Re: [Jailkit-users] SuSE problem

[Steve Follmer]

I did get some trace files from strace but they don't show anything
unusual.

I edited /etc/passwd, changing user 'test' into a normal user and back
into a jail user. Then I ran sshd -d manually. But examining the ssh
debug output shows very little difference. It seems to just decide on
its own that it got a session_exit_message, and happily closes the
connection.

All the processes involved seem to feel that the sftp session is
proceeding perfectly normally.

But the connection is closed immediately, with no special warnings or
messages in the logs or the traces.

Steve


> I tried the suggestion and here is my new situation.
> It just closes the session with no explanation:
> 
> sftp address@hidden
> Connecting to localhost...
> Password:
> Connection closed
> 
> Nothing in /var/log/warn, this is in /var/log/messages:
> 
> Jun  5 13:07:11 suse sshd[8030]: Accepted keyboard-interactive/pam for
> test from 127.0.0.1 port 59060 ssh2
> Jun  5 13:07:11 suse sshd[8036]: subsystem request for sftp
> Jun  5 13:07:11 suse jk_chrootsh[8037]: now entering jail /home/sftp for
> user test (1005)
> Jun  5 05:07:11 suse jk_lsh[8037]: jk_lsh version 2.3, started
> Jun  5 05:07:11 suse jk_lsh[8037]: executing command
> '/usr/lib/ssh/sftp-server' for user test (1005)
> 
> 
> I tried this, but the trace file is empty...
> ps axu | grep sshd | grep test
> root      8079  0.0  0.1   7856  2492 ?        Ss   13:13   0:00 sshd:
> test [priv]
> sshd      8083  0.0  0.0   7196  1344 ?        S    13:13   0:00 sshd:
> test [net]
> root      8084  0.0  0.0   7988  1692 ?        S    13:13   0:00 sshd:
> test [pam]
> 
> # strace -p 8083 -ff -e trace=file -o t2
> Process 8083 attached - interrupt to quit
> Process 8083 detached
> 
> 
> If you can suggest any further steps I can take I'd sure appreciate it.
> 
> --------
> 
> Some background:
> 
> I started over and created a new jail (though the old one has the same
> behavior).
> 
> I changed /etc/jailkit/jk_init.ini (the line executables =):
> 
> [sftp]
> comment = ssh secure ftp
> executables = /usr/lib/ssh/sftp-server
> includesections = netbasics, uidbasics
> devices = /dev/urandom
> 
> Then I followed these instructions from the man page:
> 
>        #initialise the jail
>        mkdir /home/sftproot
>        jk_init /home/sftproot jk_lsh
>        jk_init /home/sftproot sftp
>        jk_init /home/sftproot scp
>        # create the account
>        jk_addjailuser /home/sftproot test
>        # edit the jk_lsh configfile in the jail, see man jk_lsh
>        # you can use every editor you want, I chose 'joe'
>        joe /home/sftproot/etc/jailkit/jk_lsh.ini
>        # now restart jk_socketd
>        killall jk_socketd
>        jk_socketd
>        # test the account
>        sftp address@hidden
>        # check the logs if everything is correct
>        tail /var/log/daemon.log /var/log/auth.log
> 
> One minor issue, those log files don't exist anywhere on SuSE 10.2
> (after updatedb). Also, after doing the above there was no
> /home/sftp/home/test directory. So I created that as follows:
> 
> drwxr-xr-x 2 test users 4096 2007-06-05 12:53 test
> 
> /home/sftp/etc/jailkit/jk_lsh.ini now reads...
> [test]
> paths= /usr/bin, /usr/lib/ssh
> executables= /usr/bin/scp, /usr/lib/ssh/sftp-server
> allow_word_expansion = 0
> umask = 002
> 
> Then I killed and restarted jk_socketd
>