[scponly] Solaris 10: scponlyc failing for me, too
J.D. Baldwin
scponly at baldwin.users.panix.com
Thu Apr 14 16:30:46 EDT 2005
Two issues:
Issue #1: I have been following the discussion about Paul Hyder's
problem using scponly, as I am also unable to connect via scp when
the user's shell is scponlyc (the chrooted scponly). I have tried
all of the suggestions I have read here, and done some dtrace-ing
of system calls fired by scponlyc and scp.
sftp works fine with this ID. However, when I try to scp-upload
a file, I get
scp /etc/hosts scponly at nautilus:incoming
scponly at nautilus's password:
select: Bad file number
lost connection
The verbose version is (I have edited down most of the stuff that is
identical to a successful transfer):
scp -oLogLevel=DEBUG /etc/hosts scponly at nautilus:incoming
[...]
debug1: Sending command: scp -t incoming
scponly at nautilus's password:
debug1: ssh-userauth2 successfull: method password
debug1: fd 6 setting O_NONBLOCK
debug1: fd 7 setting O_NONBLOCK
debug1: channel 0: new [client-session]
debug1: send channel open 0
debug1: Entering interactive session.
debug1: client_init id 0 arg 0
debug1: Sending command: scp -t incoming
debug1: channel 0: open confirm rwindow 0 rmax 32768
debug1: channel: 0 rcvd request for exit-status
debug1: cb_fn 267a4 cb_event 91
debug1: channel 0: rcvd eof
debug1: channel 0: output open->drain
debug1: channel 0: rcvd close
debug1: channel 0: input open->closed
debug1: channel 0: close_read
debug1: channel 0: obuf empty
debug1: channel 0: output drain->closed
debug1: channel 0: close_write
debug1: channel 0: send close
debug1: channel 0: full closed2
debug1: channel_free: channel 0: status: The following connections are open:
#0 client-session (t4 r0 i8/0 o128/0 fd -1/-1)
debug1: channel_free: channel 0: dettaching channel user
select: Bad file number
debug1: Transferred: stdin 0, stdout 0, stderr 25 bytes in 0.2 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 108.6
debug1: Exit status 255
lost connection
On the server side, here is what I get with debug level 3:
Apr 14 16:17:24 nautilus sshd[8091]: [ID 800047 auth.info]
Accepted password for scponly from 10.40.22.18 port 1004 ssh2
Apr 14 20:17:24 nautilus [8095]: [ID 699181 auth.info] running:
/bin/scp -t incoming (username: scponly(6032), IP/port:
10.40.22.18 1004 22)
I have dtrace-ed scp to look at its "open" calls and none of them fail
except for /var/ld/ld.config, which shouldn't matter. According to
dtrace, the chroot does get executed (of course) before scp takes over.
I am having an identical problem on Solaris 8 and 9 platforms, but I
am doing most of my troubleshooting on Solaris 10 because I have
dtrace available there.
I am quite sure that I have all of my library files ... I checked this
with
cd <chrootdir>
find . -type f -exec ldd {} \; | awk '{print $NF}' | sort -u > /tmp/libfiles.txt
and then checked that everything listed was represented relative to
<chrootdir>.
Any ideas?
Issue #2: I would like to set up scponlyc so that these users:
USERNAME GROUPNAME HOMEDIR
joe main /app/users/main
karen main /app/users/main
ann auxiliary /app/users/auxiliary
tim auxiliary /app/users/auxiliary
john other /app/users/other
(all scponlyc users) are all chrooted into /app/users, so that
/app/users appears to them to be the root, and I only have to build
/app/users/usr, /app/users/lib, etc. The thing is, I want each user
to be dropped off into his or her home directory when connecting.
Any ideas how to approach this? If I have to, I'll just hard-code
"chrootdir" in scponly.c and write code to do the chdir just
afterward. But maybe someone here knows an easier way?
--
_+_ From the catapult of |If anyone disagrees with any statement I make, I
_|70|___:)=}- J.D. Baldwin |am quite prepared not only to retract it, but also
\ / baldwin at panix.com|to deny under oath that I ever made it. -T. Lehrer
***~~~~-----------------------------------------------------------------------
More information about the scponly
mailing list