Hey Everyone!
Trust me when I say this - I've Google'd this beyond belief and definitely RTFM'd this one. I'm trying to setup a SFTP and limit user access with Jailkit from
http://olivier.sessink.nl on a Fedora Core 6 box. SELinux is disabled and so is the firewall.
Here is the config for the jk_init.ini file for SFTP and SCP:
Code:
[scp]
comment = ssh secure copy
executables = /usr/bin/scp
includesections = netbasics, uidbasics
devices = /dev/urandom
[sftp]
comment = ssh secure ftp
executables = /usr/lib/sftp-server, /usr/libexec/openssh/sftp-server, /usr/lib/misc/sftp-server, /usr/libexec/sftp-server
includesections = netbasics, uidbasics
devices = /dev/urandom, /dev/null
[jk_lsh]
comment = Jailkit limited shell
executables = /usr/sbin/jk_lsh
regularfiles = /etc/jailkit/jk_lsh.ini
users = root
groups = root
need_logsocket = 1
includesections = uidbasics
Which works because because the path to the executables can be found with:
Code:
find / -iname 'scp'; find / -iname 'sftp-server'
Next, I create my jail directory:
Next, I copy the files needed to make SFTP, SCP and the Jailkit shell to work:
Code:
jk_init -v -j /var/jail sftp scp jk_lsh
No errors during the copy.
Create my user and password change:
Code:
useradd testuser; passwd testuser
Next I jail the user which copies their home directory into the jail and modifies the /etc/passwd file:
Code:
jk_jailuser -m -j /var/jail testuser
This is my /etc/passwd file:
Code:
testuser:x:500:500::/var/jail/./home/testuser:/usr/sbin/jk_chrootsh
This is my /var/jail/etc/passwd file:
Code:
root:x:0:0:root:/root:/bin/bash
testuser:x:500:500::/home/testuser:/usr/sbin/jk_lsh
Finally, I modify my /var/jail/etc/jailkit/jk_lsh.ini file so the jailed user can start the executables, etc.
Code:
[testuser]
paths = /usr/bin, /usr/lib
executables = /usr/bin/scp, /usr/lib/sftp-server, /usr/lib/openssh/sftp-server, /usr/libexec/sftp-server
Now the testing:
Code:
sftp testuser@localhost
Connecting to localhost...
testuser@localhost's password:
Connection closed
Code:
tail -f /var/log/messages
Aug 1 06:24:55 localhost jk_chrootsh[28352]: now entering jail /var/jail for user testuser (500)
Code:
tail -f /var/log/secure
Aug 1 06:24:55 localhost sshd[28349]: Accepted password for testuser from 127.0.0.1 port 47725 ssh2
Aug 1 06:24:55 localhost sshd[28349]: pam_unix(sshd:session): session opened for user testuser by (uid=0)
Aug 1 06:24:55 localhost sshd[28351]: subsystem request for sftp
Aug 1 06:24:55 localhost sshd[28349]: pam_unix(sshd:session): session closed for user testuser
I'm stumped. If anyone can help that would rock!!!
Thanks!