[Jailkit-users] Problem to establish a SFTP for windows

[yellow protoss]

Hello, 
 
There is a ssh running, and I would like that through it it goes a SFTP. Ok, normally it is done with a regular apt-get install openssh.
 (I dont talk configuration)

Jailkit has the advantage to put in jail the user/account/$HOME.
 
Hence we first try to  do so easy stuff (well not so easy)
SSH with jailkit:
          it worked !! 
  
Now I would like that instead of SSH, the SFTP works (no ssh), hence I followed this:

now I am trying now to get hte sftp server working with lke it says for debian : 
syslog.conf step how to do ??
http://olivier.sessink.nl/jailkit/ho..._scp_only.html
I dont get what he means


I get this error message now ... )

Code:

tried to get an interactive shell session (/usr/sbin/jk_lsh), which is never allowed by jk_lsh

(if I manage, by luck, I will write my howto in this page)



When I log to the ssh via gftp SSH2 (sftp) it says this erro r:

Code:

There was an error initializing a SSH connection with the remote server. The error message from the remote server follows:

Where can I find out a way to make it work ?


my configs:
jk_check.ini FILE : 
[/home/testchroot]
# jk_check does not run any tests in this directory (useful for proc filesystem)
# be careful!! there is I repeat NO SINGLE TEST in this directory
#ignorepatheverywhere = 

# jk_check compares files if they are equal to their counterparts in the real system,
# using md5sum(). In the specified directories it will not test if files are equal
# it will still test for world writable directories and setuid files
ignorepathoncompare = /home/testchroot/home, /home/testchroot/etc

# jk_check tests directory permissions, if you deliberately made some directories writable
# for group or others, or you don't care, specify them here
ignorewritableforgroup = /home/testchroot/home
ignorewritableforothers = /home/testchroot/home/tmp

# jk_check tests for setuid root and setgid root files
# if you deliberately have such files specify them here
ignoresetuidexecuteforuser = /home/testchroot/usr/bin/smbmnt, /home/testchroot/usr/bin/smbumount
ignoresetuidexecuteforgroup = /home/testchroot/usr/bin/smbmnt, /home/testchroot/usr/bin/smbumount
ignoresetuidexecuteforothers = 

jk_chrootsh.ini FILE : 
## example for a user
#[test]
#env= DISPLAY, XAUTHORITY
#
##example for a group, there should be only 1 space inbetween the words!
#[group users]
#env = DISPLAY, XAUTHORITY
#


#[DEFAULT]
#relax_home_group=1

#[fhmariowels]
#env= DISPLAY
#relax_home_group_permissions=1
#relax_home_other_permissions=1

#[group jail]
#env = TERM, PATH


jk_init.ini FILE : 
[uidbasics]
comment = common files for all jails that need user/group information
libraries = /lib/libnsl.so.1, /lib/libnss_compat.so.2, /lib/libnss_files.so.2
regularfiles = /etc/nsswitch.conf
emptydirs = /home

[netbasics]
comment = common files for all jails that need any internet connectivity
libraries = /lib/libnss_dns.so.2
regularfiles = /etc/resolv.conf, /etc/host.conf, /etc/hosts, /etc/protocols

[logbasics]
comment = timezone information
regularfiles = /etc/localtime
need_logsocket = 1

[jk_lsh]
comment = Jailkit limited shell
executables = /usr/sbin/jk_lsh
regularfiles = /etc/jailkit/jk_lsh.ini
users = root
groups = root
need_logsocket = 1
includesections = uidbasics

[limitedshell]
comment = alias for jk_lsh
includesections = jk_lsh

[cvs]
comment = Concurrent Versions System
executables = /usr/bin/cvs
devices = /dev/null

[scp]
comment = ssh secure copy
executables = /usr/bin/scp
includesections = netbasics, uidbasics
devices = /dev/urandom


[sftp]
comment = ssh secure ftp
executables = /usr/lib/sftp-server, /usr/libexec/openssh/sftp-server, /usr/lib/misc/sftp-server
includesections = netbasics, uidbasics
devices = /dev/urandom, /dev/null


[ssh]
comment = ssh secure shell
executables = /usr/bin/ssh
includesections = netbasics, uidbasics
devices = /dev/urandom, /dev/tty

[rsync]
executables = /usr/bin/rsync
includesections = netbasics, uidbasics

[procmail]
comment = procmail mail delivery
executables = /usr/bin/procmail, /bin/sh
devices = /dev/null

