SFTP login and Jailkit problem

Discussion in 'General' started by jvargas, Aug 14, 2012.

  1. jvargas

    jvargas New Member

    Hi,

    I am dealing with some login issues to open a SFTP session through Jailkit.

    Jailkit was installed during ISPC install (I mean before). When a site's shell user is created, the ISPC log shows debugging information but no errors.

    However, when the user tries to login, it's sucessfully authenticated bu an error appears on auth.log:

    Code:
    
    Aug 14 14:09:04 gd-web-linux-001 sshd[13292]: Accepted password for gdigital_sandbox from 201.191.123.42 port 34384 ssh2
    Aug 14 14:09:04 gd-web-linux-001 sshd[13292]: pam_unix(sshd:session): session opened for user gdigital_sandbox by (uid=0)
    Aug 14 14:09:05 gd-web-linux-001 sshd[13424]: subsystem request for sftp by user gdigital_sandbox
    Aug 14 14:09:05 gd-web-linux-001 jk_chrootsh[13425]: now entering jail /var/www/clients/client2/web1 for user gdigital_sandbox (5004) with arguments -c /usr/lib/openssh/sftp-server
    Aug 14 14:09:05 gd-web-linux-001 jk_chrootsh[13425]: ERROR: failed to execute shell /bin/bash for user gdigital_sandbox (5004), check the permissions and libraries of /var/www/clients/client2/web1//bin/bash
    Aug 14 14:09:05 gd-web-linux-001 sshd[13292]: pam_unix(sshd:session): session closed for user gdigital_sandbox
    Clearly, the error says this shell /var/www/clients/client2/web1//bin/bash doesn't exists, and it's true.

    Should this shell exist? What would be the expected shell in /etc/passwd for the recently created shell user?

    How can I fix it by hand for testing purposes, and how can I do by default since now?

    This is the log of ISPC when creating this shell user, I see no error on it, right?

    Code:
    14.08.2012-20:07 - DEBUG - Found 1 changes, starting update process.
    14.08.2012-20:07 - DEBUG - Calling function 'insert' from plugin 'shelluser_base_plugin' raised by event 'shell_user_insert'.
    14.08.2012-20:07 - DEBUG - Executed command: useradd -d /var/www/clients/client2/web1 -g client2 -o  -p \$1\$G7BRc1eu\$vgz0iRZkUPb7zffb
    3/AxO0 -s /bin/bash -u 5004 gdigital_sandbox
    14.08.2012-20:07 - DEBUG - Added shelluser: gdigital_sandbox
    14.08.2012-20:07 - DEBUG - ssh-rsa setup shelluser_base
    14.08.2012-20:07 - DEBUG - ssh-rsa keypair generated for gdigital
    14.08.2012-20:07 - DEBUG - ssh-rsa authorisation keyfile created in /var/www/clients/client2/web1/.ssh/authorized_keys
    14.08.2012-20:07 - DEBUG - ssh-rsa key updated in /var/www/clients/client2/web1/.ssh/authorized_keys
    14.08.2012-20:07 - DEBUG - Disabling shelluser temporarily: usermod -s /bin/false -L gdigital_sandbox
    14.08.2012-20:07 - DEBUG - Calling function 'insert' from plugin 'shelluser_jailkit_plugin' raised by event 'shell_user_insert'.
    14.08.2012-20:07 - DEBUG - exec: chmod 755 /var/www/clients/client2/web1
    14.08.2012-20:07 - DEBUG - exec: chown root:root /var/www/clients/client2/web1
    14.08.2012-20:07 - DEBUG - Added jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_chroot.sh /var/www/clients/client2/web1 'basicshell editors extendedshell netutils ssh sftp scp groups jk_lsh'
    14.08.2012-20:07 - DEBUG - Added programs to jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_programs.sh /var/www/clients/client2/web1 '/usr/bin/groups /usr/bin/id /usr/bin/dircolors /usr/bin/lesspipe /usr/bin/basename /usr/bin/dirname /usr/bin/nano /usr/bin/pico'
    14.08.2012-20:07 - DEBUG - Added bashrc scrpt : /var/www/clients/client2/web1/etc/bash.bashrc
    14.08.2012-20:07 - DEBUG - Added jailkit user to chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_user.sh gdigital_sandbox /var/www/clients/client2/web1 /home/gdigital_sandbox /bin/bash web1 /home/web1
    14.08.2012-20:07 - DEBUG - Added created jailkit user home in : /var/www/clients/client2/web1/home/gdigital_sandbox
    14.08.2012-20:07 - DEBUG - Added jailkit parent user home in : /var/www/clients/client2/web1/home/web1
    14.08.2012-20:07 - DEBUG - ssh-rsa setup shelluser_jailkit
    14.08.2012-20:07 - DEBUG - ssh-rsa authorisation keyfile created in /var/www/clients/client2/web1//home/gdigital_sandbox/.ssh/authorized_keys
    14.08.2012-20:07 - DEBUG - ssh-rsa key updated in /var/www/clients/client2/web1//home/gdigital_sandbox/.ssh/authorized_keys
    14.08.2012-20:07 - DEBUG - exec: chmod 755 /var/www/clients/client2/web1
    14.08.2012-20:07 - DEBUG - exec: chown root:root /var/www/clients/client2/web1
    14.08.2012-20:07 - DEBUG - Jailkit Plugin -> insert username:gdigital_sandbox
    14.08.2012-20:07 - DEBUG - Processed datalog_id 55
    
    I already tried with another user, and the same problem appears. The user is able to log in, but due to inexistence of that shell, it stops.

    At this point, I have no idea what else I can do. Any help will be appreciated.
     
  2. till

    till Super Moderator

    run:

    jk_cp -j /var/www/clients/client2/web1 /bin/bash

    to test it. See here for details:

    http://olivier.sessink.nl/jailkit/jk_cp.8.html

    you can configure the applications that get copied to the jail in the jailkit settings in ispconfig.

    Btw, I wont use sftp as it requires you to create a shell user. If you want to get secure file transfers, use ftps which is ftp over ssl, this is as secure as sftp but does not require a separate shell user and jail and works out of the box with a ftp user account.
     

Share This Page