Shell-User fails to connect
short description
Shell user cannot log in to server if jailkit (v2.21) is enabled
correct behavior
User should be able to login to the jail/chroot of the website
environment
Server OS: debian Server OS version: buster ISPConfig version: 3.1.15p3
Reproducible action
- set up a new server according to this tutorial
- As described in section 16, version 2.20 of Jailkit is installed
Result (as expected): the shell user can use Jailkit
The problem occurs if the repo 'buster-backports' is activated in the sources.list file. There the newer version 2.21 of Jailkit is included.
jailkit/buster-backports 2.21-2~bpo10+1 amd64 [upgradable from: 2.20-1]
As soon as this version is installed via upgrade, a shell user can no longer log on to the server when Jail is active.
workaround
Downgrading back to version 2.20 restores the previous functionality, if the installed jk_init.ini
is kept
Configuration file '/etc/jailkit/jk_init.ini'
==> Modified (by you or by a script) since installation.
==> Package distributor has shipped an updated version.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : start a shell to examine the situation
The default action is to keep your current version.
*** jk_init.ini (Y/I/N/O/D/Z) [default=N] ? n
possible cause
As mentioned on the Jailkit website, the outdated utility jk_addjailuser has been removed in the new version
proposed fix
In the short term, a note/warning should be included in the above-mentioned tutorial. Maybe a note can be added on how to block the automatic upgrade of Jailkit (~# apt-mark hold jailkit
).
If my suspicion is correct that the missing utility jk_addjailuser causes the issue, the related scripts should be modified for future ISPConfig installations.