Jailkit not working ISPConfig

Discussion in 'Installation/Configuration' started by denmaddog, Feb 14, 2011.

  1. denmaddog

    denmaddog New Member

    I have setup my server based on tutorial Howto perfect server ISPConfig Ubuntu 10.10, but Jailkit isn't working. When I add shell user to some site and choose "Jailkit"( options are "None" and "Jailkit" ) option and then login via ssh as that user, the user can browse all system. Outputs are:

    tail -f /var/log/auth.log

    Feb 12 16:58:43 www sshd[4370]: Accepted password for bojana from 10.13.1.56 port 2128 ssh2
    Feb 12 16:58:43 www sshd[4370]: pam_unix(sshd:session): session opened for user bojana by (uid=0)
    Feb 12 16:58:44 www sshd[4370]: pam_unix(sshd:session): session closed for user bojana

    /etc/passwd

    web3:x:5006:5005::/var/www/clients/client1/web3/./home/web3:/bin/false

    bojana:x:5006:5005::/var/www/clients/client1/web3/./home/bojana:/bin/bash

    /etc/init.d/jailkit restart

    Stopping jailkit: jk_socketd/usr/sbin/jk_socketd: no process found

    done.

    Starting jailkit: jk_socketdversion 2.13, no sockets specified in configfile /etc/jailkit/jk_socketd.ini or on commandline, nothing to do, exiting...

    done.

    It seems like Jailkit is not properly configured. I tried updating ISPConfig and reconfiguring services but problem remains.

    Please can you help me solve this.


    Zeljko
     
  2. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    The jailkit daemon is not used, so its ok that it does not start.

    Regarding the login issue, the user bojana uses a wrong shell. Have you edited anything in the /etc/passwd file manually or did you change any settings of the user bojana manually on the shell?
     
  3. denmaddog

    denmaddog New Member

    Till,

    I haven't changed anything manualy...I will add new shell user now and post what happend in /etc/passwd


    Tnx.
     
  4. denmaddog

    denmaddog New Member

    After adding new testuser this is the line in /etc/passwd

    testuser:x:5006:5005::/var/www/clients/client1/web3/./home/testuser:/bin/false

    And I cannot login to server with putty ... putty just crashes ( disapear ).

    root@www:~# tail -f /var/log/auth.log
    Feb 14 11:04:20 www sshd[10294]: Accepted password for testuser from 192.168.13.202 port 3756 ssh2
    Feb 14 11:04:20 www sshd[10294]: pam_unix(sshd:session): session opened for user testuser by (uid=0)
    Feb 14 11:04:20 www sshd[10294]: pam_unix(sshd:session): session closed for user testuser
     
  5. denmaddog

    denmaddog New Member

    If I change the shell from /bin/false to /usr/sbin/jk_chrootsh in /ets/passwd I got this in /var/log/auth.log

    Feb 14 11:10:34 www sshd[10702]: Accepted password for testuser from 192.168.13.202 port 3882 ssh2
    Feb 14 11:10:34 www sshd[10702]: pam_unix(sshd:session): session opened for user testuser by (uid=0)
    Feb 14 11:10:34 www jk_chrootsh[10770]: now entering jail /var/www/clients/client1/web3 for user testuser (5006)
    Feb 14 11:10:34 www jk_chrootsh[10770]: abort, failed to get user information in the jail for user ID 5006: Success, check /var/www/clients/client1/web3/etc/passwd
    Feb 14 11:10:34 www sshd[10702]: pam_unix(sshd:session): session closed for user testuser

    Any idea?
     
  6. denmaddog

    denmaddog New Member

    I assume ISPConfig/Jailkit should make some shanges to /var/www/clients/client1/web3/etc/passwd and group file, but those files are empty ...

    I'm getting desperate :(
     
  7. folken

    folken New Member

    G'day,

    The problem is not with ISPConfg but with the jailkit program.

    10-10-2010: Jailkit 2.13 released. Jailkit 2.13 fixes a regression in the build system that could set the location of the configuration directory to the wrong path.

    In short the version that the howto recommend tell you to download 2.12 which has a major bug where it expects all config files to be located in /usr to resolve this issue download the latest version and it'll work.

    T

    P.S. it took me 2 hours to figure this out....
     
