SSH jailkit problem

[Andreas0815]

Hi!

I've created an SSH user with 'jailkit' (v2.13).

The folders "bin", "dev" etc has been created inside the home directory /var/www/xyz, so everything should work fine.

When I try to log in via PuTTY, I get a "Connection closed by remote host" after giving username and password. The only think I see is the welcome text from landscape-common

Code:

login as: blog_***_de1
blog_***_de1@***'s password:
Linux ***.de 2.6.35.5-x86_64-jb1 #2 SMP Tue Sep 21 11:03:08 CEST 2010 x86_64 GNU/Linux
Ubuntu 10.04.1 LTS

Welcome to Ubuntu!
 * Documentation:  https://help.ubuntu.com/

  System information as of Mon Nov  1 13:22:38 CET 2010

  System load:  0.06               Processes:           160
  Usage of /:   16.1% of 98.43GB   Users logged in:     1
  Memory usage: 25%                IP address for eth0: ***
  Swap usage:   0%

  Graph this data and manage this system at https://landscape.canonical.com/
Last login: Mon Nov  1 13:20:42 2010 from ***

How can I fix this?

Thank you!

[falko]

Any errors in your logs? What does the /etc/passwd line for that user look like?

[Andreas0815]

Hi!

In /var/log/auth.log

Code:

Nov  3 21:07:18 host sshd[6144]: Accepted password for <user> from 1.2.3.4 port 56420 ssh2
Nov  3 21:07:18 host sshd[6144]: pam_unix(sshd:session): session opened for user <user> by (uid=0)
Nov  3 21:07:18 host sshd[6144]: pam_unix(sshd:session): session closed for user <user>

/etc/passwd:

Code:

<user>:x:5009:5010::/var/www/clients/client4/web4:/bin/false

[falko]

/bin/false is the wrong shell. Did you enable shell access for that web site/user?

[Andreas0815]

Hi Falko,

yeah, shell access is enabled. See attached screenshots.

If I choose "None" for Chroot Shell the login works pretty fine.

[falko]

Did you install jailkit before you installed ISPConfig?

Can you change the shell from /bin/false to /usr/sbin/jk_chrootsh manually in /etc/passwd and test if it works then?

[Andreas0815]

Hi Falko,

if I change the shell manually I get

Code:

Nov  7 18:54:05 xxx sshd[27213]: Accepted password for *** from 80.137.100.158 port 57565 ssh2
Nov  7 18:54:05 xxx sshd[27213]: pam_unix(sshd:session): session opened for user *** by (uid=0)
Nov  7 18:54:05 xxx jk_chrootsh[27247]: abort, homedir '/var/www/clients/client4/web4' for user *** (5009) does not contain the jail separator <jail>/./<home>
Nov  7 18:54:05 xxx sshd[27213]: pam_unix(sshd:session): session closed for user ***

I installed jailkit before ISPConfig, but I updated it to the most recent version a few days before.

[falko]

Quote:

Originally Posted by Andreas0815

but I updated it to the most recent version a few days before.

I'm not sure if that is the problem maybe. Did Jailkit work before? Or didn't you try it?

[pavljiks]

Installed and tested two times.
Same setup: ISPConfig 3.0.3.1. Ubuntu 10.10 and Jailkit 2.12-1 (installed before ISPConfig).

When i create a shell user with chroot - Jailkit
i have:

/etc/passwd

Code:

heino1:x:5004:5005::/var/www/clients/client1/web1/./home/heino1:/bin/false

i try to connect using ssh and in /var/log/auth.log i see:

Code:

Dec 28 17:56:00 server1 sshd[31363]: Accepted password for heino1 from 87.110.9.38 port 9435 ssh2
Dec 28 17:56:00 server1 sshd[31363]: pam_unix(sshd:session): session opened for user heino1 by (uid=0)
Dec 28 17:56:00 server1 sshd[31363]: pam_unix(sshd:session): session closed for user heino1

I change shell manually:

Code:

usermod -s /usr/sbin/jk_chrootsh heino1

Dec 28 17:57:34 server1 usermod[31398]: change user 'heino1' shell from '/bin/false' to '/usr/sbin/jk_chrootsh'

in final i have this in auth.log

Code:

Dec 28 17:58:33 server1 sshd[31414]: pam_unix(sshd:session): session opened for user heino1 by (uid=0)
Dec 28 17:58:33 server1 jk_chrootsh[31430]: now entering jail /var/www/clients/client1/web1 for user heino1 (5004)
Dec 28 17:58:33 server1 jk_chrootsh[31430]: ERROR: failed to execute shell /bin/bash for user heino1 (5004), check the permissions and libraries of /var/www/clients/client1/web1//bin/bash
Dec 28 17:58:33 server1 sshd[31414]: pam_unix(sshd:session): session closed for user heino1

As in the begining said. Installed and tested two times. In correct order (as manual instructs).

PS. without jailkit everything works fine. But not so secure as i want.

[spazio]

Distro:
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=10.04
DISTRIB_CODENAME=lucid
DISTRIB_DESCRIPTION="Ubuntu 10.04.1 LTS"

And I did install jailkit before ispconfig 3

Anybody has and idea on this!