Re: [Jailkit-users] sftp question

[Olivier Sessink]

Paul Mitchell wrote:
> Hello,
>    I've just loaded jailkit onto a redhat 5 server, following the advice
> on http://olivier.sessink.nl/jailkit/howtos_chroot_shell.html (with
> additional help from the sftp&scp only page).
> 
> At the moment, I can ssh onto the server and it effectively jails the
> user.  I can also scp a file to the server.
> 
> Unfortunately, this server will server as a "landing zone", or drop off
> box for users, predominantly running Windoze.  I need to get sftp to
> work as well, but as yet, have been unsuccessful.
> 
> Here's what I've done:
> 
> 1) modified /etc/ssh/sshd_config:
> 
> Subsystem       sftp    /home/jail/usr/libexec/openssh/sftp-server

you don't need the /home/jail in front of it. *Inside* the jail this
path does not exist.

> 
> 2) modeified the executables line in both /etc/jailkit/.jk_lsh.ini and
> /home/jail/etc/jailkit/jk_lsh.ini:
> 
>  grep sftp /etc/jailkit/jk_lsh.ini
> executables= /usr/libexec/openssh/sftp-server
> address@hidden jailkit]# grep sftp /home/jail/etc/jailkit/jk_lsh.ini
> executables= /usr/libexec/openssh/sftp-server
> 
> 3) ran jk_init -v -j /home/jail sftp scp

is your jk_lsh.ini correct for scp and sftp? The file is a sample file
created on Debian, it might need adjustments on redhat. Perhaps the
sftp-server is on a different place on redhat 5 ?

> 4) jk_init -v -j /home/jail jk_lsh
> 
> The /var/log/messages file shows that I've connected:
> 
> 
> Feb  6 10:06:02 <4.6> ELNDZ01F sshd[3887]: rexec line 41: Unsupported
> option KerberosGetAFSToken
> Feb  6 10:06:04 <4.6> ELNDZ01F sshd[3887]: Accepted password for
> pmitchel from 152.X.X>X port 34586 ssh2
> Feb  6 10:06:04 <4.6> ELNDZ01F sshd[3891]: subsystem request for sftp
> Feb  6 10:06:04 <4.6> ELNDZ01F jk_chrootsh[3892]: now entering jail
> /home/jail for user pmitchel (11782)

did you enable logging in the jail? I don't see any logs from jk_lsh

regards,
        Olivier