  8. denmaddog

    denmaddog New Member

    Hi Folken, tnx for reply,

    but the installed version of Jailkit is 2.13 .... must be something else...
     
  9. folken

    folken New Member

    Interesting.. Enable debug mode under system then check the crontab log file... that pointed me in the direction that fixed mine..
     
  10. denmaddog

    denmaddog New Member

    Can you please tell me how to enable system debug mode and where to track it?

    tnx!
     
  11. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

  12. denmaddog

    denmaddog New Member

    Any idea guys?? I am really getting desperate :(
     
  13. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    You havent posted the infos yet that folken requested. Without the infos from the debug log, we can not help you.
     
  14. denmaddog

    denmaddog New Member

    As you can see, there is nothing in log concerning Jailkit ... all the entries are like those posted belov....

    2011-02-14 21:01 www.nadlanu.com Debug Set Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
    2011-02-14 21:00 www.nadlanu.com Debug Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
    2011-02-14 21:00 www.nadlanu.com Debug No Updated records found, starting only the core.
    2011-02-14 21:00 www.nadlanu.com Debug Set Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
    2011-02-14 20:59 www.nadlanu.com Debug Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
    2011-02-14 20:59 www.nadlanu.com Debug No Updated records found, starting only the core.
    2011-02-14 20:59 www.nadlanu.com Debug Set Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
    2011-02-14 20:58 www.nadlanu.com Debug Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
    2011-02-14 20:58 www.nadlanu.com Debug No Updated records found, starting only the core.
    2011-02-14 20:58 www.nadlanu.com Debug Set Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
    2011-02-14 20:57 www.nadlanu.com Debug Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
    2011-02-14 20:57 www.nadlanu.com Debug No Updated records found, starting only the core.
    2011-02-14 20:57 www.nadlanu.com Debug Set Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
    2011-02-14 20:56 www.nadlanu.com Debug Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
    2011-02-14 20:56 www.nadlanu.com Debug No Updated records found, starting only the core.
     
  15. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    Please create a nwe website, then add a new jailkit ssh user to that new website and check the log again for errors.
     
  16. denmaddog

    denmaddog New Member

    Created new website, jailkited shell user but still nothing in the log about that ...


    2011-02-18 12:06 www.nadlanu.com Debug Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
    2011-02-18 12:06 www.nadlanu.com Debug No Updated records found, starting only the core.
    2011-02-18 12:06 www.nadlanu.com Debug Set Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
    2011-02-18 12:05 www.nadlanu.com Debug Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
    2011-02-18 12:05 www.nadlanu.com Debug No Updated records found, starting only the core.
    2011-02-18 12:05 www.nadlanu.com Debug Set Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
    2011-02-18 12:04 www.nadlanu.com Debug Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
    2011-02-18 12:04 www.nadlanu.com Debug No Updated records found, starting only the core.
    2011-02-18 12:04 www.nadlanu.com Debug Set Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
    2011-02-18 12:03 www.nadlanu.com Debug Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
    2011-02-18 12:03 www.nadlanu.com Debug No Updated records found, starting only the core.
    2011-02-18 12:03 www.nadlanu.com Debug Set Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
    2011-02-18 12:02 www.nadlanu.com Debug Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
    2011-02-18 12:02 www.nadlanu.com Debug No Updated records found, starting only the core.
    2011-02-18 12:02 www.nadlanu.com Debug Set Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
     
  17. lolo6tm

    lolo6tm New Member

    Same issue, but finally solved it

    It seems that if you create an SSH/Jailkit user using ISPConfig admin account then the jailkit won't work and the connection will close as soon as user's logged.

    Create your SSH user using the reseller or client account which owns the concerned website, and then it should work, at least for me.

    Hope it will help.... :)
     
  18. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    Technically there is no difference if the admin or client or reseller created the ssh user as the same code is executed in every case. When I create a ssh user as admin with jailkit enabled, then the chroot works fine on my Debian server.
     
  19. dkonyaev

    dkonyaev New Member

    jailkit

    I've the same problem on Debian Lenny, and now I resolved it on my system with this:

    cd /usr
    ln /etc/jailkit/jk_init.ini jk_init.ini
    ln /etc/jailkit/jk_socketd.ini jk_socketd.ini
    apt-get install nano

    After that change Chroot Shell to None, do Save, and return this option to Jailkit.
     

Share This Page