[Jailkit-dev] [bug #60178] sftp account is not limited at all on CentOS

jailkit-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Jailkit-dev] [bug #60178] sftp account is not limited at all on CentOS

From:	Ming Wu
Subject:	[Jailkit-dev] [bug #60178] sftp account is not limited at all on CentOS 8
Date:	Sun, 7 Mar 2021 04:44:40 -0500 (EST)
User-agent:	Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36

Follow-up Comment #5, bug #60178 (project jailkit):

Detailed log for two consecutive sftp logins

# sftp #1 on Ubuntu 20.04.2
$ sftp mike@10.168.139.33
mike@10.168.139.33's password: 
Connection closed

# ouput #1 on CentOS 8
# journalctl -f
Mar 07 09:37:06 tpc8 sshd[1454]: Accepted password for mike from
10.168.128.164 port 49937 ssh2
Mar 07 09:37:07 tpc8 systemd-logind[736]: New session 9 of user mike.
Mar 07 09:37:07 tpc8 systemd[1]: Started Session 9 of user mike.
Mar 07 09:37:07 tpc8 sshd[1454]: pam_systemd(sshd:session): Failed to create
session: Start job for unit user-1006.slice failed with 'canceled'
Mar 07 09:37:07 tpc8 sshd[1454]: pam_unix(sshd:session): session opened for
user mike by (uid=0)
Mar 07 09:37:07 tpc8 jk_chrootsh[1459]: now entering jail /srv/sftpjail for
user mike (1006) with arguments -c /usr/libexec/openssh/sftp-server
Mar 07 09:37:07 tpc8 sshd[1458]: Received disconnect from 10.168.128.164 port
49937:11: disconnected by user
Mar 07 09:37:07 tpc8 sshd[1458]: Disconnected from user mike 10.168.128.164
port 49937
Mar 07 09:37:07 tpc8 sshd[1454]: pam_unix(sshd:session): session closed for
user mike
Mar 07 09:37:07 tpc8 systemd-logind[736]: Session 9 logged out. Waiting for
processes to exit.
Mar 07 09:37:07 tpc8 systemd-logind[736]: Removed session 9.

-------------------------------------------------------------
# sftp #2 on Ubuntu 20.04.2 (within 1 minute)
$ sftp mike@10.168.139.33
mike@10.168.139.33's password: 
Connection closed

# ouput #2 on CentOS 8
# journalctl -f
Mar 07 09:37:58 tpc8 sshd[1461]: Accepted password for mike from
10.168.128.164 port 49940 ssh2
Mar 07 09:37:58 tpc8 systemd-logind[736]: New session 10 of user mike.
Mar 07 09:37:58 tpc8 systemd[1]: Started Session 10 of user mike.
Mar 07 09:37:58 tpc8 systemd[1]: user@1006.service: State 'stop-sigterm' timed
out. Killing.
Mar 07 09:37:58 tpc8 systemd[1]: user@1006.service: Killing process 1445
(systemd) with signal SIGKILL.
Mar 07 09:37:58 tpc8 systemd[1]: user@1006.service: Failed with result
'timeout'.
Mar 07 09:37:58 tpc8 systemd[1]: Starting User Manager for UID 1006...
Mar 07 09:37:58 tpc8 systemd[1466]: pam_unix(systemd-user:session): session
opened for user mike by (uid=0)
Mar 07 09:37:59 tpc8 systemd[1466]: dbus.socket: Cannot add dependency job,
ignoring: Access denied
Mar 07 09:37:59 tpc8 systemd[1466]: grub-boot-success.timer: Refusing to
start, unit to trigger not loaded.
Mar 07 09:37:59 tpc8 systemd[1466]: Failed to start Mark boot as successful
after the user session has run 2 minutes.
Mar 07 09:37:59 tpc8 systemd[1466]: Reached target Paths.
Mar 07 09:37:59 tpc8 systemd[1466]: Reached target Timers.
Mar 07 09:37:59 tpc8 systemd[1466]: Reached target Sockets.
Mar 07 09:37:59 tpc8 systemd[1466]: Reached target Basic System.
Mar 07 09:37:59 tpc8 systemd[1466]: Reached target Default.
Mar 07 09:37:59 tpc8 systemd[1466]: Startup finished in 133ms.
Mar 07 09:37:59 tpc8 systemd[1]: Started User Manager for UID 1006.
Mar 07 09:37:59 tpc8 sshd[1461]: pam_unix(sshd:session): session opened for
user mike by (uid=0)
Mar 07 09:37:59 tpc8 jk_chrootsh[1475]: now entering jail /srv/sftpjail for
user mike (1006) with arguments -c /usr/libexec/openssh/sftp-server
Mar 07 09:37:59 tpc8 sshd[1474]: Received disconnect from 10.168.128.164 port
49940:11: disconnected by user
Mar 07 09:37:59 tpc8 sshd[1474]: Disconnected from user mike 10.168.128.164
port 49940
Mar 07 09:37:59 tpc8 sshd[1461]: pam_unix(sshd:session): session closed for
user mike
Mar 07 09:37:59 tpc8 systemd-logind[736]: Session 10 logged out. Waiting for
processes to exit.
Mar 07 09:37:59 tpc8 systemd-logind[736]: Removed session 10.
Mar 07 09:37:59 tpc8 systemd[1]: user-runtime-dir@1006.service: Unit not
needed anymore. Stopping.
Mar 07 09:37:59 tpc8 systemd[1]: Stopping User Manager for UID 1006...
Mar 07 09:37:59 tpc8 systemd[1466]: Failed to enqueue exit.target job: Access
denied

    _______________________________________________________

Reply to this item at:

  <https://savannah.nongnu.org/bugs/?60178>

_______________________________________________
  Message sent via Savannah
  https://savannah.nongnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[Jailkit-dev] [bug #60178] sftp account is not limited at all on CentOS 8, Ming Wu, 2021/03/05
- [Jailkit-dev] [bug #60178] sftp account is not limited at all on CentOS 8, Olivier Sessink, 2021/03/05
  - [Jailkit-dev] [bug #60178] sftp account is not limited at all on CentOS 8, Ming Wu, 2021/03/05
    - [Jailkit-dev] [bug #60178] sftp account is not limited at all on CentOS 8, Olivier Sessink, 2021/03/06
    - [Jailkit-dev] [bug #60178] sftp account is not limited at all on CentOS 8, Ming Wu, 2021/03/06
    - [Jailkit-dev] [bug #60178] sftp account is not limited at all on CentOS 8, Ming Wu <=
    - [Jailkit-dev] [bug #60178] sftp account is not limited at all on CentOS 8, Olivier Sessink, 2021/03/07
    - [Jailkit-dev] [bug #60178] sftp account is not limited at all on CentOS 8, Ming Wu, 2021/03/07
    - [Jailkit-dev] [bug #60178] sftp account is not limited at all on CentOS 8, Olivier Sessink, 2021/03/07
    - [Jailkit-dev] [bug #60178] sftp account is not limited at all on CentOS 8, Ming Wu, 2021/03/07

Prev by Date: [Jailkit-dev] [bug #60178] sftp account is not limited at all on CentOS 8
Next by Date: [Jailkit-dev] [bug #60178] sftp account is not limited at all on CentOS 8
Previous by thread: [Jailkit-dev] [bug #60178] sftp account is not limited at all on CentOS 8
Next by thread: [Jailkit-dev] [bug #60178] sftp account is not limited at all on CentOS 8
Index(es):
- Date
- Thread