Discussion in 'General' started by stef70, May 17, 2013.

  1. stef70

    stef70 New Member

    I am hosted on a site that uses ispconfig.

    I created a ssh account to host a rsync server. I am trying to secure the ssh connection as indicated in http://troy.jdmz.net/rsync/index.html :

    (1) In ~/.ssh/authorized_keys, prefix the ssh key with command="/home/bob/zzzzz.sh"
    (2) In the script /home/bob/zzzzz.sh , filter the connection according to the environment variable SSH_ORIGINAL_COMMAND as shown on the above page.

    The problem is that the ssh connection does not provide the environment variable SSH_ORIGINAL_COMMAND when the ssh user is chrooted with Jailkit.

    I suspect that jailkit is filtering the environment variable. This is probably not a ssh server issue since the environment variable is there when the account is not chrooted.

    I would appreciate some advices before I contact the site administrator (ideally with the solution)

    To reproduce the problem:

    (a) create a ssh user with a jailkit chroot

    (b) prepend command="/bin/bash" to its ssh public key:
    command="/bin/bash" ssh-rsa AAAAB3NzaC1yc2EAAAADAQ...

    (c) log with 'ssh SERVER xxxxxx'
    that should trigger a bash shell without a prompt

    (d) list all environment variables with the bash command 'set'.
    SSH_ORIGINAL_COMMAND should be xxxxxx but it is unset

Share This Page