Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 30th July 2012, 19:51
driverdave driverdave is offline
Junior Member
 
Join Date: Nov 2008
Posts: 11
Thanks: 0
Thanked 5 Times in 2 Posts
Default Ubuntu 12 / ISPConfig 3 / Jailkit & SFTP

hi,

i am using ubuntu 12 and ispconfig. i followed instructions here: http://www.howtoforge.com/perfect-se...ot-ispconfig-3

everything seems to be working (although quotas did not work from the instructions above) except i cannot SFTP with a shell user created with the "Chroot Shell" option enabled.

when SSH, the username and password is accepted. when using an SFTP client such as transmit (OSX), i get the error "username and password has been rejected". the server logs do not reflect this error, the client simply disconnects.

SFTP is enabled in the ispconfig server setup (the jailkit tab under Jailkit chroot app sections). should i add the server path for sftp under Jailkit chrooted applications?

SFTP with jailed users works fine for our CENTOS based box.

our main concern is giving someone an SFTP or FTP login that is locked to a directory, without them having to know what directory to upload files into.

has anyone been successful is getting SFTP with jailed users to work with ubuntu 12 and ispconfig 3? i've scoured the forums and have not been successful.

i've included the auth.log entry from an SFTP attempt below. i'm not seeing any errors. should i be looking in a different log file?

thanks,
- dave



/var/log/auth.log
Jul 30 17:42:05 srv3 sshd[2124]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
Jul 30 17:42:25 srv3 sshd[2191]: Accepted password for usernamehere from iphere port 52894 ssh2
Jul 30 17:42:25 srv3 sshd[2191]: pam_unix(sshd:session): session opened for user usernamehere by (uid=0)
Jul 30 17:42:26 srv3 sshd[2326]: subsystem request for sftp by user usernamehere
Jul 30 17:42:26 srv3 jk_chrootsh[2327]: now entering jail /var/www/clients/client1/web4 for user usernamehere (5006) with arguments -c /usr/lib/openssh/sftp-server
Jul 30 17:42:26 srv3 sshd[2326]: Received disconnect from clientsideiphere: 11: disconnected by user
Jul 30 17:42:26 srv3 sshd[2191]: pam_unix(sshd:session): session closed for user usernamehere



client side transmit log
Transmit 4.0.6 (x86_64) Session Transcript [Version 10.7.4 (Build 11E53)] (7/30/12 1:42 PM)
Connecting to serveriphere

Disconnecting from server…
Reply With Quote
Sponsored Links
  #2  
Old 31st July 2012, 19:14
driverdave driverdave is offline
Junior Member
 
Join Date: Nov 2008
Posts: 11
Thanks: 0
Thanked 5 Times in 2 Posts
Default

i've made some progress.

first, the subsystem in sshd_config needs to be edited.

vi /etc/ssh/sshd_config

change

Subsystem sftp /usr/lib/openssh/sftp-server

to

Subsystem sftp internal-sftp

this will allow you to SFTP, but the user is not actually jailed to any directory. to do this, you need to add the following to sshd_config

Match Group client0
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no

%h is the user's home directory. this needs to be owned by root in order for the jail to work.

and finally, you need to create a directory for the user to SFTP files into in their home directory, with the user's permissions.

i'm going to dig around ispconfig's code to see if i can automate this. or maybe add users outside of ispconfig, since i think the root permissions on their directories may not be the best thing.
Reply With Quote
  #3  
Old 27th May 2013, 18:43
symka symka is offline
Junior Member
 
Join Date: May 2013
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

The problem I was facing too

But here: http://symka.blogspot.com/2013/05/ja...1204-sftp.html you can find answer and solution.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Version 1.3 of the ISPConfig 3 Manual is finally available! falko General 44 2nd December 2011 12:04
Control Panel - E-mail Tab is empty domi-nik General 15 14th April 2011 18:17
SquirrelMail login not working glenneh Installation/Configuration 13 9th April 2011 20:01
Ubuntu 10.04 and ISPConfig 3.0.2.2 Batmanatthenewb Installation/Configuration 12 2nd August 2010 07:36
Ubuntu 8 LTS Server ISPCONFIG t.roijers General 12 26th April 2008 11:15


All times are GMT +2. The time now is 13:09.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.