Skip to content

Shell-User fails to connect

short description

Shell user cannot log in to server if jailkit (v2.21) is enabled

correct behavior

User should be able to login to the jail/chroot of the website

environment

Server OS: debian Server OS version: buster ISPConfig version: 3.1.15p3

Reproducible action

  • set up a new server according to this tutorial
  • As described in section 16, version 2.20 of Jailkit is installed

Result (as expected): the shell user can use Jailkit

The problem occurs if the repo 'buster-backports' is activated in the sources.list file. There the newer version 2.21 of Jailkit is included.

jailkit/buster-backports 2.21-2~bpo10+1 amd64 [upgradable from: 2.20-1]

As soon as this version is installed via upgrade, a shell user can no longer log on to the server when Jail is active.

workaround

Downgrading back to version 2.20 restores the previous functionality, if the installed jk_init.ini is kept

Configuration file '/etc/jailkit/jk_init.ini'
 ==> Modified (by you or by a script) since installation.
 ==> Package distributor has shipped an updated version.
   What would you like to do about it ?  Your options are:
    Y or I  : install the package maintainer's version
    N or O  : keep your currently-installed version
      D     : show the differences between the versions
      Z     : start a shell to examine the situation
 The default action is to keep your current version.
*** jk_init.ini (Y/I/N/O/D/Z) [default=N] ? n

possible cause

As mentioned on the Jailkit website, the outdated utility jk_addjailuser has been removed in the new version

proposed fix

In the short term, a note/warning should be included in the above-mentioned tutorial. Maybe a note can be added on how to block the automatic upgrade of Jailkit (~# apt-mark hold jailkit).

If my suspicion is correct that the missing utility jk_addjailuser causes the issue, the related scripts should be modified for future ISPConfig installations.