Fedora Linux Support Community & Resources Center

Go Back   FedoraForum.org > Fedora 24/25 > Security and Privacy
FedoraForum Search

Forgot Password? Join Us!

Security and Privacy Sadly, malware, spyware, hackers and privacy threats abound in today's world. Let's be paranoid and secure our penguins, and slam the doors on privacy exploits.

 
 
Thread Tools Search this Thread Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 19th March 2017, 02:44 AM
SomeDamFool Offline
Registered User
 
Join Date: Sep 2006
Location: On up the road a piece
Posts: 715
linuxfedorafirefox
SSH can't get out of jail

I've been using Firejail for a couple of apps and today decided to let it populate /usr/local/etc/firejail with profiles for many known apps. After that I couldn't connect via ssh to my other computer and found a ssh.profile in that folder. If I move ssh.profile out of /usr/local/etc/firejail I can connect but first get a message I never got before.

Redirecting symlink to /usr/bin/ssh
Reading profile /usr/local/etc/firejail/default.profile
Reading profile /usr/local/etc/firejail/disable-common.inc
Reading profile /usr/local/etc/firejail/disable-programs.inc
Reading profile /usr/local/etc/firejail/disable-passwdmgr.inc
** Note: you can use --noprofile to disable default.profile **
Parent pid 18796, child pid 18797
]0;firejail /usr/bin/ssh -l user -x -e none -q xxx.xxx.x.xx echo FISH:;exec /bin/sh -c "if env true 2>/dev/null; then env PS1= PS2= TZ=UTC LANG=C LC_ALL=C LOCALE=C /bin/sh; else PS1= PS2= TZ=UTC LANG=C LC_ALL=C LOCALE=C /bin/sh; fi" Child process initialized
The authenticity of host 'xxx.xxx.x.xx (xxx.xxx.x.xx)' can't be established.
ECDSA key fingerprint isSHA256:OqogorjxUim4FxF8dzeS2bbNhGjn3afHyAUW0qHIg pM.
ECDSA key fingerprint is MD5:7b:83:fe:94:2c:fe:36:01:16:6d:cb:55:3e:06:d0:b 9.
Are you sure you want to continue connecting (yes/no)?

Firejail's instructions aren't very precise and their support is almost non-existent. This is the contents of ssh.profile. I tried commenting out some things but it didn't help. Does anyone see anything obviously wrong in it? Thanks.

Code:
# ssh client
quiet
noblacklist ~/.ssh
noblacklist /tmp/ssh-*
noblacklist /etc/ssh

include /usr/local/etc/firejail/disable-common.inc
include /usr/local/etc/firejail/disable-programs.inc
include /usr/local/etc/firejail/disable-passwdmgr.inc

caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6
seccomp
__________________
I live in my own little world, but it's OK, they know me here.
Reply With Quote
 

Tags
jail, ssh

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Skype Goes to Jail mchauber Using Fedora 8 28th November 2012 05:39 PM
ssh jail viper3two Security and Privacy 14 3rd May 2011 10:57 PM
ChrootDirectory Jail with sftp JPMallory Using Fedora 2 16th September 2008 03:29 PM
put the user in jail environment miniLinux Security and Privacy 5 13th June 2008 04:57 PM
Sex with girlfriend=10 years in jail..... Shadow Skill Wibble 77 27th December 2006 09:05 AM


Current GMT-time: 07:05 (Wednesday, 28-06-2017)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat