[ale] Jailkit on RHEL or CentOS?

Brandon Checketts brandon at brandonchecketts.com
Mon Aug 24 16:18:13 EDT 2009 

I've got it working several times, but it always seems to be a fight.  I have a
few notes at
http://www.brandonchecketts.com/archives/using-jailkit-for-chrooting-shell-accounts
but that post is a bit old.

Seems I usually end up having to strace the ssh process on the server to see
where it is failing.   I usually do this on a customer box so don't have access
to the configs anymore.

>From memory, a few things I remember having to do:
- Make sure user is in /etc/passwd inside the jail
- Make sure group is in /etc/group inside the jail
- /etc/jailkit/jk_lsh.ini (inside the jail) needs to exist and be readable
- Make sure user's home directory exists inside the jail, and that they own it
- Seems like some other file/directory permissions are kindof strict (parent
directories can't be group- or world-writable)
- I can't remember if you can try it with a normal shell first, before using
jk_lsh as your shell

I also recall trying to 'su' to a jailed user to make sure that works locally
before trying to do it via SSH.

Good luck,
Brandon Checketts





Brandon Colbert wrote:
> I use this: http://olivier.sessink.nl/jailkit/howtos_ssh_only.html
> 
> On Wed, Aug 19, 2009 at 10:01 AM, Jeff Lightner <jlightner at water.com
> <mailto:jlightner at water.com>> wrote:
> 
>     Has anyone successfully gotten Jailkit to run RHEL or CentOS 4 or 5
>     for sftp-server?  If so, could you share your ini files?
> 
>      
> 
>     The documentation for Jailkit is mainly aimed at Debian.  
> 
>      
> 
>     I’m getting knocked off immediately after entering the password even
>     though it is accepted according to /var/log/secure.  I suspect there
>     is some PAM stuff the Jailkit stuff isn’t automatically copying but
>     using ldd and strace I haven’t been able to narrow down what is
>     missing yet.
> 
>      
>     /Please consider our environment before printing this e-mail or
>     attachments./
>     ----------------------------------
>     CONFIDENTIALITY NOTICE: This e-mail may contain privileged or
>     confidential information and is for the sole use of the intended
>     recipient(s). If you are not the intended recipient, any disclosure,
>     copying, distribution, or use of the contents of this information is
>     prohibited and may be unlawful. If you have received this electronic
>     transmission in error, please reply immediately to the sender that
>     you have received the message in error, and delete it. Thank you.
>     ----------------------------------
> 
>     _______________________________________________
>     Ale mailing list
>     Ale at ale.org <mailto:Ale at ale.org>
>     http://mail.ale.org/mailman/listinfo/ale
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale

More information about the Ale mailing list