if i set ssh for users via DirectAdmin, is it jailed ssh?

No.

Jeff

So what is the solution if u want to give only jailshell ?

DirectAdmin has released a beta but last I remember, there weren't enough people testing it to fix the bugs and bring it out of beta.

Originally posted by hosting
So what is the solution if u want to give only jailshell ?

yeah, i got the same question. how do we offer jail ssh if not by DA?

http://help.directadmin.com/item.php?id=90

Anyone here got this running properly ?

I think this is a feature that would be really appricated if it gets out of beta status......

i follow the link that someone posted for DA's beta on jail ssh. everything seem fine but i haven't login to try it yet.

Is the beta out of bugs as i am planning to buy DA lifetime license as i need to provide shell access to some users, so i do not want to invest my money on something that doesnt offer shell access feature.So is there going to be any development on jailshell issue?

It is still beta. My understanding is that there are not enough people testing it and reporting bugs to bring it out of beta, but so far everybody who has tried it appears to have gotten it to work.

Has anyone asked John if they've gotten enough reports to bring it out of beta?

I will.

Jeff

Hello,

We haven't heard any negative reports in quite a while, so I'm assuming everything is stable for the most part. It's technically still beta because we want lots of trial runs to make sure.

John

I followed the guide and when i tried to jail a user, i get a bunch of the following errors:

cp: cannot create regular file `/home/amenkart/lib/tls/i586/libc.so.6': No such file or directory
cp: cannot create regular file `/home/amenkart/lib/tls/i586/libm.so.6': No such file or directory
cp: cannot create regular file `/home/amenkart/lib/tls/i586/libpthread.so.0': No such file or directory

Then once i try to login as that user in ssh, i get:
-/bin/bash: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory
Connection to localhost closed.

Any ideas?

Hello,

I'll add "/lib/tls/i586" to the directory list to create inside the jail.
Then just update your jail_user.sh script and re-jail the user.

John

Originally posted by DirectAdmin Support
Hello,

I'll add "/lib/tls/i586" to the directory list to create inside the jail.
Then just update your jail_user.sh script and re-jail the user.

John

ok, i also added that to the script, and reran it, now i can login as that user.
however the following now happens:

When i type "ls"
ls
ls: error while loading shared libraries: librt.so.1: cannot open shared object file: No such file or directory

i did "pwd" to see which directory its in, and it is in /home/username/ as the starting off home directory

it seem like DA's jail ssh is not ready. i run into couple of problem too.

Originally posted by jt2377
it seem like DA's jail ssh is not ready. i run into couple of problem too.

what problems, it is helpful for us to tell directadmin so they can fix the issues

Found another bug...you hardcoded in the version number for perl5.

Line 93 of jail_user.sh:

mkdir -p $USER_HOME/usr/lib/perl5/5.8.0/i386-linux-thread-multi/CORE

Had to change that 5.8.0 to my version, 5.8.3.

Other than that, everything went fine.


*edit*

Just tested it on another box...had to add in the following to the directory list:



mkdir -p $USER_HOME/lib/i686

Hello,

I've added these last few updates to the script. I've also make it work a bit cleaner by addding check to see if the original directories exist before bothering to create the jailed versions
if [ -e /usr/lib/perl5/5.8.0/i386-linux-thread-multi/CORE ]; then
mkdir -p $USER_HOME/usr/lib/perl5/5.8.0/i386-linux-thread-multi/CORE
fi
if [ -e /usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE ]; then
mkdir -p $USER_HOME/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE
fi
if [ -e /lib/tls/i586 ]; then
mkdir -p $USER_HOME/lib/tls/i586
fi
if [ -e /lib/i686 ]; then
mkdir -p $USER_HOME/lib/i686
fiJohn

John it checks up to v 5.8.7? even 5.8.3 is old.

Yea, the version hardcoded like that wouldnt be too good for the future and other versions obviously...how about this to retrieve someone's current version? Don't know if I may be doing it a more complicated way...but you get the point. :)



PERL_VERSION=`perl -v | awk '/perl,/ { print $4 }' | awk --field-separator=v '{ print $2 }'`

mkdir -p $USER_HOME/usr/lib/perl5/$PERL_VERSION/i386-linux-thread-multi/CORE

Hello,

This is just for the directory creation process, so when the libraries are needed to be copied over, the parent directories exist.

I like that "dynamic" soluition.. I'll throw it in, thanks ;)

John

Dutch speaking users, please check this:

"Deze howto beschrijft hoe je een chrootsysteem kan opzetten voor de SSH gebruikers op je systeem. Gedurende deze handleiding moet je ingelogd zijn als root."
http://snakesh*t.nl/documentatie/html/chrootssh.html

Please note it's an EXTRA service next to your original sshd server.

I've been running this beta on my FreeBSD box for a few weeks and it seems to work fine.

why is the url censored?

Because sh*it is a banned word, lol.

idd :) but i edited my post :)

is there any way to unjail the user?