Remote users, Jailkit and SSH authentication

Discussion in 'Installation/Configuration' started by Pyanepsion, Jan 6, 2026.

Tags:
  1. Pyanepsion

    Pyanepsion Member

    Hello,

    This question refers to section 4.6.4 ‘Command Line’ (pages 165–166 of the manual).
    The documentation presents Jailkit as a standard way to confine remote users.

    Could you clarify the expected behaviour regarding SSH authentication in this context?
    —Is SSH authentication (key or password) expected to work reliably with chrooted remote users using Jailkit?
    —Or should Jailkit mainly be considered a confinement mechanism whose behaviour may depend on the environment and is not guaranteed in all cases?

    Thank you for the clarification.
     
    Pyanepsion, Jan 6, 2026
    #1
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Jailed SSH users work reliably and in the same way as non-jailed users work. The jail is enforced by the jailkit shell, which is set for the user in /etc/passwd, so authentication happens before the user is jailed.
     
    till, Jan 6, 2026
    #2
  3. Pyanepsion

    Pyanepsion Member

    Thank you for this clarification.
     
    Pyanepsion, Jan 9, 2026
    #3
  4. Talutah W Elan

    Talutah W Elan New Member

    Sorry for reviving old thread, but in that matter I'd like to ask if those .ssh/authorized_keys in shell-users home-dirs matter anything.

    Or more precisely if a website is hacked but executing a chrooted/jailed PHP script, can hackers modify non-jailed user .ssh/authorized_keys and thus obtain a non-jailed shell with a terminal ?
     
    Talutah W Elan, Apr 13, 2026 at 6:07 PM
    #4
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    They can not modify the authorized_keys of SSH users of other sites, no matter if jailed or not. But if you have multiple SSH users in one site, then you must jail them all as all users of a site share the same UID.
     
    till, Apr 13, 2026 at 6:15 PM
    #5

Share This Page