If I not wrong in the last version of interworx-cp-install you set by default the installation of the jailed ssh. You don’t perform this task when home is a partition which is mounted.
So is it possible to set the jail ssh if home is a partition ?
you may need to stop other services, do an ‘lsof /home’ to determinen what’s using /home
cd /
umount /home
confirm /home is umounted and empty. If it is, go ahead rmdir /home
edit /etc/fstab to change the mount point of the partition to /chroot instead of /home (you may want to change the label of the partition using e2label to stay consistent with the other partitions)
When I connect whit a siteworx account to my box with the jail ssh setup I have this
Last login: Sat May 6 05:40:11 2006 from xxe-01-111-08-19.w81-3.abo.1.fr
id: cannot find name for group ID 574
id: cannot find name for user ID 574
[I have no name!@obiwan ~]$
Why is there this id: cannot find name ? and have “I have no name!”
is it normal ?
Also is it absolutly necesseray to have /chroot set with a chmod to 755 ? 711 wouldn’t be fine ?
And finally, on my other box (with home not mounted) I have done this
mkdir /chroot
mv /home /chroot/
ln -sf /chroot/home /home
chmod 755 /chroot
chmod 711 /chroot/home
Then I have changed one siteworx to allow it to connect with /usr/sbin/jk_chrootsh
But when I connect with this user I’m disconnect immediatly after the password
here is the log in /var/log/message, nothing special
May 6 06:14:26 padawan sshd(pam_unix)[6032]: session opened for user carathos by (uid=0)
May 6 06:14:27 padawan jk_chrootsh[6033]: now entering jail /chroot for user carathos (500)
May 6 06:14:27 padawan sshd(pam_unix)[6032]: session closed for user carathos
711 is should be fine Pascal, IIRC I did the same on a box a while back but the drawback is that your users will NOT be able to go that far down the directory tree which is pribably what you want anyway
As for the [I have no name!@obiwan ~]$
I suspect if you type #hostname you will get I have no name
The hostname can be changed via
if you don’t already know how (though I suspect you do)
Take a look at /etc/passwd and /etc/group to see if the user obiwan is really user and group 574
The rest of it “looks” right to me but I’ll leave that to Socheat
711 is should be fine Pascal, IIRC I did the same on a box a while back but the drawback is that your users will NOT be able to go that far down the directory tree which is pribably what you want anyway
exactly, it is what I want
As for the [I have no name!@obiwan ~]$
I suspect if you type hostname you will get I have no name
The hostname can be changed via
if you don’t already know how (though I suspect you do)
Tim, it is not the hostname but the name of the user. Hostname is well shown, it is obiwan
For exemple
[root@obiwan html]# the user is root and the hostname is obiwan and the current dir is html. What is not shown well a user log in using jail ssh is their user name
Take a look at /etc/passwd and /etc/group to see if the user obiwan is really user and group 574
Obiwan is not a user but the hostname and yes the user carathos have the id 574
The rest of it “looks” right to me but I’ll leave that to Socheat
Actually, the passwd file you should be checking for is /chroot/etc/passwd. Make sure the /chroot/etc/passwd entry for that user is identical to the entry in /etc/passwd, including uid and gids.
What I do not understand is in the strace it founds the libc.so file. There is a lot of bad descriptor when it searche for the rlimit, but not sure it is related.
Here is the strace output of the su carathos command.