[scponly] Re: scponly Digest, Vol 14, Issue 2
Ivan Cohen
texasfunambule at yahoo.com
Wed Feb 11 10:01:31 EST 2004
I finally installed scponly on my SuSE 9.0.
One mistake I had done was to download and untar as
non-root, and files ended up with unexpected owner.
Copying to ~root/ (as root) brought things back to
work.
I tried to sftp: chrooting works great.
Except for a mistake from my side, install works
nicely (just had to manually execute the commands to
install scponlyc).
Many thanks!
Ivan
--- scponly-request at lists.ccs.neu.edu wrote:
> Send scponly mailing list submissions to
> scponly at lists.ccs.neu.edu
>
> To subscribe or unsubscribe via the World Wide Web,
> visit
> https://lists.ccs.neu.edu/bin/listinfo/scponly
> or, via email, send a message with subject or body
> 'help' to
> scponly-request at lists.ccs.neu.edu
>
> You can reach the person managing the list at
> scponly-owner at lists.ccs.neu.edu
>
> When replying, please edit your Subject line so it
> is more specific
> than "Re: Contents of scponly digest..."
>
>
> Today's Topics:
>
> 1. SuSE 9.0 (Ivan Cohen)
> 2. .ssh (Charles Fry)
> 3. Re: SuSE 9.0 (Ralf Durkee)
> 4. Re: .ssh (Tony J. White)
> 5. Re: SuSE 9.0 (Ivan Cohen)
> 6. Re: SuSE 9.0 (Ralf Durkee)
>
>
>
----------------------------------------------------------------------
>
> Date: Tue, 10 Feb 2004 13:28:59 -0800 (PST)
> From: Ivan Cohen <texasfunambule at yahoo.com>
> To: scponly at lists.ccs.neu.edu
> Subject: [scponly] SuSE 9.0
> Message-ID:
> <20040210212859.47594.qmail at web13205.mail.yahoo.com>
> Content-Type: text/plain; charset=us-ascii
> MIME-Version: 1.0
> Precedence: list
> Message: 1
>
> Hi,
>
> I tried to install scponly with chroot on SuSE 9.0,
> and had problems with 'make jail'.
>
> First steps (1-6) work ok (just had to install gcc
> and
> make which weren't installed by default on my
> setup).
> (more significant (?) step 4: I had to manually
> install scponlyc)
>
> Step 7 'make jail' failed with message
> './setup_shroot.sh this script requires the program
> adduser or pw to add your chrooted scponly user.'
> useradd is there though... ('useradd --help' gives
> appropriate message)
>
> Any clue?
>
> Thanks
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Finance: Get your refund fast by filing
> online.
> http://taxes.yahoo.com/filing.html
>
> ------------------------------
>
> Date: Tue, 10 Feb 2004 16:48:23 -0500
> From: Charles Fry <scponly at frogcircus.org>
> To: scponly at lists.ccs.neu.edu
> Subject: [scponly] .ssh
> Message-ID: <20040210214823.GA32234 at frogcircus.org>
> Content-Type: text/plain; charset=us-ascii
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> Precedence: list
> Message: 2
>
> My copy of setup_chroot.sh contains the warning:
>
> "Next we need to set the home directory for this
> scponly user.
> please note that the user's home directory MUST NOT
> be writeable
> by the scponly user. this is important so that the
> scponly user
> cannot subvert the .ssh configuration parameters.
>
> "for this reason, a writeable subdirectory will be
> created that
> the scponly user can write into."
>
> Can someone please explain how this could be a
> security vulnerability? I
> used scpjailer, and it doesn't seem to create any
> .ssh configuration
> parameters.
>
> thanks,
> Charles
>
> --
> Candidate says
> Campaign
> Confusing
> Babies kiss me
> Since I've been using
> Burma-Shave
> http://frogcircus.org/burmashave/1950/candidate_says
>
> ------------------------------
>
> Date: Tue, 10 Feb 2004 17:21:25 -0500
> From: Ralf Durkee <rd at rd1.net>
> To: Ivan Cohen <texasfunambule at yahoo.com>,
> scponly at lists.ccs.neu.edu
> Subject: Re: [scponly] SuSE 9.0
> Message-ID:
> <5.1.0.14.2.20040210171953.03a41868 at ssl.rd1.net>
> In-Reply-To:
> <20040210212859.47594.qmail at web13205.mail.yahoo.com>
> Content-Type: text/plain; charset="us-ascii";
> format=flowed
> MIME-Version: 1.0
> Precedence: list
> Message: 3
>
> At 01:28 PM 2/10/2004 -0800, Ivan Cohen wrote:
> >Hi,
> >
> >I tried to install scponly with chroot on SuSE 9.0,
> >and had problems with 'make jail'.
> >
> >First steps (1-6) work ok (just had to install gcc
> and
> >make which weren't installed by default on my
> setup).
> >(more significant (?) step 4: I had to manually
> >install scponlyc)
> >
> >Step 7 'make jail' failed with message
> >'./setup_shroot.sh this script requires the program
> >adduser or pw to add your chrooted scponly user.'
> >useradd is there though... ('useradd --help' gives
> >appropriate message)
> >
> >Any clue?
> >
> >Thanks
>
> If don't run the configure script as root, or with
> the correct PATH, then
> it may not find useradd in the PATH.
>
>
> -- Ralf Durkee, GSEC, GCIH
> Information Security Consultant
> http://rd1.net
>
>
> ------------------------------
>
> Date: Tue, 10 Feb 2004 16:33:47 -0600
> From: "Tony J. White" <tjw at webteam.net>
> To: Charles Fry <scponly at frogcircus.org>
> Cc: scponly at lists.ccs.neu.edu
> Subject: Re: [scponly] .ssh
> Message-ID: <20040210223347.GF13114 at morbo.tjw.org>
> In-Reply-To: <20040210214823.GA32234 at frogcircus.org>
> References: <20040210214823.GA32234 at frogcircus.org>
> Content-Type: multipart/signed; micalg=pgp-sha1;
> protocol="application/pgp-signature";
> boundary="65ImJOski3p8EhYV"
> MIME-Version: 1.0
> Precedence: list
> Message: 4
>
>
> --65ImJOski3p8EhYV
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: inline
> Content-Transfer-Encoding: quoted-printable
>
>
> > "Next we need to set the home directory for this
> scponly user.
> > please note that the user's home directory MUST
> NOT be writeable
> > by the scponly user. this is important so that
> the scponly user
> > cannot subvert the .ssh configuration parameters.
> >=20
> > "for this reason, a writeable subdirectory will be
> created that
> > the scponly user can write into."
> >=20
> > Can someone please explain how this could be a
> security
=== message truncated ===
__________________________________
Do you Yahoo!?
Yahoo! Finance: Get your refund fast by filing online.
http://taxes.yahoo.com/filing.html
More information about the scponly
mailing list