May be silly question, but seaching since 2 hours finding no solution I trie it here I need external access to a website of my custumer (didn'nt need it till now), as I like ssh /sftp acces I added a shell user for this chrooted. But I have no luck to login wether with SFTP nor with SSH. SSH access with my administration account works well, so ssh should work, user is in /etc/passwd and password is tripple checked. Thanks for any hint Rainer
Please check the passwd file entry for this user. Does it contain the correct path to the web chroot environment? Has the chroot environment the correct access rights? What is in /var/log/auth.log and /var/log/syslog when you try to login?
Added a second user not chrooted Found out it is working if not chrooted, but then it logs me in without asking a password. in auth.log "servername sshd[24822]: Accepted publickey for username from ipaddress port 55886 ssh2: RSA dd:44:f0:1f:d4:38:e6:bd:5f:79:a7:23:8e:15:dd:dc Nov 21 20:29:33 servername sshd[24822]: pam_unix(sshd:session): session opened for user username by (uid=0)" No idea where the ras key comes from, does ISPconfig do this by default? The user from the mac i'm loging in has one that is accepeted for the root account of the web server I tried a root login and got the same ras fingerprint RSA dd:44:f0:1f:d4:38:e6:bd:5f:79:a7:23:8e:15:dd:dc, what should not be, that teh root ras key ist accepter for other users If the chrooted user in auth.log "servername sshd[24731]: User username not allowed because shell /usr/sbin/jk_chrootsh does not exist" "serername sshd[24731]: input_userauth_request: invalid user username [preauth] Found some quit old articels in the web that there are problems with jailkit and ssh login, but no real solution Rainer EDIT: sems that jailkit is, for which reason ever) not installed on just the webserver in my multiserver installation. I installed following the ISPconfig 3 manuell, in conjunction with the at that time actuell Perfect server debian jessie manual mk
It seems that you did not install jk_chroot before installing ISPConfig as stated in the perfect server tutorial. Installing afterwards will not work reliably. I'm not sure that you installed jk_chroot at all because the command is missing. On creation of a SSH user all keys from /root/.ssh/authorized_keys are automatically inserted into the authorized keys file of the new user.
I think you are right. I did not install jailkit afterwords. I do not know why I didn't install jailkit on this server. So I think I add an additional VM with debian stretch and install the webserver for the new customer there. Later I can move my other webservers there and delete the actual. I have enough IP addresses and disk space. With stretch I will get longer Debian support too Thanks for the help Rainer
