Hi, I have a weird bug when creating a shell-user. The passwd file in the jail directory is created but remains blank. Using ISPConfig 3.1.7p1 and JailKit 2.19 on Ubuntu xenial 16.04.3 LTS. Debug log of the shell-user process : 25.10.2017-16:41 - DEBUG - Calling function 'insert' from plugin 'shelluser_base_plugin' raised by event 'shell_user_insert'. 25.10.2017-16:41 - DEBUG - Executed command: useradd -d /var/www/clients/client1/web6 -g client1 -o -p \$1\$a6SwxFTa\$Vrsz8migQ/bvAkNu6CNU71 -s /bin/bash -u 1003 usertest 25.10.2017-16:41 - DEBUG - Added shelluser: usertest 25.10.2017-16:41 - DEBUG - ssh-rsa setup shelluser_base 25.10.2017-16:41 - DEBUG - ssh-rsa authorisation keyfile created in /var/www/clients/client1/web6/.ssh/authorized_keys 25.10.2017-16:41 - DEBUG - ssh-rsa key updated in /var/www/clients/client1/web6/.ssh/authorized_keys 25.10.2017-16:41 - DEBUG - Disabling shelluser temporarily: usermod -s /bin/false -L usertest 2>/dev/null 25.10.2017-16:41 - DEBUG - Calling function 'insert' from plugin 'shelluser_jailkit_plugin' raised by event 'shell_user_insert'. 25.10.2017-16:41 - DEBUG - Added jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_chroot.sh /var/www/clients/client1/web6 'basicshell editors extendedshell netutils ssh sftp scp groups jk_lsh' 25.10.2017-16:41 - DEBUG - Added programs to jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_programs.sh /var/www/clients/client1/web6 /usr/bin/groups 25.10.2017-16:41 - DEBUG - Added programs to jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_programs.sh /var/www/clients/client1/web6 /usr/bin/id 25.10.2017-16:41 - DEBUG - Added programs to jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_programs.sh /var/www/clients/client1/web6 /usr/bin/dircolors 25.10.2017-16:41 - DEBUG - Added programs to jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_programs.sh /var/www/clients/client1/web6 /usr/bin/lesspipe 25.10.2017-16:41 - DEBUG - Added programs to jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_programs.sh /var/www/clients/client1/web6 /usr/bin/basename 25.10.2017-16:41 - DEBUG - Added programs to jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_programs.sh /var/www/clients/client1/web6 /usr/bin/dirname 25.10.2017-16:41 - DEBUG - Added programs to jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_programs.sh /var/www/clients/client1/web6 /usr/bin/pico 25.10.2017-16:41 - DEBUG - Added programs to jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_programs.sh /var/www/clients/client1/web6 /usr/bin/mysql 25.10.2017-16:41 - DEBUG - Added programs to jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_programs.sh /var/www/clients/client1/web6 /usr/bin/mysqldump 25.10.2017-16:41 - DEBUG - Added programs to jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_programs.sh /var/www/clients/client1/web6 /usr/bin/git 25.10.2017-16:41 - DEBUG - Added programs to jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_programs.sh /var/www/clients/client1/web6 /usr/bin/git-receive-pack 25.10.2017-16:41 - DEBUG - Added programs to jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_programs.sh /var/www/clients/client1/web6 /usr/bin/git-upload-pack 25.10.2017-16:41 - DEBUG - Added programs to jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_programs.sh /var/www/clients/client1/web6 /bin/tar 25.10.2017-16:41 - DEBUG - Added programs to jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_programs.sh /var/www/clients/client1/web6 /bin/rm 25.10.2017-16:41 - DEBUG - Added programs to jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_programs.sh /var/www/clients/client1/web6 /usr/bin/patch 25.10.2017-16:41 - DEBUG - Added bashrc script: /var/www/clients/client1/web6/etc/bash.bashrc 25.10.2017-16:41 - DEBUG - Added jailkit user to chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_user.sh usertest /var/www/clients/client1/web6 /var/www/usertest /bin/bash web6 /var/www/web6 25.10.2017-16:41 - DEBUG - Added created jailkit user home in : /var/www/clients/client1/web6/var/www/usertest 25.10.2017-16:41 - DEBUG - Added jailkit parent user home in : /var/www/clients/client1/web6/var/www/web6 25.10.2017-16:41 - DEBUG - ssh-rsa setup shelluser_jailkit 25.10.2017-16:41 - DEBUG - ssh-rsa authorisation keyfile created in /var/www/clients/client1/web6//var/www/usertest/.ssh/authorized_keys 25.10.2017-16:41 - DEBUG - ssh-rsa key updated in /var/www/clients/client1/web6//var/www/usertest/.ssh/authorized_keys 25.10.2017-16:41 - DEBUG - Jailkit Plugin -> insert username:usertest 25.10.2017-16:41 - DEBUG - Processed datalog_id 90 25.10.2017-16:41 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock 25.10.2017-16:42 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'. 25.10.2017-16:42 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock wc /var/www/clients/client1/web6/etc/passwd : 0 0 0 /var/www/clients/client1/web6/etc/passwd tail /etc/passwd : <...> web6:x:1003:1004::/var/www/clients/client1/web6/./var/www/usertest:/usr/sbin/jk_chrootsh usertest:x:1003:1004::/var/www/clients/client1/web6/./var/www/usertest:/usr/sbin/jk_chrootsh When trying to connect to server using SFTP, I get this error : "Received unexpected end-of-file from SFTP server". in /var/log/auth.log : Oct 25 16:33:23 server sshd[22324]: Accepted password for usertest from 1.2.3.4 port 60473 ssh2 Oct 25 16:33:23 server sshd[22324]: pam_unix(sshd:session): session opened for user usertest by (uid=0) Oct 25 16:33:23 server jk_chrootsh[22362]: now entering jail /var/www/clients/client1/web6 for user usertest (1003) with arguments -c /usr/lib/openssh/sftp-server Oct 25 16:33:23 server sshd[22324]: pam_unix(sshd:session): session closed for user usertest As far as I know, the passwd file in the jail directory shouldn't be empty. Any idea ?
Correct. I checked a random jail on a server and it has 2 entries, root and the single ssh user which is assigned to that jail. Try creating a jail manually with jk_init and see if it has the same problem; I suspect it might, and the problem would be local to the system, not anything in ispconfig. From there... see what's in your jk_init.ini ?
The SSH daemon authenticates against the system passwd file and not against the one within the jail and I don't see a reason to have the passwd in the jail at the moment (at least when you don't run any software in the jail that tries to authentcate against the paswd file in the jail), it might even be a security benefit to not have it there.