Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 1st November 2010, 14:27
Andreas0815 Andreas0815 is offline
Junior Member
 
Join Date: Jun 2010
Posts: 27
Thanks: 0
Thanked 2 Times in 2 Posts
Default SSH jailkit problem

Hi!

I've created an SSH user with 'jailkit' (v2.13).

The folders "bin", "dev" etc has been created inside the home directory /var/www/xyz, so everything should work fine.

When I try to log in via PuTTY, I get a "Connection closed by remote host" after giving username and password. The only think I see is the welcome text from landscape-common
Code:
login as: blog_***_de1
blog_***_de1@***'s password:
Linux ***.de 2.6.35.5-x86_64-jb1 #2 SMP Tue Sep 21 11:03:08 CEST 2010 x86_64 GNU/Linux
Ubuntu 10.04.1 LTS

Welcome to Ubuntu!
 * Documentation:  https://help.ubuntu.com/

  System information as of Mon Nov  1 13:22:38 CET 2010

  System load:  0.06               Processes:           160
  Usage of /:   16.1% of 98.43GB   Users logged in:     1
  Memory usage: 25%                IP address for eth0: ***
  Swap usage:   0%

  Graph this data and manage this system at https://landscape.canonical.com/
Last login: Mon Nov  1 13:20:42 2010 from ***
How can I fix this?

Thank you!
Reply With Quote
Sponsored Links
  #2  
Old 2nd November 2010, 19:15
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,745 Times in 2,578 Posts
Default

Any errors in your logs? What does the /etc/passwd line for that user look like?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 3rd November 2010, 22:10
Andreas0815 Andreas0815 is offline
Junior Member
 
Join Date: Jun 2010
Posts: 27
Thanks: 0
Thanked 2 Times in 2 Posts
Default

Hi!

In /var/log/auth.log
Code:
Nov  3 21:07:18 host sshd[6144]: Accepted password for <user> from 1.2.3.4 port 56420 ssh2
Nov  3 21:07:18 host sshd[6144]: pam_unix(sshd:session): session opened for user <user> by (uid=0)
Nov  3 21:07:18 host sshd[6144]: pam_unix(sshd:session): session closed for user <user>
/etc/passwd:
Code:
<user>:x:5009:5010::/var/www/clients/client4/web4:/bin/false
Reply With Quote
  #4  
Old 4th November 2010, 20:02
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,745 Times in 2,578 Posts
Default

/bin/false is the wrong shell. Did you enable shell access for that web site/user?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 4th November 2010, 20:48
Andreas0815 Andreas0815 is offline
Junior Member
 
Join Date: Jun 2010
Posts: 27
Thanks: 0
Thanked 2 Times in 2 Posts
Default

Hi Falko,

yeah, shell access is enabled. See attached screenshots.

If I choose "None" for Chroot Shell the login works pretty fine.
Attached Images
  
Reply With Quote
  #6  
Old 5th November 2010, 16:06
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,745 Times in 2,578 Posts
Default

Did you install jailkit before you installed ISPConfig?

Can you change the shell from /bin/false to /usr/sbin/jk_chrootsh manually in /etc/passwd and test if it works then?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 7th November 2010, 19:55
Andreas0815 Andreas0815 is offline
Junior Member
 
Join Date: Jun 2010
Posts: 27
Thanks: 0
Thanked 2 Times in 2 Posts
Default

Hi Falko,

if I change the shell manually I get
Code:
Nov  7 18:54:05 xxx sshd[27213]: Accepted password for *** from 80.137.100.158 port 57565 ssh2
Nov  7 18:54:05 xxx sshd[27213]: pam_unix(sshd:session): session opened for user *** by (uid=0)
Nov  7 18:54:05 xxx jk_chrootsh[27247]: abort, homedir '/var/www/clients/client4/web4' for user *** (5009) does not contain the jail separator <jail>/./<home>
Nov  7 18:54:05 xxx sshd[27213]: pam_unix(sshd:session): session closed for user ***
I installed jailkit before ISPConfig, but I updated it to the most recent version a few days before.
Reply With Quote
  #8  
Old 8th November 2010, 16:02
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,745 Times in 2,578 Posts
Default

Quote:
Originally Posted by Andreas0815 View Post
but I updated it to the most recent version a few days before.
I'm not sure if that is the problem maybe. Did Jailkit work before? Or didn't you try it?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #9  
Old 28th December 2010, 19:00
pavljiks pavljiks is offline
Junior Member
 
Join Date: Dec 2010
Posts: 17
Thanks: 2
Thanked 0 Times in 0 Posts
Default

Installed and tested two times.
Same setup: ISPConfig 3.0.3.1. Ubuntu 10.10 and Jailkit 2.12-1 (installed before ISPConfig).

When i create a shell user with chroot - Jailkit
i have:

/etc/passwd
Code:
heino1:x:5004:5005::/var/www/clients/client1/web1/./home/heino1:/bin/false
i try to connect using ssh and in /var/log/auth.log i see:
Code:
Dec 28 17:56:00 server1 sshd[31363]: Accepted password for heino1 from 87.110.9.38 port 9435 ssh2
Dec 28 17:56:00 server1 sshd[31363]: pam_unix(sshd:session): session opened for user heino1 by (uid=0)
Dec 28 17:56:00 server1 sshd[31363]: pam_unix(sshd:session): session closed for user heino1
I change shell manually:
Code:
usermod -s /usr/sbin/jk_chrootsh heino1

Dec 28 17:57:34 server1 usermod[31398]: change user 'heino1' shell from '/bin/false' to '/usr/sbin/jk_chrootsh'
in final i have this in auth.log
Code:
Dec 28 17:58:33 server1 sshd[31414]: pam_unix(sshd:session): session opened for user heino1 by (uid=0)
Dec 28 17:58:33 server1 jk_chrootsh[31430]: now entering jail /var/www/clients/client1/web1 for user heino1 (5004)
Dec 28 17:58:33 server1 jk_chrootsh[31430]: ERROR: failed to execute shell /bin/bash for user heino1 (5004), check the permissions and libraries of /var/www/clients/client1/web1//bin/bash
Dec 28 17:58:33 server1 sshd[31414]: pam_unix(sshd:session): session closed for user heino1
As in the begining said. Installed and tested two times. In correct order (as manual instructs).

PS. without jailkit everything works fine. But not so secure as i want.
Reply With Quote
  #10  
Old 11th January 2011, 19:00
spazio spazio is offline
Member
 
Join Date: Apr 2007
Posts: 38
Thanks: 1
Thanked 2 Times in 2 Posts
 
Default I Have the same problem!

Distro:
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=10.04
DISTRIB_CODENAME=lucid
DISTRIB_DESCRIPTION="Ubuntu 10.04.1 LTS"

And I did install jailkit before ispconfig 3

Anybody has and idea on this!
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
postfix problems with smtp linkdeb Server Operation 13 15th March 2014 18:58
setting up chrooted ssh user, jailkit installed after ispconfig bn61 Installation/Configuration 7 5th May 2011 17:02
Email problem 'Cannot set my user or group id.' (using ISPConfig 3 + OpenSuSE 11.2) urosm Installation/Configuration 5 19th June 2010 23:41
ssh security problem... Jonathan Installation/Configuration 1 26th May 2006 02:59
problem with ssh security Jonathan Installation/Configuration 1 26th May 2006 02:52


All times are GMT +2. The time now is 11:21.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.