Unable to connect through sftp for a jailed user
Below are the steps followed:
1. create filesystem( /wlslogs ) to be used as the jail; ownership = root:root; permissions = 755
2. copy executable( sftp, scp, ksh ) from their source locations( /usr/bin/sftp ) into the jail ( /wlslogs/usr/bin/sftp )
3. find required library files for the executables with the 'ldd' command and copy them into the jail( /wlslogs/lib64.... ); this included both regular files and any links that might exist
4. add user id and jail directory to /etc/security/chroot.conf;
i400742 /wlslogs
5. if not already there, add line below to /etc/pam.d/sshd
session required pam_chroot.so
6. add 'UsePAM yes' to /etc/ssh/sshd_config
7. in the jail( /wlslogs ) -
- files etc/group, etc/passwd and directory home should include only the user that will access the jail
When i try to do sftp -vvv i400742@naohdubjsi501 i get below error:
debug1: fd 0 clearing O_NONBLOCK
debug3: fd 1 is not O_NONBLOCK
Transferred: sent 1760, received 2040 bytes, in 0.4 seconds
Bytes per second: sent 4824.4, received 5591.9
debug1: Exit status 1
Connection closed
If I comment out the line below from /etc/security/chroot.conf, I can successfully sftp as i400742 using WinSCP or the command line.
#i400742 /wlslogs
I am also able to connect via command line 'sftp' or WinSCP if I change permissions on /wlslogs to be 777.
Can anyone assist me what is wrong i am doing.
|