View Single Post
  #1  
Old 17th May 2013, 14:27
stef70 stef70 is offline
Junior Member
 
Join Date: May 2013
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default Jailkit + SSH_ORIGINAL_COMMAND

I am hosted on a site that uses ispconfig.

I created a ssh account to host a rsync server. I am trying to secure the ssh connection as indicated in http://troy.jdmz.net/rsync/index.html :

(1) In ~/.ssh/authorized_keys, prefix the ssh key with command="/home/bob/zzzzz.sh"
(2) In the script /home/bob/zzzzz.sh , filter the connection according to the environment variable SSH_ORIGINAL_COMMAND as shown on the above page.

The problem is that the ssh connection does not provide the environment variable SSH_ORIGINAL_COMMAND when the ssh user is chrooted with Jailkit.

I suspect that jailkit is filtering the environment variable. This is probably not a ssh server issue since the environment variable is there when the account is not chrooted.

I would appreciate some advices before I contact the site administrator (ideally with the solution)

To reproduce the problem:

(a) create a ssh user with a jailkit chroot

(b) prepend command="/bin/bash" to its ssh public key:
command="/bin/bash" ssh-rsa AAAAB3NzaC1yc2EAAAADAQ...

(c) log with 'ssh SERVER xxxxxx'
that should trigger a bash shell without a prompt

(d) list all environment variables with the bash command 'set'.
SSH_ORIGINAL_COMMAND should be xxxxxx but it is unset
Reply With Quote
Sponsored Links