Install without Jailed SSH

Hello!

Just received a notification about the recent update. Congratulations and thanks to everyone engaged with this update. Should have been a lot of headaches and time spent.

The Jailed SSH was introduced recently. For multiple users in a commercial or shared environment, this is OK.

However, I am running a single admin running a server (with multiple users on it). I do not need all that.

Is it possible to deactivate installation of the entire Jailed SSH packages and environment already during the installation like jailedssh --off?

I did not yet see all the recent codes and hence I may have overlooked, if this is already implemented in the install script.

Jailed SSH will only get enabled when you select it in the user packages …

Hi!

Yes, thanks. My question is why to install cvertain packages, when this entire function is not necessary. Having unnecessary packages is a headache as it will require resources of time and SSD-space.

Thus, I would not like to install all relevant packages. Hence the question.

I do have a bit of confusion here. I had installed the bebta and it did show there were users jailed. As I do not use this feature, I did not investigate it. May be I did not yet understand it properly.

Is it designed such that packages will be installed only if there is some user activation? I am confused…

We are talking about

• Download MD5 sum: 630eec714ea04729efd116ea85a715a3.
• Download size: 116 KB.
• Estimated disk space required: 3.2 MB (with tests)

We have rewritten the jailed ssh. In the past it made full copies of the /usr/bin/ folder

Hi Eris!

Thanks so much for your reply.

In the past it made full copies of the /usr/bin/ folder

Exactly this was the reason (using alpha/beta) why I did not want it. I did not see the new code. So it should be fine now.

Glad that you pointed that out.

Which option is for jailed ssh?

jailbash

i have only bash, dash, nologin, rbash, screen, sh

What version are you on?

1.9.2

i see that Demo of hestia doesnt have it too.

And???

Run: v-add-sys-ssh-jail

Thanks, this worked. But the user isn´t restricted to only his home folder? because i can still enter other stuff as before in SSH and SFTP

You need to select jailbash for the user shell to restict the user.

i know and i did it after running v-add-sys-ssh-jail, thats why i wrote “Thanks, this worked”.
Still not restricted to own home folder

Can you see the home folders of others users? If not it’s working correctly. The users has read only access to binaries and a fake versions of /var and /tmp. You can see here how a jail container is wired:

i can´t enter the other users folders, but i can enter for example logs, and download logs from /nginx/domains and other log stuff + i can enter and download stuff from some custom folders which i have created for gameservers.

Hmm interesting. Can you share the paths of these folders? It might be needed to tighten the permissions more. But to do so I need more information of what paths are leaking.

/var/log/nginx/domains - i can access and download files
/var/log/nginx - access works but download not
/var/log/apt - access and download
/var/log - some files are downloadable, some not
/var/backups - access and download
/usr/local/hestia - both
/backup - access works, download only own backup
custom folders /home/cod - /home/bots - both are root:root still can access and download everything

Then the jail is not being applied correctly. Check you check in /etc/passwd if jailbash is applied correctly for that user? It should look like the following. Note the /usr/sbin/jailbash at the end:

jailed:x:1004:1005:[email protected]:/home/jailed:/usr/sbin/jailbash

You can see if the jail is running checking for the process when you’re logged in with the user:

ps -aux | grep jailbash