I have setup my server based on tutorial Howto perfect server ISPConfig Ubuntu 10.10, but Jailkit isn't working. When I add shell user to some site and choose "Jailkit"( options are "None" and "Jailkit" ) option and then login via ssh as that user, the user can browse all system. Outputs are: tail -f /var/log/auth.log Feb 12 16:58:43 www sshd[4370]: Accepted password for bojana from 10.13.1.56 port 2128 ssh2 Feb 12 16:58:43 www sshd[4370]: pam_unix(sshd:session): session opened for user bojana by (uid=0) Feb 12 16:58:44 www sshd[4370]: pam_unix(sshd:session): session closed for user bojana /etc/passwd web3:x:5006:5005::/var/www/clients/client1/web3/./home/web3:/bin/false bojana:x:5006:5005::/var/www/clients/client1/web3/./home/bojana:/bin/bash /etc/init.d/jailkit restart Stopping jailkit: jk_socketd/usr/sbin/jk_socketd: no process found done. Starting jailkit: jk_socketdversion 2.13, no sockets specified in configfile /etc/jailkit/jk_socketd.ini or on commandline, nothing to do, exiting... done. It seems like Jailkit is not properly configured. I tried updating ISPConfig and reconfiguring services but problem remains. Please can you help me solve this. Zeljko
The jailkit daemon is not used, so its ok that it does not start. Regarding the login issue, the user bojana uses a wrong shell. Have you edited anything in the /etc/passwd file manually or did you change any settings of the user bojana manually on the shell?
Till, I haven't changed anything manualy...I will add new shell user now and post what happend in /etc/passwd Tnx.
After adding new testuser this is the line in /etc/passwd testuser:x:5006:5005::/var/www/clients/client1/web3/./home/testuser:/bin/false And I cannot login to server with putty ... putty just crashes ( disapear ). root@www:~# tail -f /var/log/auth.log Feb 14 11:04:20 www sshd[10294]: Accepted password for testuser from 192.168.13.202 port 3756 ssh2 Feb 14 11:04:20 www sshd[10294]: pam_unix(sshd:session): session opened for user testuser by (uid=0) Feb 14 11:04:20 www sshd[10294]: pam_unix(sshd:session): session closed for user testuser
If I change the shell from /bin/false to /usr/sbin/jk_chrootsh in /ets/passwd I got this in /var/log/auth.log Feb 14 11:10:34 www sshd[10702]: Accepted password for testuser from 192.168.13.202 port 3882 ssh2 Feb 14 11:10:34 www sshd[10702]: pam_unix(sshd:session): session opened for user testuser by (uid=0) Feb 14 11:10:34 www jk_chrootsh[10770]: now entering jail /var/www/clients/client1/web3 for user testuser (5006) Feb 14 11:10:34 www jk_chrootsh[10770]: abort, failed to get user information in the jail for user ID 5006: Success, check /var/www/clients/client1/web3/etc/passwd Feb 14 11:10:34 www sshd[10702]: pam_unix(sshd:session): session closed for user testuser Any idea?
I assume ISPConfig/Jailkit should make some shanges to /var/www/clients/client1/web3/etc/passwd and group file, but those files are empty ... I'm getting desperate
G'day, The problem is not with ISPConfg but with the jailkit program. 10-10-2010: Jailkit 2.13 released. Jailkit 2.13 fixes a regression in the build system that could set the location of the configuration directory to the wrong path. In short the version that the howto recommend tell you to download 2.12 which has a major bug where it expects all config files to be located in /usr to resolve this issue download the latest version and it'll work. T P.S. it took me 2 hours to figure this out....
Hi Folken, tnx for reply, but the installed version of Jailkit is 2.13 .... must be something else...
Interesting.. Enable debug mode under system then check the crontab log file... that pointed me in the direction that fixed mine..
Please see ISPConfig FAQ: http://www.faqforge.com/linux/controlpanels/ispconfig3/how-to-enable-debugging-in-ispconfig-3/
You havent posted the infos yet that folken requested. Without the infos from the debug log, we can not help you.
As you can see, there is nothing in log concerning Jailkit ... all the entries are like those posted belov.... 2011-02-14 21:01 www.nadlanu.com Debug Set Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock 2011-02-14 21:00 www.nadlanu.com Debug Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock 2011-02-14 21:00 www.nadlanu.com Debug No Updated records found, starting only the core. 2011-02-14 21:00 www.nadlanu.com Debug Set Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock 2011-02-14 20:59 www.nadlanu.com Debug Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock 2011-02-14 20:59 www.nadlanu.com Debug No Updated records found, starting only the core. 2011-02-14 20:59 www.nadlanu.com Debug Set Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock 2011-02-14 20:58 www.nadlanu.com Debug Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock 2011-02-14 20:58 www.nadlanu.com Debug No Updated records found, starting only the core. 2011-02-14 20:58 www.nadlanu.com Debug Set Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock 2011-02-14 20:57 www.nadlanu.com Debug Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock 2011-02-14 20:57 www.nadlanu.com Debug No Updated records found, starting only the core. 2011-02-14 20:57 www.nadlanu.com Debug Set Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock 2011-02-14 20:56 www.nadlanu.com Debug Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock 2011-02-14 20:56 www.nadlanu.com Debug No Updated records found, starting only the core.
Please create a nwe website, then add a new jailkit ssh user to that new website and check the log again for errors.
Created new website, jailkited shell user but still nothing in the log about that ... 2011-02-18 12:06 www.nadlanu.com Debug Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock 2011-02-18 12:06 www.nadlanu.com Debug No Updated records found, starting only the core. 2011-02-18 12:06 www.nadlanu.com Debug Set Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock 2011-02-18 12:05 www.nadlanu.com Debug Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock 2011-02-18 12:05 www.nadlanu.com Debug No Updated records found, starting only the core. 2011-02-18 12:05 www.nadlanu.com Debug Set Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock 2011-02-18 12:04 www.nadlanu.com Debug Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock 2011-02-18 12:04 www.nadlanu.com Debug No Updated records found, starting only the core. 2011-02-18 12:04 www.nadlanu.com Debug Set Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock 2011-02-18 12:03 www.nadlanu.com Debug Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock 2011-02-18 12:03 www.nadlanu.com Debug No Updated records found, starting only the core. 2011-02-18 12:03 www.nadlanu.com Debug Set Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock 2011-02-18 12:02 www.nadlanu.com Debug Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock 2011-02-18 12:02 www.nadlanu.com Debug No Updated records found, starting only the core. 2011-02-18 12:02 www.nadlanu.com Debug Set Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
Same issue, but finally solved it It seems that if you create an SSH/Jailkit user using ISPConfig admin account then the jailkit won't work and the connection will close as soon as user's logged. Create your SSH user using the reseller or client account which owns the concerned website, and then it should work, at least for me. Hope it will help....
Technically there is no difference if the admin or client or reseller created the ssh user as the same code is executed in every case. When I create a ssh user as admin with jailkit enabled, then the chroot works fine on my Debian server.
jailkit I've the same problem on Debian Lenny, and now I resolved it on my system with this: cd /usr ln /etc/jailkit/jk_init.ini jk_init.ini ln /etc/jailkit/jk_socketd.ini jk_socketd.ini apt-get install nano After that change Chroot Shell to None, do Save, and return this option to Jailkit.
