Jailkit, jailing sftp users and scp problems
- From: gwartney@xxxxxxxxx
- Date: 20 Apr 2007 11:06:52 -0700
I needed a way to jail sftp users so I used jailkit 2.0. There are a
couple of good SOPs on the web for setting it up and for the most
part, my installations were flawless using these SOPs. However, I ran
into a problem this week dealing with sftp and scp on FC5.
At first, ssh worked fine for jailed users, but sftp and scp did not.
To get sftp to work, I needed to add /dev/null to the chrooted
environment. I edited sftp section in /etc/jailkit/jk_init.ini to
look like this:
[sftp]
comment = ssh secure ftp
executables = /usr/lib/sftp-server, /usr/libexec/openssh/sftp-server, /
usr/lib/misc/sftp-server
includesections = netbasics, uidbasics
devices = /dev/urandom, /dev/null
Then I ran jk_init -v /jail sftp
Sftp works!
Still had scp problems though. Scp kept complaining about "user
unknown". I had to use strace to finally find the problem. The
symbolic link for /lib64/libnss_compat.so.2 was missing in the /jail
directory. As root, I cd'd to /jail/lib64 and then created a link for
libnss_compat.so.2 to libnss_compat-2.4.so.
Scp works! Another symptom of this problem was when I ssh'd as the
jailed user and issued an ls -l, the effective uid and gid was showing
up instead of the user name and group name.
.
- Follow-Ups:
- Prev by Date: Re: ssh to AIX 5.3 pauses on xauth
- Next by Date: Two machines with sshd IN THE SAME BUILDING
- Previous by thread: ssh to AIX 5.3 pauses on xauth
- Next by thread: Re: Jailkit, jailing sftp users and scp problems
- Index(es):
Relevant Pages
|
|
