Pam immediatly closes sftp session for jailed users, but not for scp

Carroarmato0 · 08-28-2009, 11:03 AM

I'm running a student server in which all students are jailed in their respective folders.

Login in using scp gives no issues, except for when they try loging in with sftp.

I checked the logs, and it looks like sftp does it's job. The connection is established, credentials are checked, they are jailed into their folder. But then all of a sudden, pam closes the connection immediately with a session:closed entry.

Quote:

Aug 28 17:02:04 eduserv sshd[20432]: Accepted password for cfk from xx.xxx.xxx.xx port 64163 ssh2
Aug 28 17:02:04 eduserv sshd[20432]: pam_unix(sshd:session): session opened for user cfk by (uid=0)
Aug 28 17:02:04 eduserv sshd[20439]: subsystem request for sftp
Aug 28 17:02:04 eduserv jk_chrootsh[20440]: now entering jail /home/jail for user cfk (1000)
Aug 28 17:02:04 eduserv sshd[20432]: pam_unix(sshd:session): session closed for user cfk

Loging in with scp gives no such problem.

Carroarmato0 · 08-28-2009, 12:11 PM

I found out, that changing the Subsystem to use the internal-sftp works, however, using this doesn't jails the users.

Carroarmato0 · 08-28-2009, 03:15 PM

Tried playing around with the Match directives in sshd... but those don't seem to work one tiny bit.

Carroarmato0 · 09-15-2009, 09:21 AM

I have solved my problem. When a user wants to login in his jail through sftp, ssh authenticates the user, and then call the sftp-server subsystem.

This subsystem needs writing access to the /dev/null device in the jail. After setting that, sftp works like a charm.