SSH jailkit problem

Discussion in 'Installation/Configuration' started by Andreas0815, Nov 1, 2010.

  1. Andreas0815

    Andreas0815 New Member

    Hi!

    I've created an SSH user with 'jailkit' (v2.13).

    The folders "bin", "dev" etc has been created inside the home directory /var/www/xyz, so everything should work fine.

    When I try to log in via PuTTY, I get a "Connection closed by remote host" after giving username and password. The only think I see is the welcome text from landscape-common
    Code:
    login as: blog_***_de1
    blog_***_de1@***'s password:
    Linux ***.de 2.6.35.5-x86_64-jb1 #2 SMP Tue Sep 21 11:03:08 CEST 2010 x86_64 GNU/Linux
    Ubuntu 10.04.1 LTS
    
    Welcome to Ubuntu!
     * Documentation:  https://help.ubuntu.com/
    
      System information as of Mon Nov  1 13:22:38 CET 2010
    
      System load:  0.06               Processes:           160
      Usage of /:   16.1% of 98.43GB   Users logged in:     1
      Memory usage: 25%                IP address for eth0: ***
      Swap usage:   0%
    
      Graph this data and manage this system at https://landscape.canonical.com/
    Last login: Mon Nov  1 13:20:42 2010 from ***
    How can I fix this?

    Thank you!
     
  2. falko

    falko Super Moderator ISPConfig Developer

    Any errors in your logs? What does the /etc/passwd line for that user look like?
     
  3. Andreas0815

    Andreas0815 New Member

    Hi!

    In /var/log/auth.log
    Code:
    Nov  3 21:07:18 host sshd[6144]: Accepted password for <user> from 1.2.3.4 port 56420 ssh2
    Nov  3 21:07:18 host sshd[6144]: pam_unix(sshd:session): session opened for user <user> by (uid=0)
    Nov  3 21:07:18 host sshd[6144]: pam_unix(sshd:session): session closed for user <user>
    /etc/passwd:
    Code:
    <user>:x:5009:5010::/var/www/clients/client4/web4:/bin/false
     
  4. falko

    falko Super Moderator ISPConfig Developer

    /bin/false is the wrong shell. Did you enable shell access for that web site/user?
     
  5. Andreas0815

    Andreas0815 New Member

    Hi Falko,

    yeah, shell access is enabled. See attached screenshots.

    If I choose "None" for Chroot Shell the login works pretty fine.
     

    Attached Files:

  6. falko

    falko Super Moderator ISPConfig Developer

    Did you install jailkit before you installed ISPConfig?

    Can you change the shell from /bin/false to /usr/sbin/jk_chrootsh manually in /etc/passwd and test if it works then?
     
  7. Andreas0815

    Andreas0815 New Member

    Hi Falko,

    if I change the shell manually I get
    Code:
    Nov  7 18:54:05 xxx sshd[27213]: Accepted password for *** from 80.137.100.158 port 57565 ssh2
    Nov  7 18:54:05 xxx sshd[27213]: pam_unix(sshd:session): session opened for user *** by (uid=0)
    Nov  7 18:54:05 xxx jk_chrootsh[27247]: abort, homedir '/var/www/clients/client4/web4' for user *** (5009) does not contain the jail separator <jail>/./<home>
    Nov  7 18:54:05 xxx sshd[27213]: pam_unix(sshd:session): session closed for user ***
    I installed jailkit before ISPConfig, but I updated it to the most recent version a few days before.
     
  8. falko

    falko Super Moderator ISPConfig Developer

    I'm not sure if that is the problem maybe. Did Jailkit work before? Or didn't you try it?
     
  9. pavljiks

    pavljiks New Member

    Installed and tested two times.
    Same setup: ISPConfig 3.0.3.1. Ubuntu 10.10 and Jailkit 2.12-1 (installed before ISPConfig).

    When i create a shell user with chroot - Jailkit
    i have:

    /etc/passwd
    Code:
    heino1:x:5004:5005::/var/www/clients/client1/web1/./home/heino1:/bin/false
    
    i try to connect using ssh and in /var/log/auth.log i see:
    Code:
    Dec 28 17:56:00 server1 sshd[31363]: Accepted password for heino1 from 87.110.9.38 port 9435 ssh2
    Dec 28 17:56:00 server1 sshd[31363]: pam_unix(sshd:session): session opened for user heino1 by (uid=0)
    Dec 28 17:56:00 server1 sshd[31363]: pam_unix(sshd:session): session closed for user heino1
    
    I change shell manually:
    Code:
    usermod -s /usr/sbin/jk_chrootsh heino1
    
    Dec 28 17:57:34 server1 usermod[31398]: change user 'heino1' shell from '/bin/false' to '/usr/sbin/jk_chrootsh'
    in final i have this in auth.log
    Code:
    Dec 28 17:58:33 server1 sshd[31414]: pam_unix(sshd:session): session opened for user heino1 by (uid=0)
    Dec 28 17:58:33 server1 jk_chrootsh[31430]: now entering jail /var/www/clients/client1/web1 for user heino1 (5004)
    Dec 28 17:58:33 server1 jk_chrootsh[31430]: ERROR: failed to execute shell /bin/bash for user heino1 (5004), check the permissions and libraries of /var/www/clients/client1/web1//bin/bash
    Dec 28 17:58:33 server1 sshd[31414]: pam_unix(sshd:session): session closed for user heino1
    As in the begining said. Installed and tested two times. In correct order (as manual instructs).

    PS. without jailkit everything works fine. But not so secure as i want.
     
  10. spazio

    spazio Member

    I Have the same problem!

    Distro:
    DISTRIB_ID=Ubuntu
    DISTRIB_RELEASE=10.04
    DISTRIB_CODENAME=lucid
    DISTRIB_DESCRIPTION="Ubuntu 10.04.1 LTS"

    And I did install jailkit before ispconfig 3

    Anybody has and idea on this!
     
  11. spazio

    spazio Member

    ( SOLVED ) jailkit ispconfig 3

    After some test here is what worked for me.

    I deleted the website and recreted it but with a twist.

    In the client limit " Max. number of Shell users " needs to be more than 0 prior to creating the website. In my case if the number is 0 when the website is created, the jailkit doesn't work! After putting it a 1 everything works great.

    Hope it helps somebody.
     
  12. pavljiks

    pavljiks New Member

    Just installed fresh 3.0.3.2 ISPconfig and last Jailkit 2.13.
    After ISPconfigu update all finally working :)
     

Share This Page