LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   SFTP and Jailkit (https://www.linuxquestions.org/questions/linux-server-73/sftp-and-jailkit-573951/)

Darkstar274 08-01-2007 10:29 AM
SFTP and Jailkit
 
Hey Everyone!

Trust me when I say this - I've Google'd this beyond belief and definitely RTFM'd this one. I'm trying to setup a SFTP and limit user access with Jailkit from http://olivier.sessink.nl on a Fedora Core 6 box. SELinux is disabled and so is the firewall.

Here is the config for the jk_init.ini file for SFTP and SCP:

Code:
[scp]
comment = ssh secure copy
executables = /usr/bin/scp
includesections = netbasics, uidbasics
devices = /dev/urandom

[sftp]
comment = ssh secure ftp
executables = /usr/lib/sftp-server, /usr/libexec/openssh/sftp-server, /usr/lib/misc/sftp-server, /usr/libexec/sftp-server
includesections = netbasics, uidbasics
devices = /dev/urandom, /dev/null

[jk_lsh]
comment = Jailkit limited shell
executables = /usr/sbin/jk_lsh
regularfiles = /etc/jailkit/jk_lsh.ini
users = root
groups = root
need_logsocket = 1
includesections = uidbasics
Which works because because the path to the executables can be found with:

Code:
find / -iname 'scp'; find / -iname 'sftp-server'
Next, I create my jail directory:

Code:
mkdir /var/jail
Next, I copy the files needed to make SFTP, SCP and the Jailkit shell to work:

Code:
jk_init -v -j /var/jail sftp scp jk_lsh
No errors during the copy.

Create my user and password change:

Code:
useradd testuser; passwd testuser
Next I jail the user which copies their home directory into the jail and modifies the /etc/passwd file:

Code:
jk_jailuser -m -j /var/jail testuser

This is my /etc/passwd file:

Code:
testuser:x:500:500::/var/jail/./home/testuser:/usr/sbin/jk_chrootsh

This is my /var/jail/etc/passwd file:

Code:
root:x:0:0:root:/root:/bin/bash
testuser:x:500:500::/home/testuser:/usr/sbin/jk_lsh
Finally, I modify my /var/jail/etc/jailkit/jk_lsh.ini file so the jailed user can start the executables, etc.

Code:
[testuser]
paths = /usr/bin, /usr/lib
executables = /usr/bin/scp, /usr/lib/sftp-server, /usr/lib/openssh/sftp-server, /usr/libexec/sftp-server
Now the testing:

Code:
sftp testuser@localhost
Connecting to localhost...
testuser@localhost's password:
Connection closed
Code:
tail -f /var/log/messages


Aug  1 06:24:55 localhost jk_chrootsh[28352]: now entering jail /var/jail for user testuser (500)
Code:

tail -f /var/log/secure

Aug  1 06:24:55 localhost sshd[28349]: Accepted password for testuser from 127.0.0.1 port 47725 ssh2
Aug  1 06:24:55 localhost sshd[28349]: pam_unix(sshd:session): session opened for user testuser by (uid=0)
Aug  1 06:24:55 localhost sshd[28351]: subsystem request for sftp
Aug  1 06:24:55 localhost sshd[28349]: pam_unix(sshd:session): session closed for user testuser
I'm stumped. If anyone can help that would rock!!!

Thanks!

w3bd3vil 08-02-2007 04:40 AM
*post withdrawn*

gfem 08-20-2007 05:25 PM
Did you find the answer I am having the same problem.

nbrew 01-16-2009 12:38 PM
Check the Paths and Libraries
 
I just experienced the same issue. My solution was to check that all libs were installed and that the path to sftp-server was correct.

On a CentOS 5 box with most pkgs installed via yum, the path to sftp-server is /usr/libexec/openssh/sftp-server.

Additionally, I found (by running `ldd /usr/libexec/openssh/sftp-server`) that it required /usr/lib/libk5crypto.so.3 and /usr/lib/libk5crypto.so.3.1

HTH

Nathan

angelo.fonzeca 05-12-2010 02:42 AM
Jailkit howto
 
Hi All!
This thread is old but I think that many people arrive here by googling.

Because of many problems about setting up jailkit, I've got written a post on my blog about it... take a look here.

I hope this helps. ;)

Bye
Angelo Fonzeca


All times are GMT -5. The time now is 12:47 PM.