jailkit-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-users] Suse 64bit SFTP problem

From: Jere Retzer
Subject: Re: [Jailkit-users] Suse 64bit SFTP problem
Date: Tue, 13 Mar 2007 16:50:24 -0700 
Thanks, Olivier

Sequence of actions below might have something useful - bottom line is success. 
Thank you very much. Question: can the same user sftp from multiple machines at 
the same time or would they be locked out?

First, tried jk_cp with no success. The correct path for sftp on Suse 64b (AMD) 
is /usr/lib64/ssh/sftp-server

Then I edited the sftp section in jk_init.ini, replacing the sftp section with 
this:

[sftp]
comment = ssh secure ftp
executables =/usr/lib64/ssh/sftp-server
includesections = netbasics, uidbasics
devices = /dev/null, /dev/urandom

Then I verified all the files move with ldd /usr/lib64/ssh/sftp-server and 
jk_cp move the same files. I get the same results when I attempt to log in 
(enters jail, finds the user in jk_lsh.ini and immediately closes)

Worked through the issue of the user /lib64/libnss* files (which were not 
reported by ldd) reported by Norbert on March 6 (on RHEL4) The files are not 
exactly the same between Opensuse 10.2, which I am using and RHEL that Norbert 
is using. It seems to me that one potential trap involves copying /lib/libnss* 
and/or /usr/lib/libnss* instead of /lib64/libnss* and usr/lib64/libnss*  As I 
looked over the files in my jail directories it looked to me like perhaps some 
of the wrong files were copied (maybe when initializing with jk_lsh?) so my 
solution was to cp -f -v libnss* from the /lib64 and /usr/lib64 to the 
associated jail directory and now it works.

Thanks again.

Jere


>>> address@hidden 3/12/2007 11:52 PM >>>
Jere Retzer wrote:
> I'm now working on my target Suse machine, which uses 64bit linux
> having worked out the bugs on a test machine, which uses 32 bit linux
> 
> 
> I'm able to get the user into the jail, as reflected in my messages
> log but the session immediately terminates. When I use WinSCP, for
> example to test with the server it says "Cannot initialize SFTP
> protocol. Is the host running a SFTP server?" Here are (edited)
> messages from localhost:
> 
> Accepted keyboard-interactive/pam for [username] from 127.0.0.1 port
> 52188 ssh2 subsystem request for sftp now entering jail /home/[jail]
> for user [username] (1003) jk_lsh version 2.3, started cannot find
> user name for uid 1003: Success
> 
> I've discovered that the path for the sftp-server is different from
> the 32b to the 64b Suse, where the executable is in
> /usr/lib64/ssh/sftp-server I'm wondering if there are some associated
> files that need to get copied for the sftp-server to run.

if you use jk_cp to copy sftp-server into the jail the libraries will be
copied too.

you might want to check the archives of this list, there are some
postings from people that had problems with 64bit machines, I think most
were lacking the 64 bit equivalents for libnss* in their jails (from
/lib64 ?).

regards,
        Olivier


_______________________________________________
Jailkit-users mailing list
address@hidden 
http://lists.nongnu.org/mailman/listinfo/jailkit-users
reply via email to
[Prev in Thread] Current Thread [Next in Thread]