HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   General (http://www.howtoforge.com/forums/forumdisplay.php?f=25)
-   -   SFTP login and Jailkit problem (http://www.howtoforge.com/forums/showthread.php?t=58263)

jvargas 14th August 2012 22:55

SFTP login and Jailkit problem
 
Hi,

I am dealing with some login issues to open a SFTP session through Jailkit.

Jailkit was installed during ISPC install (I mean before). When a site's shell user is created, the ISPC log shows debugging information but no errors.

However, when the user tries to login, it's sucessfully authenticated bu an error appears on auth.log:

Code:


Aug 14 14:09:04 gd-web-linux-001 sshd[13292]: Accepted password for gdigital_sandbox from 201.191.123.42 port 34384 ssh2
Aug 14 14:09:04 gd-web-linux-001 sshd[13292]: pam_unix(sshd:session): session opened for user gdigital_sandbox by (uid=0)
Aug 14 14:09:05 gd-web-linux-001 sshd[13424]: subsystem request for sftp by user gdigital_sandbox
Aug 14 14:09:05 gd-web-linux-001 jk_chrootsh[13425]: now entering jail /var/www/clients/client2/web1 for user gdigital_sandbox (5004) with arguments -c /usr/lib/openssh/sftp-server
Aug 14 14:09:05 gd-web-linux-001 jk_chrootsh[13425]: ERROR: failed to execute shell /bin/bash for user gdigital_sandbox (5004), check the permissions and libraries of /var/www/clients/client2/web1//bin/bash
Aug 14 14:09:05 gd-web-linux-001 sshd[13292]: pam_unix(sshd:session): session closed for user gdigital_sandbox

Clearly, the error says this shell /var/www/clients/client2/web1//bin/bash doesn't exists, and it's true.

Should this shell exist? What would be the expected shell in /etc/passwd for the recently created shell user?

How can I fix it by hand for testing purposes, and how can I do by default since now?

This is the log of ISPC when creating this shell user, I see no error on it, right?

Code:

14.08.2012-20:07 - DEBUG - Found 1 changes, starting update process.
14.08.2012-20:07 - DEBUG - Calling function 'insert' from plugin 'shelluser_base_plugin' raised by event 'shell_user_insert'.
14.08.2012-20:07 - DEBUG - Executed command: useradd -d /var/www/clients/client2/web1 -g client2 -o  -p \$1\$G7BRc1eu\$vgz0iRZkUPb7zffb
3/AxO0 -s /bin/bash -u 5004 gdigital_sandbox
14.08.2012-20:07 - DEBUG - Added shelluser: gdigital_sandbox
14.08.2012-20:07 - DEBUG - ssh-rsa setup shelluser_base
14.08.2012-20:07 - DEBUG - ssh-rsa keypair generated for gdigital
14.08.2012-20:07 - DEBUG - ssh-rsa authorisation keyfile created in /var/www/clients/client2/web1/.ssh/authorized_keys
14.08.2012-20:07 - DEBUG - ssh-rsa key updated in /var/www/clients/client2/web1/.ssh/authorized_keys
14.08.2012-20:07 - DEBUG - Disabling shelluser temporarily: usermod -s /bin/false -L gdigital_sandbox
14.08.2012-20:07 - DEBUG - Calling function 'insert' from plugin 'shelluser_jailkit_plugin' raised by event 'shell_user_insert'.
14.08.2012-20:07 - DEBUG - exec: chmod 755 /var/www/clients/client2/web1
14.08.2012-20:07 - DEBUG - exec: chown root:root /var/www/clients/client2/web1
14.08.2012-20:07 - DEBUG - Added jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_chroot.sh /var/www/clients/client2/web1 'basicshell editors extendedshell netutils ssh sftp scp groups jk_lsh'
14.08.2012-20:07 - DEBUG - Added programs to jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_programs.sh /var/www/clients/client2/web1 '/usr/bin/groups /usr/bin/id /usr/bin/dircolors /usr/bin/lesspipe /usr/bin/basename /usr/bin/dirname /usr/bin/nano /usr/bin/pico'
14.08.2012-20:07 - DEBUG - Added bashrc scrpt : /var/www/clients/client2/web1/etc/bash.bashrc
14.08.2012-20:07 - DEBUG - Added jailkit user to chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_user.sh gdigital_sandbox /var/www/clients/client2/web1 /home/gdigital_sandbox /bin/bash web1 /home/web1
14.08.2012-20:07 - DEBUG - Added created jailkit user home in : /var/www/clients/client2/web1/home/gdigital_sandbox
14.08.2012-20:07 - DEBUG - Added jailkit parent user home in : /var/www/clients/client2/web1/home/web1
14.08.2012-20:07 - DEBUG - ssh-rsa setup shelluser_jailkit
14.08.2012-20:07 - DEBUG - ssh-rsa authorisation keyfile created in /var/www/clients/client2/web1//home/gdigital_sandbox/.ssh/authorized_keys
14.08.2012-20:07 - DEBUG - ssh-rsa key updated in /var/www/clients/client2/web1//home/gdigital_sandbox/.ssh/authorized_keys
14.08.2012-20:07 - DEBUG - exec: chmod 755 /var/www/clients/client2/web1
14.08.2012-20:07 - DEBUG - exec: chown root:root /var/www/clients/client2/web1
14.08.2012-20:07 - DEBUG - Jailkit Plugin -> insert username:gdigital_sandbox
14.08.2012-20:07 - DEBUG - Processed datalog_id 55

I already tried with another user, and the same problem appears. The user is able to log in, but due to inexistence of that shell, it stops.

At this point, I have no idea what else I can do. Any help will be appreciated.

till 15th August 2012 08:56

run:

jk_cp -j /var/www/clients/client2/web1 /bin/bash

to test it. See here for details:

http://olivier.sessink.nl/jailkit/jk_cp.8.html

you can configure the applications that get copied to the jail in the jailkit settings in ispconfig.

Btw, I wont use sftp as it requires you to create a shell user. If you want to get secure file transfers, use ftps which is ftp over ssl, this is as secure as sftp but does not require a separate shell user and jail and works out of the box with a ftp user account.


All times are GMT +2. The time now is 21:37.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.