[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Jailkit-users] SFTP Jail closes connection after login
From: |
Ari Karhu |
Subject: |
Re: [Jailkit-users] SFTP Jail closes connection after login |
Date: |
Tue, 06 Mar 2007 13:48:16 +0200 |
User-agent: |
Thunderbird 1.5.0.9 (X11/20070124) |
Hi,
Thanks for your reply! The /dev/null suggestion that was in the other
mail seems to taken care of my problem. I just created a /dev/null node
with enough permissions and now I can use both SFTP and SCP.
// Ari
Olivier Sessink wrote:
> Ari Karhu wrote:
>> Tried to read old mails, but I'm still not able to make the system work.
>> Idea is to provide only sftp/scp access to a user. My os uses syslog-ng
>> for logging so I'm not using jk_socketd. The syslog-ng is configured to
>> create a /dev/log into the jail.
>>
>> The system log looks like this when logging in with sftp:
>> -----
>> Mar 5 16:25:01 crapbox sshd[7429]: Accepted keyboard-interactive/pam
>> for test from xxx.xxx.xxx.xxx port 57361 ssh2
>> Mar 5 16:25:01 crapbox sshd(pam_unix)[7434]: session opened for user
>> test by (uid=0)
>> Mar 5 16:25:01 crapbox sshd[7434]: subsystem request for sftp
>> Mar 5 16:25:01 crapbox jk_chrootsh[7435]: now entering jail
>> /var/www/test for user test (1001)
>> Mar 5 14:25:01 crapbox jk_lsh[7435]: jk_lsh version 2.3, started
>> Mar 5 14:25:01 crapbox jk_lsh[7435]: executing command
>> '/usr/lib/misc/sftp-server' for user test (1001)
>> Mar 5 16:25:01 crapbox sshd(pam_unix)[7434]: session closed for user test
>
> this looks 100% good, it seems to be the sftp-server process that closes
> the connection.. If jk_lsh fails to execute sftp-server it would log
> something like "WARNING: running /usr/lib/misc/sftp-server failed for
> user test (1001): Permission denied", but it doesn't, so I assume
> sftp-server is started correctly.
>
> which sftp client are you using?
>
>> /var/www/test/etc/jailkit/jk_lsh.ini:
>> [test]
>> paths= /usr/bin, /usr/lib/misc
>> executables= /usr/bin/scp, /usr/lib/misc/sftp-server
>> allow_word_expansion = 0
>
> since you allow scp as well, can you copy files by scp to account 'test'?
>
> regards,
> Olivier
>
>
>
> _______________________________________________
> Jailkit-users mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/jailkit-users