[scponly] sftp with scponlyc

wby oblyr joe at sublimation.org
Thu Jul 31 02:03:30 EDT 2003 

roger,

one thing to note when custom building your own chrooted scponly environments, is that the ./configure script tries to find the location of 
your binaries in your "real" filesystem - it then embeds these values into the scponly binary itself as immutable full pathnames.  it does 
this to alleviate/prevent searching a PATH for a matching executable.  this is security paranoia, really.  in any case, the automatic chroot 
builder tries to put binaries in your chrooted system in the same relative place as they were located in your real filesystem.  for example, 
if you have a /usr/local/openssh/sftp-server, the chroot builder will put the sftp-server bin in /chrooted/usr/local/openssh/sftp-server and 
NOT /chrooted/bin/sftp-server or /chrooted/usr/bin/sftp-server, etc.

maybe that will help some? unfortunately, i'm not well versed in the various revision levels and nuances of the various ssh systems so i 
cant say specifically why you're having the problems you described.  if you have more troubles, keep sending to the list and i will try to 
keep an eye on it.

anyway, good luck,
joe

roger at rope.net wrote this message on Wed, Jul 30, 2003 at 18:07 -0600:
> On Wed, 30 Jul 2003 roger at rope.net wrote:
> 
> > 	Well, it looks like I'm getting closer to the answer, but there's
> > a ways to go, yet. Any pointers would be appreciated. Thanks.
> 
> 	Status: With a newer sftp that I tested, I was able to specify the
> path to the sftp-server from the commandline, and that worked.
> 
> 	Unfortunately, even though the man page says you can do it with
> the older sftp I have, it actually doesn't.
> 
> 	So, it all works "good enuff". Linux users can use the "latest"
> sftp and Windows users can use WinSCP/sftp and the environment is chrooted
> for security.
> 
> 	Next to do is to pare down the chroot environment, as I have
> undoubtedly added a lot of extraneous stuff because I thought that
> environment was incomplete...
> 
> -- 
> Roger Walker                    spam free @ http://www.evsmail.com
> Voice/Fax 1-780-440-2685                    http://www.rat-hole.com
> "HIS Pain - OUR Gain"                       http://www.man-from-linux.com
> 
> 
> _______________________________________________
> scponly mailing list
> scponly at lists.ccs.neu.edu
> https://lists.ccs.neu.edu/bin/listinfo/scponly

-- 
----

PGP KEY: http://www.sublimation.org/contact.html
PGP Key fingerprint = EC4B 0DA5 B4F6 BDDD 9176 55D6 3A6A 7D63 158F 22D2

More information about the scponly mailing list