, ssh authenticates the user, and then call the sftp-server subsystem.

This subsystem needs writing access to the /dev/null device in the jail. After setting that, sftp works like a charm.


All times are GMT -5. The time now is 02:53 PM.