[basicshell]
comment = bash based shell with several basic utilities
executables = /bin/sh, /bin/bash, /bin/ls, /bin/cat, /bin/chmod, /bin/mkdir, /bin/cp, /bin/cpio, /bin/date, /bin/dd, /bin/echo, /bin/egrep, /bin/false, /bin/fgrep, /bin/grep, /bin/gunzip, /bin/gzip, /bin/ln, /bin/ls, /bin/mkdir, /bin/mktemp, /bin/more, /bin/mv, /bin/pwd, /bin/rm, /bin/rmdir, /bin/sed, /bin/sh, /bin/sleep, /bin/sync, /bin/tar, /bin/touch, /bin/true, /bin/uncompress, /bin/zcat
regularfiles = /etc/motd, /etc/issue, /etc/bash.bashrc, /etc/bashrc, /etc/profile
#directories = 
users = root
groups = root
includesections = uidbasics

[midnightcommander]
comment = Midnight Commander
executables = /usr/bin/mc, /usr/bin/mcedit, /usr/bin/mcview
directories = /etc/terminfo, /usr/share/terminfo

[extendedshell]
comment = bash shell including things like awk, bzip, tail, less
executables = /usr/bin/awk, /usr/bin/bzip2, /usr/bin/bunzip2, /usr/bin/less, /usr/bin/clear, /usr/bin/cut, /usr/bin/du, /usr/bin/find, /usr/bin/head, /usr/bin/less, /usr/bin/md5sum, /usr/bin/nice, /usr/bin/sort, /usr/bin/tac, /usr/bin/tail, /usr/bin/tr, /usr/bin/sort, /usr/bin/wc, /usr/bin/watch
includesections = basicshell, midnightcommander, editors

[editors]
comment = vi, joe and nano
executables = /usr/bin/joe, /usr/bin/nvi, /usr/bin/nano 
directories = /etc/terminfo, /etc/joe

[netutils]
comment = several internet utilities like wget, ftp, rsync, scp, ssh
executables = /usr/bin/wget, /usr/bin/lynx, /usr/bin/ftp, /usr/bin/host, /usr/bin/rsync, /usr/bin/smbclient
includesections = netbasics, ssh, sftp, scp

[apacheutils]
comment = htpasswd utility
executables = /usr/bin/htpasswd

[extshellplusnet]
comment = alias for extendedshell + netutils + apacheutils
includesections = extendedshell, netutils, apacheutils

[openvpn]
comment = jail for the openvpn daemon
executables = /usr/sbin/openvpn
users = root,nobody
groups = root,nogroup
includesections = netbasics
devices = /dev/urandom, /dev/random, /dev/net/tun
includesections = netbasics, uidbasics
need_logsocket = 1

[apache]
comment = the apache webserver, very basic setup, probably too limited for you
executables = /usr/sbin/apache
users = root, www-data
groups = root, www-data
includesections = netbasics, uidbasics

[perl]
comment = the perl interpreter and libraries
executables = /usr/bin/perl
directories = /usr/lib/perl, /usr/lib/perl5, /usr/share/perl, /usr/share/perl5

[xauth]
comment = getting X authentication to work
executables = /usr/bin/X11/xauth
regularfiles = /usr/X11R6/lib/X11/rgb.txt, /etc/ld.so.conf

[xclients]
comment = minimal files for X clients
regularfiles = /usr/X11R6/lib/X11/rgb.txt
includesections = xauth

[vncserver]
comment = the VNC server program
executables = /usr/bin/Xvnc, /usr/bin/Xrealvnc
directories = /usr/X11R6/lib/X11/fonts/
includesections = xclients


#[xterm]
#comment = xterm
#executables = /usr/bin/X11/xterm
#directories = /usr/share/terminfo, /etc/terminfo
#devices = /dev/pts/0, /dev/pts/1, /dev/pts/2, /dev/pts/3, /dev/pts/4, /dev/ptyb4, /dev/ptya4, /dev/tty, /dev/tty0, /dev/tty4
jk_lsh.ini FILE : 
## example for a user
#[test]
#paths= /usr/lib/
#executables= /usr/lib/sftp-server
#allow_word_expansion = 0
#umask = 002
#
##example for a group, there should be only 1 space inbetween the words!
#[group users]
#paths = /usr/bin
#executables = /usr/bin/cvs
#allow_word_expansion = 0
#environment= HELIX_PATH=/opt/RealPlayer/, TMP=/tmp/


[fhmariowels]
paths= /usr/bin, /usr/lib/
executables= /usr/bin/scp, /usr/lib/sftp-server




jk_socketd.ini FILE : 
# example
#[/home/testchroot/dev/log]
#base = 1024
#peek = 10240
#interval = 2.0

