Problem with jailkit on ISPConfig 3 an Debian Jessie

Discussion in 'Installation/Configuration' started by yalsicor, May 16, 2015.

  1. yalsicor

    yalsicor New Member

    Hi everyone,

    I have a problem with shell users using jailkit and cant get my head around it.
    When I add a shell user with jailkit and login as such via ssh the Connection is immediately closed.

    /var/log/auth.log sais:
    Code:
    May 16 14:16:04 test sshd[1376]: Accepted password for test_ssh4 from 95.90.214.151 port 12781 ssh2
    May 16 14:16:04 test sshd[1376]: pam_unix(sshd:session): session opened for user test_ssh4 by (uid=0)
    May 16 14:16:04 test sshd[1376]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
    May 16 14:16:04 test sshd[1376]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
    May 16 14:16:04 test jk_chrootsh[1389]: now entering jail /var/www/clients/client3/web2 for user test_ssh4 (5005) with arguments
    May 16 14:16:04 test jk_chrootsh[1389]: ERROR: failed to execute shell /bin/bash for user test_ssh4 (5005), check the permissions and libraries of /var/www/clients/client3/web2//bin/bash
    May 16 14:16:04 test sshd[1388]: Received disconnect from 95.90.214.151: 11: disconnected by user
    May 16 14:16:04 test sshd[1376]: pam_unix(sshd:session): session closed for user test_ssh4
    
    /var/log/ispconfig/ispconfig.log sais:
    Code:
    16.05.2015-14:14 - DEBUG - Set Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
    16.05.2015-14:14 - DEBUG - Found 1 changes, starting update process.
    16.05.2015-14:14 - DEBUG - Calling function 'insert' from plugin 'shelluser_base_plugin' raised by event 'shell_user_insert'.
    16.05.2015-14:14 - DEBUG - Executed command: useradd -d /var/www/clients/client3/web2 -g client3 -o  -p \$1\$GvIBreZH\$oO8tsmJ/K1M8WF4L/Eo7j0 -s /bin/bash -u 5005 test_ssh4
    16.05.2015-14:14 - DEBUG - Added shelluser: test_ssh4
    16.05.2015-14:14 - DEBUG - ssh-rsa setup shelluser_base
    16.05.2015-14:14 - DEBUG - ssh-rsa key updated in /var/www/clients/client3/web2/.ssh/authorized_keys
    16.05.2015-14:14 - DEBUG - Disabling shelluser temporarily: usermod -s /bin/false -L test_ssh4 2>/dev/null
    16.05.2015-14:14 - DEBUG - Calling function 'insert' from plugin 'shelluser_jailkit_plugin' raised by event 'shell_user_insert'.
    16.05.2015-14:14 - DEBUG - Added jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_chroot.sh /var/www/clients/client3/web2 'basicshell editors extendedshell netutils ssh sftp scp groups jk_lsh'
    16.05.2015-14:14 - DEBUG - Added programs to jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_programs.sh /var/www/clients/client3/web2 '/usr/bin/groups /usr/bin/id /usr/bin/dircolors /usr/bin/lesspipe /usr/bin/basename /usr/bin/dirname /usr/bin/nano /usr/bin/pico'
    16.05.2015-14:14 - DEBUG - Added bashrc script : /var/www/clients/client3/web2/etc/bash.bashrc
    16.05.2015-14:14 - DEBUG - Added jailkit user to chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_user.sh test_ssh4 /var/www/clients/client3/web2 /home/test_ssh4 /bin/bash web2 /home/web2
    16.05.2015-14:14 - DEBUG - Added created jailkit user home in : /var/www/clients/client3/web2/home/test_ssh4
    16.05.2015-14:14 - DEBUG - Added jailkit parent user home in : /var/www/clients/client3/web2/home/web2
    16.05.2015-14:14 - DEBUG - ssh-rsa setup shelluser_jailkit
    16.05.2015-14:14 - DEBUG - ssh-rsa authorisation keyfile created in /var/www/clients/client3/web2//home/test_ssh4/.ssh/authorized_keys
    16.05.2015-14:14 - DEBUG - ssh-rsa key updated in /var/www/clients/client3/web2//home/test_ssh4/.ssh/authorized_keys
    16.05.2015-14:14 - DEBUG - Jailkit Plugin -> insert username:test_ssh4
    16.05.2015-14:14 - DEBUG - Processed datalog_id 82
    16.05.2015-14:14 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
    
    Code:
    Linux test 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt9-3~deb8u1 (2015-04-24) x86_64 GNU/Linux
    ISPConfig 3.0.5.4p6

    I did a reinstall of jailkit
    Code:
    cd /tmp
    wget http://olivier.sessink.nl/jailkit/jailkit-2.17.tar.gz
    tar xvfz jailkit-2.17.tar.gz
    cd jailkit-2.17
    ./debian/rules binary
    cd ..
    dpkg -i jailkit_2.17-1_*.deb
    rm -rf jailkit-2.17*
    and an manual Update of ISPConfig
    Code:
    cd /tmp
    wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
    tar xvfz ISPConfig-3-stable.tar.gz
    cd ispconfig3_install/install
    php -q update.php
    still no luck.

    I have the same Setup on a another test server where everything works fine. The only difference I can see is the change of the ISPConfig version just before installing on the actual server. I did an update to ISPConfig 3.0.5.4p6 and it's still working on the test server.

    Any ideas what went wrong?
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    did you compare permissions and ownership of the bash command between a working and non working jail?
     
  3. yalsicor

    yalsicor New Member

    Tried to check permissions to find there were no bin directories in the jails, etc/passwd was empty. So jailkit did not setup things correctly.

    I compared permissions between servers and found /var/www was owned by www-data. Changed it to root, created a new shell user with jail and it works fine.

    Till, thanks for pointing me in the right direction.
     

Share This Page