[scponly] Re: scponly

Tue Mar 18 13:12:56 EST 2003

Chris,

it looks like the chroot environment isnt quite quite right, but i'm not
sure.

it may be valuable to put winscp into a debug mode... winscp can be set to
log all commands and output to a text file, i'm hazy on the details but
this is the feature i used to implement winscp compatibility.  if you can
capture the winscp logfile, that would be valuable in diagnosing your
problem.  sorry i didnt mention this last time...

its a good idea to look at setup_chroot.sh and to try to manually
accomplish the same steps - this way you will understand better what needs
to be accomplished and how the script is failing you.

again, please let me know if you find out more...

joe

 ----

PGP KEY: http://www.sublimation.org/contact.html
PGP Key fingerprint = EC4B 0DA5 B4F6 BDDD 9176 55D6 3A6A 7D63 158F 22D2

On Tue, 18 Mar 2003, Chris Hawkins wrote:

> Hi Joe -
>
> Well, I got closer, but still no cigar... I ended up just forcing USE_PW to
> be 0 and rem'ing out the lines underneath .... if  x/usr/bin/useradd = x
> then...
>
> I also had to take the -C option off the install  $bin $targetdir$bin...
> probably because of my old version of RedHat - said the -C was invalid.
>
> So make jail seems to have run, but if I try a connection from winSCP to the
> host, I get the attached screen... I'm not sure what to do at this point...I
> also tried logging onto the server as a different user, and from the $
> prompt, typing   scp TEST  tuser at myhostname:/incoming.    I'm asked for
> tuser's password, and am then returned to a $ prompt, but no file transfer
> happens.  I've attached the debug info if you're interested, but at this
> point, I think I need to educate myself more on how to accomplish the chroot
> functionality manually (that is, without using scponly).  Maybe a little
> more knowledge will help me figure out how to get scponly to work.
>
> Thanks for your help,
> Chris
>
>
> Chris Hawkins
> Leland Associates
> 1-800-959-2207
> ----- Original Message -----
> From: "wbr oblyr" <joe at sublimation.org>
> To: "Chris Hawkins" <chris.hawkins at verizon.net>
> Cc: <scponly at lists.ccs.neu.edu>
> Sent: Monday, March 17, 2003 3:24 PM
> Subject: Re: scponly
>
>
> >
> > Hi Chris,
> >
> > my initial suspicion is a PATH problem, but i cant be sure,  can you
> > confirm your PATH environment variable includes the directories containing
> > the binaries that ./configure and setup_chroot.sh are complaining about?
> >
> > also, adding the scponly user is the last step of setup_chroot.sh - you
> > could simply manually add and edit as neccesary the tuser you mentioned,
> > thus completing the installation.
> >
> > however, if you discover the problem is installation script related, or if
> > you learn any more about the problem and still cant get it to work, let me
> > know, so we can update the distro.
> >
> > thanks,
> > joe
> >
> > ----
> >
> > PGP KEY: http://www.sublimation.org/contact.html
> > PGP Key fingerprint = EC4B 0DA5 B4F6 BDDD 9176 55D6 3A6A 7D63 158F 22D2
> >
> >
> > On Mon, 17 Mar 2003, Chris Hawkins wrote:
> >
> > > Hello -
> > >
> > > I've been trying to get scponly to work... am installing on a linux box
> running an old version of RedHat (kernel 2.2.5-15).
> > >
> > > I used ./configure  --enable-chrooted-binary.  It complained that it
> couldn't find scp (which was in /usr/local/bin), so I copied scp to /usr/bin
> and tried again.  That seemed to make the configurator happy.  Ran make and
> make install with no complaint that I could tell.
> > >
> > > Next, I created a new user, tuser.  I set the home directory to
> /home/tuser, and the shell to /usr/local/sgin/scponlyc.
> > >
> > > The hangup is with make jail.  It complains that it needs useradd or pw
> to add the chrooted user. I don't have pw, but I obviously have useradd...
> have copied it to a couple different places, but to no avail.  What am I
> missing?
> > >
> > > Thanks for your help,
> > > Chris Hawkins
> > >
> > >
> > > Chris Hawkins
> > > Analyst
> > > Leland Associates
> > > 1-800-959-2207
> >
> >
>