Fedora 14, ISPConfig 3, Chrooted SSH SFTP does not work

Discussion in 'General' started by alecksmart, Nov 20, 2010.

  1. alecksmart

    alecksmart New Member

    The help would be greatly appreciated with the below issue.

    I was following the instructions in http://www.howtoforge.com/perfect-server-fedora-14-x86_64-ispconfig-3-p5, jailkit installed BEFORE ispconfig.

    I created a user for a web site with "Jailkit" option selected. After some small time:

    $ cat /etc/passwd|grep [username]
    - shows the user is really present, the dotted home dir is ok. Trying to log in with this user, I can never log in:

    $ ssh [user]@[host]
    [user]@[host]'s password: 
    Last login: Sat Nov 20 18:45:06 2010 from [xxx]
    Connection to [host] closed.
    I change the user's option: "Chroot Shell" from "Jailkit" to "None". The home dir for user in /etc/passwd is without the dot, and I can log in, but the access is not chroot`ed, I can see the whole system.

    -bash-4.1$ pwd
    -bash-4.1$ cd /
    -bash-4.1$ pwd
    -bash-4.1$ ls -l
    total 138
    -rw-------    1 root root  9216 Nov 20 18:57 aquota.group
    -rw-------    1 root root  9216 Nov 20 18:57 aquota.user
    dr-xr-xr-x.   2 root root  4096 Nov 20 03:15 bin
    ... [skipped]
    drwxr-xr-x.  13 root root  4096 Nov 16 11:13 usr
    drwxr-xr-x.  24 root root  4096 Nov 19 09:36 var
    As far as I have found out on this forum, using patched sshd is not recommended for ISPConfig 3.

    I have also noticed that jailkit is not running as service (it should not?):

    $ ps ax|grep jail
    12082 pts/2    S+     0:00 grep --color=auto jail
    $ sudo service jailkit status
    jailkit: unrecognized service
    Any feedback should be appreciated.
  2. alecksmart

    alecksmart New Member

    Is there anything wrong with the question :rolleyes: ?

    I would really appreciate just any feedback...
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    There is nothing wrong with that question. If you dont get an answer, the nobody has experienced that before or know the answer...

    sshd has not to be patched for jailkit.

    jailkit is a toolkit to create jailed enviroments plus a shell binary. Its not a service.

    Do you get any errors in the syslog or messages log?
  4. alecksmart

    alecksmart New Member

    I see, sorry for being impatient, thanks for the feedback.

    Absolutely nothing of interest in the logs on the topic.

    I can log in with ftp/sft/ssh, but the last two give me the possibility to browse the whole system.

    The necessity for this post was connected with the urgent need to use the ISPConfig 3 software (totally new to me) on a new server and I had no time to investigate the problem deeper (still in the process of moving my sites between servers). I will read more stuff on the software as soon as I am done with it.

    In the meantime, would you want me to post any logs which can throw the light on the problem?

    Anyway, thank you, again, for the feedback.

Share This Page