[/home/chrootusers/dev/log]
base=512
peek=2048
interval=10

[/home/chrootusers/dev/log]
base=512
peek=2048
interval=10


[/srv/sftpjail/dev/log]
base = 1024
peek = 10240
interval = 2



[/home/chrootusers/dev/log]
base=512
peek=2048
interval=10

[/home/chrootusers/dev/log]
base=512
peek=2048
interval=10
jk_check.ini FILE : 
[/home/testchroot]
# jk_check does not run any tests in this directory (useful for proc filesystem)
# be careful!! there is I repeat NO SINGLE TEST in this directory
#ignorepatheverywhere = 

# jk_check compares files if they are equal to their counterparts in the real system,
# using md5sum(). In the specified directories it will not test if files are equal
# it will still test for world writable directories and setuid files
ignorepathoncompare = /home/testchroot/home, /home/testchroot/etc

# jk_check tests directory permissions, if you deliberately made some directories writable
# for group or others, or you don't care, specify them here
ignorewritableforgroup = /home/testchroot/home
ignorewritableforothers = /home/testchroot/home/tmp

# jk_check tests for setuid root and setgid root files
# if you deliberately have such files specify them here
ignoresetuidexecuteforuser = /home/testchroot/usr/bin/smbmnt, /home/testchroot/usr/bin/smbumount
ignoresetuidexecuteforgroup = /home/testchroot/usr/bin/smbmnt, /home/testchroot/usr/bin/smbumount
ignoresetuidexecuteforothers = 

jk_chrootsh.ini FILE : 
## example for a user
#[test]
#env= DISPLAY, XAUTHORITY
#
##example for a group, there should be only 1 space inbetween the words!
#[group users]
#env = DISPLAY, XAUTHORITY
#


#[DEFAULT]
#relax_home_group=1

#[fhmariowels]
#env= DISPLAY
#relax_home_group_permissions=1
#relax_home_other_permissions=1

#[group jail]
#env = TERM, PATH


jk_init.ini FILE : 
[uidbasics]
comment = common files for all jails that need user/group information
libraries = /lib/libnsl.so.1, /lib/libnss_compat.so.2, /lib/libnss_files.so.2
regularfiles = /etc/nsswitch.conf
emptydirs = /home

[netbasics]
comment = common files for all jails that need any internet connectivity
libraries = /lib/libnss_dns.so.2
regularfiles = /etc/resolv.conf, /etc/host.conf, /etc/hosts, /etc/protocols

[logbasics]
comment = timezone information
regularfiles = /etc/localtime
need_logsocket = 1

[jk_lsh]
comment = Jailkit limited shell
executables = /usr/sbin/jk_lsh
regularfiles = /etc/jailkit/jk_lsh.ini
users = root
groups = root
need_logsocket = 1
includesections = uidbasics

[limitedshell]
comment = alias for jk_lsh
includesections = jk_lsh

[cvs]
comment = Concurrent Versions System
executables = /usr/bin/cvs
devices = /dev/null

[scp]
comment = ssh secure copy
executables = /usr/bin/scp
includesections = netbasics, uidbasics
devices = /dev/urandom


[sftp]
comment = ssh secure ftp
executables = /usr/lib/sftp-server, /usr/libexec/openssh/sftp-server, /usr/lib/misc/sftp-server
includesections = netbasics, uidbasics
devices = /dev/urandom, /dev/null


[ssh]
comment = ssh secure shell
executables = /usr/bin/ssh
includesections = netbasics, uidbasics
devices = /dev/urandom, /dev/tty

[rsync]
executables = /usr/bin/rsync
includesections = netbasics, uidbasics

[procmail]
comment = procmail mail delivery
executables = /usr/bin/procmail, /bin/sh
devices = /dev/null

[basicshell]
comment = bash based shell with several basic utilities
executables = /bin/sh, /bin/bash, /bin/ls, /bin/cat, /bin/chmod, /bin/mkdir, /bin/cp, /bin/cpio, /bin/date, /bin/dd, /bin/echo, /bin/egrep, /bin/false, /bin/fgrep, /bin/grep, /bin/gunzip, /bin/gzip, /bin/ln, /bin/ls, /bin/mkdir, /bin/mktemp, /bin/more, /bin/mv, /bin/pwd, /bin/rm, /bin/rmdir, /bin/sed, /bin/sh, /bin/sleep, /bin/sync, /bin/tar, /bin/touch, /bin/true, /bin/uncompress, /bin/zcat
regularfiles = /etc/motd, /etc/issue, /etc/bash.bashrc, /etc/bashrc, /etc/profile
#directories = 
users = root
groups = root
includesections = uidbasics

