shell users

Discussion in 'Installation/Configuration' started by paradoxni, Jun 15, 2012.

  1. paradoxni

    paradoxni New Member

    Good Morning,

    I have installed the latest ISPconfig3 on Ubuntu 12.04 using the perfect server guide on here.

    The problem I am having is when creating shell users - the users cannot log in at all over SSH:

    Invalid user *** from ***
    input_userauth_request: invalid user ** [preauth]
    Failed password for invalid user ** from *** port 8056 ssh2

    I do not have jailkit installed, and the chroot is set to none - I simply want to get SSH working basically first.

    Any thoughts?

    Cheers,
     
    Last edited: Jun 15, 2012
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Did you enter the full username incl prefix as shown in the ssh users list and as you find it in /etc/passwd?
     
  3. paradoxni

    paradoxni New Member

    it seems the users are not being added to /etc/passwd

    I can see the client users are added web1,2,3 etc. However the usernames I create for the shell users do not seem to be added??
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

  5. paradoxni

    paradoxni New Member

    Thanks for this...however the following was all I got after adding a new shell user and then manually running the script:

    /usr/bin/fail2ban-client
    /sbin/iptables
    /sbin/ip6tables
    finished.

    Again, the shell user does not appear in /etc/passwd

    however the overall client name appears in /etc/group:

    sshusers:x:5002:web1,web5,web7,web8,web13,web14
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    You missed to enable the debug mode as described in the FAQ.
     
  7. paradoxni

    paradoxni New Member

    I do apologize! Totally missed the first bit.


    25.06.2012-16:23 - WARNING - Directory of the shell user is outside of website docroot.

    25.06.2012-16:23 - WARNING - Jailkit Plugin -> insert username:alun skipped, the user does not exist.

    The shell user dir is /var/www/clients/client3/web14 - which seems correct.

    I have chosen the option Chroot: None
     
  8. paradoxni

    paradoxni New Member

    I am now trying with jailkit...but again users are not created.

    /etc/passwd does not include the shell users I create.

    This is Ubuntu 12.04 64bit

    when I delete the shell user the log shows: WARNING - User: does not exist in in /etc/passwd, skipping delete.
     
    Last edited: Jun 26, 2012
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    Which directory is set as website basedir under System > Server config > Web > Website basedir in ISPConfig?
     
  10. paradoxni

    paradoxni New Member

    Website basedir: /var/www
     
  11. paradoxni

    paradoxni New Member

    ok I have gotten further! The issue was I had moved the webroot and then symlinked /var/www to the new location..however this does not work for jailkit. I have now reconfigured the base dir for ispconfig to the hard directory location and now shell users are getting created as expected!

    The problem now is when I try to login with the shell user, I get kicked out immediately and the auth.log shows:
    Code:
    Jun 28 12:45:54  jk_chrootsh[19414]: now entering jail /var/www/clients/client1/web7 for user sshtest (5006) with arguments
    
    Jun 28 12:45:54  jk_chrootsh[19414]: abort, failed to find user 5006 in /var/www/clients/client1/web7/etc/passwd
    
    yet the user exists in /var/www/clients/client1/web7/etc/passwd:

    Code:
    root:x:0:0:root:/root:/bin/bash
    sshtest:x:5006:5006:::/bin/bash
    
     
  12. till

    till Super Moderator Staff Member ISPConfig Developer

    Most likely the jailed users were not created correctly due to the moved webroot. try to delete the shell user and then recreate it.
     
  13. paradoxni

    paradoxni New Member

    Found the answer in another forum...

    Code:
    sudo vi /etc/jailkit/jk_chrootsh.ini
    
    Code:
    [DEFAULT]
    #relax_home_group=1
    skip_injail_passwd_check=1
    injail_shell=/bin/bash
    env = TERM, PATH
    
    The problem was I had installed jailkit AFTER ispconfig, I did run update.php, but needed to add the above and now all is working!

    Thanks for the help.
     
  14. paradoxni

    paradoxni New Member

    New problem...

    When I try to run ssh or git from within the jailed shell environment, I get "You don't exist, go away!" for any of the commands...

    Code:
    ssh test
    You don't exist, go away!
    
    It may be related..but when I "ls" directories in the jailed environment it lists the owner/group as the UID not the name...

    Code:
    -rwxr-xr-- 1 5010 5006    24 Jun 29 13:55 robots.txt
    -rwxr-xr-- 1 5010 5006  7358 Jun 29 13:55 favicon.ico
    drwxr-xr-x 2 5010 5006  4096 Jun 29 13:55 error
    
    Yet the jailed /etc/passwd file is:

    Code:
    
    root:x:0:0:root:/root:/bin/bash
    testuser:x:5010:5007:::/bin/bash
    
     
    Last edited: Jul 17, 2012

Share This Page