Re: [Jailkit-users] sftp chroot - Connection Closed

[Olivier Sessink]

Michael Groves wrote:
> Oliver wrote:
> > the output of the command shows you whether jk_socketd is running. If 
> > you are not running it check the contents of
> /etc/jailkit/jk_socketd.ini 
> > and if that seems correct start the daemon `jk_socketd`
> <snip>
>
> As there was no output from running the command `ps ax|grep jk_socketd`
> I assume jk_socketd is not running. I ran jk_socketd and nothing was
> displayed. I ran ps ax|grep jk_socketd` and again nothing was diplayed.
> My Jk_socketd.ini looks like this; is it correct?
>
> [/home/jail/dev/log]
> base=512
> peek=2048
> interval=10

if your jail is /home/jail and the directory /home/jail/dev exists this 
seems ok. what do the logs show about jk_socketd?

> I tried sftp address@hidden again and still get 'Connection Closed'
> But this time I have an entry in /var/log/warn
> Linux jk_lsh[5534] : WARNING: user mike (1003) tried to run
> '/usr/lib/ssh/sftp-server', which is not allowed according to
> /etc/jailkit/jk_lsh.ini

good, we have logging, so we can continue

> My /etc/jailkit/jk_lsh.ini looks like this;

you mean the /home/jail/etc/jailkit/jk_lsh.ini ? if jk_lsh is running 
inside /home/jail its configfile is read in that jail.


> [group users]
> paths = /usr/bin
> executables = /usr/bin/cvs
> allow_word_expansion = 0
> #
> [mike]
> paths= /usr/bin, usr/lib
> executables= /usr/bin/scp, /usr/lib/sftp-server
> allow_word_expansion = 0
> umask = 002
>
> Having to manually type this I just noticed that there is no spaces
> before some of the '=' signs in the user section, is this correct?

the space is not a problem. the problem is that /usr/lib/ssh/sftp-server 
is not listed in your /home/jail/etc/jailkit/jk_lsh.ini, and the log 
message tells you that the user tries to run it. Perhaps you need to add 
it, and that directory to jk_lsh.ini in the jail.

regards,
        Olivier