[midnightcommander]
comment = Midnight Commander
executables = /usr/bin/mc, /usr/bin/mcedit, /usr/bin/mcview
directories = /etc/terminfo, /usr/share/terminfo

[extendedshell]
comment = bash shell including things like awk, bzip, tail, less
executables = /usr/bin/awk, /usr/bin/bzip2, /usr/bin/bunzip2, /usr/bin/less, /usr/bin/clear, /usr/bin/cut, /usr/bin/du, /usr/bin/find, /usr/bin/head, /usr/bin/less, /usr/bin/md5sum, /usr/bin/nice, /usr/bin/sort, /usr/bin/tac, /usr/bin/tail, /usr/bin/tr, /usr/bin/sort, /usr/bin/wc, /usr/bin/watch
includesections = basicshell, midnightcommander, editors

[editors]
comment = vi, joe and nano
executables = /usr/bin/joe, /usr/bin/nvi, /usr/bin/nano 
directories = /etc/terminfo, /etc/joe

[netutils]
comment = several internet utilities like wget, ftp, rsync, scp, ssh
executables = /usr/bin/wget, /usr/bin/lynx, /usr/bin/ftp, /usr/bin/host, /usr/bin/rsync, /usr/bin/smbclient
includesections = netbasics, ssh, sftp, scp

[apacheutils]
comment = htpasswd utility
executables = /usr/bin/htpasswd

[extshellplusnet]
comment = alias for extendedshell + netutils + apacheutils
includesections = extendedshell, netutils, apacheutils

[openvpn]
comment = jail for the openvpn daemon
executables = /usr/sbin/openvpn
users = root,nobody
groups = root,nogroup
includesections = netbasics
devices = /dev/urandom, /dev/random, /dev/net/tun
includesections = netbasics, uidbasics
need_logsocket = 1

[apache]
comment = the apache webserver, very basic setup, probably too limited for you
executables = /usr/sbin/apache
users = root, www-data
groups = root, www-data
includesections = netbasics, uidbasics

[perl]
comment = the perl interpreter and libraries
executables = /usr/bin/perl
directories = /usr/lib/perl, /usr/lib/perl5, /usr/share/perl, /usr/share/perl5

[xauth]
comment = getting X authentication to work
executables = /usr/bin/X11/xauth
regularfiles = /usr/X11R6/lib/X11/rgb.txt, /etc/ld.so.conf

[xclients]
comment = minimal files for X clients
regularfiles = /usr/X11R6/lib/X11/rgb.txt
includesections = xauth

[vncserver]
comment = the VNC server program
executables = /usr/bin/Xvnc, /usr/bin/Xrealvnc
directories = /usr/X11R6/lib/X11/fonts/
includesections = xclients


#[xterm]
#comment = xterm
#executables = /usr/bin/X11/xterm
#directories = /usr/share/terminfo, /etc/terminfo
#devices = /dev/pts/0, /dev/pts/1, /dev/pts/2, /dev/pts/3, /dev/pts/4, /dev/ptyb4, /dev/ptya4, /dev/tty, /dev/tty0, /dev/tty4
jk_lsh.ini FILE : 
## example for a user
#[test]
#paths= /usr/lib/
#executables= /usr/lib/sftp-server
#allow_word_expansion = 0
#umask = 002
#
##example for a group, there should be only 1 space inbetween the words!
#[group users]
#paths = /usr/bin
#executables = /usr/bin/cvs
#allow_word_expansion = 0
#environment= HELIX_PATH=/opt/RealPlayer/, TMP=/tmp/


[fhmariowels]
paths= /usr/bin, /usr/lib/
executables= /usr/bin/scp, /usr/lib/sftp-server




jk_socketd.ini FILE : 
# example
#[/home/testchroot/dev/log]
#base = 1024
#peek = 10240
#interval = 2.0

[/home/chrootusers/dev/log]
base=512
peek=2048
interval=10

[/home/chrootusers/dev/log]
base=512
peek=2048
interval=10


[/srv/sftpjail/dev/log]
base = 1024
peek = 10240
interval = 2



[/home/chrootusers/dev/log]
base=512
peek=2048
interval=10

[/home/chrootusers/dev/log]
base=512
peek=2048
interval=10

then my /home/chrootjail/etc/passwrd 
finsihs with the jk_lsh 
hence : /usr/sbin/jk_lsh

I usually chekc th e log tail auth.log... :(

Thanks  if someone can help me ... to make this wokrign 
yellow