LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
Reload this Page SFTP and Jailkit
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 08-01-2007, 10:29 AM   #1
Darkstar274
LQ Newbie
 
Registered: Sep 2003
Distribution: RH9, Mandrake, Knoppix, Fedora Core 1 & 2, Gentoo
Posts: 22

Rep: Reputation: 15
Unhappy SFTP and Jailkit

Hey Everyone!

Trust me when I say this - I've Google'd this beyond belief and definitely RTFM'd this one. I'm trying to setup a SFTP and limit user access with Jailkit from http://olivier.sessink.nl on a Fedora Core 6 box. SELinux is disabled and so is the firewall.

Here is the config for the jk_init.ini file for SFTP and SCP:

Code:
[scp]
comment = ssh secure copy
executables = /usr/bin/scp
includesections = netbasics, uidbasics
devices = /dev/urandom

[sftp]
comment = ssh secure ftp
executables = /usr/lib/sftp-server, /usr/libexec/openssh/sftp-server, /usr/lib/misc/sftp-server, /usr/libexec/sftp-server
includesections = netbasics, uidbasics
devices = /dev/urandom, /dev/null

[jk_lsh]
comment = Jailkit limited shell
executables = /usr/sbin/jk_lsh
regularfiles = /etc/jailkit/jk_lsh.ini
users = root
groups = root
need_logsocket = 1
includesections = uidbasics
Which works because because the path to the executables can be found with:

Code:
find / -iname 'scp'; find / -iname 'sftp-server'
Next, I create my jail directory:

Code:
mkdir /var/jail
Next, I copy the files needed to make SFTP, SCP and the Jailkit shell to work:

Code:
 jk_init -v -j /var/jail sftp scp jk_lsh
No errors during the copy.

Create my user and password change:

Code:
 useradd testuser; passwd testuser
Next I jail the user which copies their home directory into the jail and modifies the /etc/passwd file:

Code:
 jk_jailuser -m -j /var/jail testuser

This is my /etc/passwd file:

Code:
 testuser:x:500:500::/var/jail/./home/testuser:/usr/sbin/jk_chrootsh

This is my /var/jail/etc/passwd file:

Code:
root:x:0:0:root:/root:/bin/bash
testuser:x:500:500::/home/testuser:/usr/sbin/jk_lsh
Finally, I modify my /var/jail/etc/jailkit/jk_lsh.ini file so the jailed user can start the executables, etc.

Code:
[testuser]
paths = /usr/bin, /usr/lib
executables = /usr/bin/scp, /usr/lib/sftp-server, /usr/lib/openssh/sftp-server, /usr/libexec/sftp-server
Now the testing:

Code:
sftp testuser@localhost
Connecting to localhost...
testuser@localhost's password:
Connection closed
Code:
tail -f /var/log/messages


Aug  1 06:24:55 localhost jk_chrootsh[28352]: now entering jail /var/jail for user testuser (500)
Code:
tail -f /var/log/secure

Aug  1 06:24:55 localhost sshd[28349]: Accepted password for testuser from 127.0.0.1 port 47725 ssh2
Aug  1 06:24:55 localhost sshd[28349]: pam_unix(sshd:session): session opened for user testuser by (uid=0)
Aug  1 06:24:55 localhost sshd[28351]: subsystem request for sftp
Aug  1 06:24:55 localhost sshd[28349]: pam_unix(sshd:session): session closed for user testuser
I'm stumped. If anyone can help that would rock!!!

Thanks!
 
Old 08-02-2007, 04:40 AM   #2
w3bd3vil
Senior Member
 
Registered: Jun 2006
Location: Hyderabad, India
Distribution: Fedora
Posts: 1,191

Rep: Reputation: 49
*post withdrawn*
Last edited by w3bd3vil; 08-02-2007 at 05:00 AM.
 
Old 08-20-2007, 05:25 PM   #3
gfem
Member
 
Registered: Apr 2003
Distribution: Fedora
Posts: 126

Rep: Reputation: 15
Did you find the answer I am having the same problem.
 
Old 01-16-2009, 12:38 PM   #4
nbrew
LQ Newbie
 
Registered: Jan 2009
Posts: 1

Rep: Reputation: 0
Check the Paths and Libraries
I just experienced the same issue. My solution was to check that all libs were installed and that the path to sftp-server was correct.

On a CentOS 5 box with most pkgs installed via yum, the path to sftp-server is /usr/libexec/openssh/sftp-server.

Additionally, I found (by running `ldd /usr/libexec/openssh/sftp-server`) that it required /usr/lib/libk5crypto.so.3 and /usr/lib/libk5crypto.so.3.1

HTH

Nathan
 
Old 05-12-2010, 02:42 AM   #5
angelo.fonzeca
PerseusGuard Developer
 
Registered: Jul 2009
Distribution: OpenSuse, Ubuntu, CentOS
Posts: 6
Blog Entries: 7

Rep: Reputation: Disabled
Jailkit howto
Hi All!
This thread is old but I think that many people arrive here by googling.

Because of many problems about setting up jailkit, I've got written a post on my blog about it... take a look here.

I hope this helps.

Bye
Angelo Fonzeca
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Problems with Jailkit 2.3 GUI KoolK Ubuntu 0 03-27-2007 12:55 AM
Jailkit Problems OneEye Linux - Software 3 03-31-2006 01:44 AM
jailkit issues mithereal Linux - Software 3 01-22-2006 05:06 AM
How do I use sftp to upload my web site? (no sftp tar command) johnMG Linux - Networking 6 06-21-2005 09:14 PM
Files truncated by sftp/sftp-server at 65kb gato Linux - Networking 1 12-18-2003 10:29 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 04:12 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration