LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-24-2013, 04:20 AM   #1
slowerogue
Member
 
Registered: Oct 2012
Posts: 96

Rep: Reputation: Disabled
sftp jail with scp


hi guys,
rhel6.3 64bit
i have setup a sftp jail
Code:
Subsystem       sftp    internal-sftp
# Example of overriding settings on a per-user basis
#Match User anoncvs
#       X11Forwarding no
#       AllowTcpForwarding no
#       ForceCommand cvs server
Match Group aaa
        X11Forwarding no
        ChrootDirectory %h
        AllowTcpForwarding no
        ForceCommand internal-sftp
and i added some users(/sbin/nologin) and they are belong to group aaa.
sftp jail working fine, but they cant run script with scp command.

by default sftp jail wont allow scp?
do i need to add them to ssh jail and give only scp features?
or is there any better way?
thanks

Last edited by slowerogue; 04-24-2013 at 04:33 AM.
 
Old 04-24-2013, 04:45 AM   #2
rosehosting.com
Member
 
Registered: Jun 2012
Location: Missouri, USA
Posts: 223

Rep: Reputation: 62
Try to create the jail using the following commands:

jk_init -v -j /home/jail_dir/ basicshell editors extendedshell ssh sftp scp

jk_jailuser -v -m -s /bin/bash -j /home/jail_dir/ jail_user

Do not forget to change 'jail_dir' and 'jail_user' with the actual jail directory and user.
 
Old 04-24-2013, 04:58 AM   #3
slowerogue
Member
 
Registered: Oct 2012
Posts: 96

Original Poster
Rep: Reputation: Disabled
hi, jk_init command not found.

i have tested like this
user A, sftp jailed, without sshjail,
when /sbin/nologin
cant ssh, cant winscp using scp,
can only winscp sftp

when /bin/bash
cant ssh, cant winscp using scp,
can only winscp sftp


user B, sftp jailed, ssh jailed
when /sbin/nologin
cant ssh, cant winscp using scp ,
can only winscp sftp

when /bin/bash
can ssh, can winscp using scp, can winscp sftp


i know i can give the users A sshjail,
but is this the only way?
am i on the right track?
thanks

Last edited by slowerogue; 04-24-2013 at 05:09 AM.
 
Old 04-24-2013, 05:06 AM   #4
rosehosting.com
Member
 
Registered: Jun 2012
Location: Missouri, USA
Posts: 223

Rep: Reputation: 62
Follow the instructions below to create an SSH chrooted jail using jailkit:

wget http://olivier.sessink.nl/jailkit/jailkit-2.15.tar.gz
tar -zxvf jailkit-2.15.tar.gz
cd jailkit-2.15
./configure
make
make install

mkdir -p /home/jail_dir
jk_init -v -j /home/jail_dir/ basicshell editors extendedshell ssh sftp scp

adduser jail_user
passwd jail_user

jk_jailuser -v -m -s /bin/bash -j /home/jail_dir/ jail_user
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
CentOS 6.3 sftp chroot jail CHIadam Linux - Security 21 02-27-2013 03:13 AM
I'm defeated: Can't get SCP to work in chroot jail (but sftp and ssh work fine) ponga Linux - Security 2 09-30-2011 12:06 PM
How to setup SFTP chroot jail for some particular user. jeesun Linux - Security 1 08-09-2011 11:58 PM
Getting SFTP logs from a chroot jail beairstos Linux - Server 1 10-01-2009 09:20 AM
chroot jail sftp users f1uke Linux - Security 1 07-28-2003 11:29 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 01:25 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration