ISPConfig 3.1.13 on Debian 9 Stretch - non-root ssh users immediately disconnected

Hi !
I've got strange issue recently, not sure after what it happens, either to 3.1.13 or latest updates of Debian Stretch.
non-root ssh users immediately disconnected. I suspect this could be somehow related to jailkit but I'm not sure. Root user can connect just fine.
tail -n 10000 auth.log | grep client_ssh_login
Aug 28 18:46:35 mail sshd[31261]: Accepted password for client_ssh_login from ip1.xx.xx.xx port yyy ssh2
Aug 28 18:46:35 mail sshd[31261]: pam_unix(sshd:session): session opened for user client_ssh_login by (uid=0)
Aug 28 18:46:35 mail sshd[31261]: pam_unix(sshd:session): session closed for user client_ssh_login

This is really strange. Especially taking into account that port yyy every time is different, and is in 4xxxxx range which I don't use at all.
Server is in DMZ zone after router/firewall. All other services running fine.
What could be the problem?
Thanks in advance.

 

Try running the ssh session with -vvv to get more verbose output. Like so:

Code:

ssh -vvv [email protected]

Then try to as root su to ssh user, log in as root and

Code:

su - user

 

After successful login:

Last login: Tue Aug 28 18:47:12 2018 from ip.xx.xx.xx
debug3: receive packet: type 96
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug3: receive packet: type 98
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug3: receive packet: type 98
debug1: client_input_channel_req: channel 0 rtype [email protected] reply 0
debug2: channel 0: rcvd eow
debug2: channel 0: close_read
debug2: channel 0: input open -> closed
debug3: receive packet: type 97
debug2: channel 0: rcvd close
debug3: channel 0: will not send data after close
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug3: send packet: type 97
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
#0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cc -1)

debug3: send packet: type 1
Connection to ip1.xx.xx.xx closed.
Transferred: sent 2200, received 2696 bytes, in 0.1 seconds
Bytes per second: sent 15360.3, received 18823.4
debug1: Exit status 53

 

After login, I can't su to ISPConfig shell user client_ssh_login, it simply does nothing (no error messages) and remain root.
su wrong_user results in
No passwd entry for user 'wrong_user'
May be I should use webxx user instead ?

 

client_ssh_login:x:5005:5005::/var/www/clients/client1/web10/./home/client_ssh_login:/usr/sbin/jk_chrootsh

BTW, su webxx also results in nothing. No error message, just don't work without any message.

 

I removed chroot shell jailkit option in web control panel, no change.
Created another carbon copy shell user, login terminated instantly.
Reinstalled jalkit, all same.

Path is correct
/var/www/clients/client1/web10/
Quite strange, I can su in another web user without problem.

 

su from root doesn't work neither to web10 neither to client_ssh_login, path in /etc/passwd is correct.
su to another web user works.
web10:x:5005:5005::/var/www/clients/client1/web10/./home/web10:/usr/sbin/jk_chrootsh
client_ssh_login:x:5005:5005::/var/www/clients/client1/web10/home/client_ssh_login:/usr/sbin/jk_chrootsh

 

Does the home directory exist and is readable by the user?

 

cd /var/www/clients/client1
ls -la
drwxr-xr-x 20 root root 4096 Apr 1 00:04 web10
drwxr-xr-x 19 root root 4096 Aug 29 10:16 web8
su to web8 works, to web10 doesn't.

 

Those are not home directories for ssh users.

Code:

ls -lh /var/www/clients/client1/web10/

Code:

ls -lh /var/www/clients/client1/web8/

 

ls -lh /var/www/clients/client1/web10/

drwxr-xr-x 2 web10 client1 4.0K Apr 1 00:04 backup
drwxr-xr-x 2 web10 client1 4.0K Mar 29 13:14 bin
drwxr-xr-x 2 web10 client1 4.0K May 22 2017 cgi-bin
drwxr-xr-x 2 web10 client1 4.0K Aug 29 10:11 dev
drwxr-xr-x 6 web10 client1 4.0K Mar 29 13:14 etc
drwxr-xr-x 5 root root 4.0K Aug 29 10:17 home
drwxr-xr-x 4 web10 client1 4.0K Mar 29 13:14 lib
drwxr-xr-x 2 web10 client1 4.0K Mar 29 13:14 lib64
drwxr-xr-x 2 root root 4.0K Aug 29 00:05 log
drwx--x--- 2 web10 client1 4.0K May 22 2017 private
drwxr-xr-x 3 web10 client1 4.0K Mar 29 13:14 run
drwxr-xr-x 2 root root 4.0K Mar 29 13:14 ssl
drwxrwxrwx 2 web10 client1 4.0K May 8 15:48 tmp
drwxr-xr-x 6 web10 client1 4.0K Mar 29 13:14 usr
drwxr-xr-x 2 web10 client1 4.0K Mar 29 13:14 var
drwx--x--x 18 web10 client1 4.0K Mar 29 13:17 web
drwx--x--- 2 web10 client1 4.0K Mar 29 13:14 webdav

ls -lh /var/www/clients/client1/web10/home/
drwxr-x--- 6 web10 client1 4.0K Aug 29 10:18 client_ssh_login
drwxr-x--- 2 web10 client1 4.0K Jan 18 2018 web10

Strange enough, same client_ssh_login directory exists also in
ls -lh /var/www/clients/client1/web8/home/
drwxr-x--- 4 web8 client1 4.0K Jan 18 2018 client_ssh_login
drwxr-x--- 2 web8 client1 4.0K Aug 29 11:46 web8

 

Directory web10/home is owned by root:root. Use

Code:

chown web10:client1 web10/home

And use code block when you paste listings, makes it easier to read.

 

Did chown as above, restarted ssh service, nothing changed.
Probably have to completely delete all staff related to this user.

Made another shell user with jailkit, it logins succesfully. Really strange glitch.

 

Did you check owner of files in home/ directory? Recursively and also hidden files?

 

I wiped out all problematic staff, and recreated again.
Its really strange, I didn't changed anything of that web10 user for a months, only web programmer did uploaded some stuff about 2 months ago (he used chrooted shell access).