Hi all,
Tried the update but still have the same error on 2 machines.
David
On 12/9/2020 11:22 AM, Michael Stauber wrote:
Hi Dirk,
since the last CentOS8 release update I have a problem with jailed SFTP
connections "Chrooted SFTP, SCP and RSYNC" on a server with CentOS8/BO
5210R.
No connection is established. The SFTP client asks if there is a SFTP
server on the other side.
SFTP connections of users with unlimited shell access are no problem.
Yes, the server was restarted. Yes, the jailkit.service is running.
I just tested it and I can replicate it.
It doesn't even matter if you use either one of these two options:
Chrooted SFTP, SCP and RSYNC
Chrooted Shell, SFTP, SCP and RSYNC
The net result is the same:
ftp <username>@<domain> <--- Works
sftp <username>@<domain> <-- doesn't work, but should
ssh <username>@<domain> <--- Works (if "Chrooted Shell,
SFTP, SCP and RSYNC" enabled)
scp file.txt <username>@<domain>:<path> <-- fails with error:
/usr/bin/scp: error while loading shared libraries: libcrypto.so.1.1:
cannot open shared object file: No such file or directory
lost connection
That gives us an indication about the nature of the problem.
Let's see what we have:
[root@5210r lib64]# ls -k1 /home/sites/<vsite>/lib64/libcry*
libcrypt.so.1
libcrypt.so.1.1.0
If I set up a new Vsite with Jails enabled (or disable and re-enable
Jails), I get this instead:
[root@5210r lib64]# ls -k1 /home/sites/<vsite>/lib64/libcry*
libcrypto.so.1.1
libcrypto.so.1.1.1g
libcrypt.so.1
libcrypt.so.1.1.0
So that's the issue: Jails that were created BEFORE the CentOS 8.3 YUM
updates don't have all the dependencies in them anymore that they need
for "sftp" and "scp".
Work around:
=============
Go to the Vsite in question and under "Shell & FTP" set "Shell Access"
to "None" and save. Then set it back to what it should be and save again.
PLEASE NOTE: This will remove all pre-existing Shell & FTP provisions
from all users of that Vsite. So this is not ideal and these rights need
to be granted to the users again.
Proper fix via YUM update:
===========================
We do have a daily cronjob /etc/cron.daily/jail_warden.pl which is
supposed to check all Vsites with enabled jails and runs "jk_update"
over the two jails of each Vsite to keep their jails current with any OS
related changes such as this.
However: It appears as if "jk_update" is not picking up the OS changes
introduced by the CentOS 8.3 update.
So I just modified /etc/cron.daily/jail_warden.pl to run a full
"jk_init" against existing jails instead. That fixes the problem.
Updated base-vsite-* RPMs have just been published.
TL;DR:
======
yum clean all
yum update
/etc/cron.daily/jail_warden.pl
Many thanks for the report!
--
Thank you
David Hahn
----
Hey Super Users! - su
Get E Mail Alerts when sites or services are up or down.
Remotely Monitor Website and/or Service Absolutely Free in seconds.
http://mon.pagekeeperservice.com
_______________________________________________
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx
