Can't login when ssh user shell chroot with jailkit

Discussion in 'Installation/Configuration' started by webcimes, Oct 24, 2019.

  1. webcimes

    webcimes New Member

    Hi,

    I use debian 10 with ISPConfig 3.1 and I have try to create a "user shell" for connect with ssh.

    All works perfectly when I don't chroot the shell and I can login with ssh, but if I try to select "jailkit" for chroot I can't connect with ssh and I get :
    "Connection to myvps.com closed."

    When I look inside /etc/passwd I see my user shell "webskyssh" (client1 / web1) :
    web1:x:5004:5005::/var/www/clients/client1/web1/./home/web1:/usr/sbin/jk_chrootsh
    webskyssh:x:5004:5006::/var/www/clients/client1/web1/./home/webskyssh:/usr/sbin/jk_chrootsh

    So I don't understand why I can't login when I chroot the "user shell" with jailkit ?

    Thanks for your help
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Maybe jailkit is not installed correctly?
     
  3. webcimes

    webcimes New Member

    Maybe but I have got no error during the installation / setup of ispconfig (I have also look in the log).
    I will try to install again all ISPConfig on fresh debian and I will see if the problem come back.
    Thanks
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Any additional errors in syslog or auth.log file (in /var/log/ directory)?
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    And just to be sure, you used an ssh client like putty for the connection, you did not try to use SFTP? As SFTP components are not in the jail by default.
     
  6. webcimes

    webcimes New Member

    Thanks for your answer.

    I have try with "bash" to connect with ssh, and also with SFTP, and the both don't work if I put "jailkit" (the both works if I don't put "jailkit").

    I have look into the log, in syslog I see nothing special, but in auth log I have this error (permissions problem ?) :

    Oct 25 09:11:36 vps745325 sshd[2153]: Accepted password for webskyssh from 91.171.117.74 port 3533 ssh2
    Oct 25 09:11:36 vps745325 sshd[2153]: pam_unix(sshd:session): session opened for user webskyssh by (uid=0)
    Oct 25 09:11:36 vps745325 systemd-logind[472]: New session 43 of user web1.
    Oct 25 09:11:36 vps745325 systemd: pam_unix(systemd-user:session): session opened for user web1 by (uid=0)
    Oct 25 09:11:36 vps745325 jk_chrootsh[2173]: now entering jail /var/www/clients/client1/web1 for user webskyssh (5004) with arguments
    Oct 25 09:11:36 vps745325 jk_chrootsh[2173]: ERROR: failed to execute shell /bin/bash for user webskyssh (5004), check the permissions and libraries of /var/www/clients/client1/web1//bin/bash
    Oct 25 09:11:36 vps745325 sshd[2172]: Received disconnect from 91.171.117.74 port 3533:11: disconnected by user
    Oct 25 09:11:36 vps745325 sshd[2172]: Disconnected from user webskyssh 91.171.117.74 port 3533
    Oct 25 09:11:36 vps745325 systemd-logind[472]: Session 43 logged out. Waiting for processes to exit.
    Oct 25 09:11:36 vps745325 sshd[2153]: pam_unix(sshd:session): session closed for user webskyssh
    Oct 25 09:11:36 vps745325 systemd-logind[472]: Removed session 43.

    Thank you
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    Please run:

    ls -la /var/www/clients/client1/web1/bin/bash

    and post the result
     
  8. webcimes

    webcimes New Member

    No folder like this in this repertory :

    ls: cannot access to '/var/www/clients/client1/web1/bin/bash': no such file or directory
     
  9. webcimes

    webcimes New Member

    Why the "bin/bash" folder doesn't create, have you an idea ?
    You think it's better than I install again ISPConfig ?
     
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    bash is a file and not a folder. Does the folder /var/www/clients/client1/web1/bin/ exists?
     
  11. webcimes

    webcimes New Member

    No it also doesn't exist, here all the folders that I have inside "web1" folder :

    drwxr-xr-x 2 web1 client1 4096 oct. 24 17:05 cgi-bin
    drwxr-xr-x 2 root root 4096 oct. 24 23:51 etc
    drwxr-xr-x 4 root root 4096 oct. 24 22:11 home
    drwxr-xr-x 2 root root 4096 oct. 25 09:03 log
    drwx--x--- 2 web1 client1 4096 oct. 24 17:05 private
    drwxr-xr-x 2 root root 4096 oct. 24 17:05 ssl
    drwxrwxrwx 2 web1 client1 12288 oct. 25 11:03 tmp
    drwxr-xr-x 3 root root 4096 oct. 24 22:11 var
    drwx--x--x 10 web1 client1 4096 oct. 24 23:00 web
    drwx--x--- 2 web1 client1 4096 oct. 24 17:05 webdav
     
  12. webcimes

    webcimes New Member

    You think the problem come from jailkit ?
    I have try to create other website (web2) and the "/bin" folder isn't create too, but it's jailkit who create this folder or ISPConfig ?

    Thanks
     
  13. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    What show commands
    Code:
    apt-cache policy jailkit
    jk_list
     
  14. webcimes

    webcimes New Member

    apt-cache policy jailkit :
    Code:
    jailkit:
      Installé : 2.20-1
      Candidat : 2.20-1
     Table de version :
     *** 2.20-1 100
            100 /var/lib/dpkg/status
    
    jk_list :
    Code:
    Pid    User    Jail               Command
    1169   dovecot /run/dovecot/empty /usr/lib/dovecot/stats
    548    dovecot /run/dovecot/empty /usr/lib/dovecot/anvil
    18755  sshd    /run/sshd          /usr/sbin/sshd
    14417  postfix /var/spool/postfix /usr/lib/postfix/sbin/pickup -l -t unix -u -c
    9900   postfix /var/spool/postfix /usr/lib/postfix/sbin/tlsmgr -l -t unix -u -c
    
    Thanks for your help
     
  15. till

    till Super Moderator Staff Member ISPConfig Developer

    The folder is created by Jailkit at the time the jail gets created. Did you change any jailkit settings under system > server config?
     
  16. webcimes

    webcimes New Member

    Okay thank you, no I have change nothing into jailkit, here a screenshot of what I see in the config :

    upload_2019-10-25_15-34-7.png

    All seems normal ?
     
  17. jcvieira

    jcvieira New Member

    Hello, i have the same problem, did you managed to resolve this?
     
  18. webcimes

    webcimes New Member

    Hi, no sorry I haven't found a solution for this problem :/ , if you found the solution, please tell me, thanks :)
     
    jcvieira likes this.
  19. Jesse Norell

    Jesse Norell Well-Known Member

    The jailkit setup is not known to have any general "doesn't work" issues, so likely you will both have to troubleshoot your issued individually.

    Maybe start with ensuring jailkit is installed, run update.php from the ispconfig install source and let it reconfigure services if you haven't done that lately; dd a jailkit ssh user and look at the entry which gets added, which will point to the appropriate /var/www/clients/client#/web#/ directory, and see what got added there (eg. bin/ etc/ dev/ etc. ?).

    You might enable debug mode for your server and run server.sh manually to see what debugging info is printed when adding a jailkit user to a fresh website (ie. one for which you have not tried to configure jailkit previously).
     
    till likes this.

Share This Page