[scponly] winscp and request denied
Tom Van de Wiele
tom at uniskill.com
Tue Aug 30 10:51:04 EDT 2005
Hello list
I've set up scponly 4.1 on a testbox fedora core 3 machine and created a user using "make jail". The user has /usr/local/sbin/scponlyc setup as his shell and the /var/www/user101 directory as his homedirectory. The chroot-binary option was specified when compiling scponly (the winscp option is enabled by default). When trying to login using winscp 3.x, it fails and gives the errormessage "error skipping startup message. Your shell is probably incompatible with the application (BASH is recommended)" and then disconnects. When enabling debug mode (echo "1" > /usr/local/etc/scponly/debuglevel) I get the following:
Aug 30 16:47:21 box sshd[15055]: Accepted password for user101 from ::ffff:192.168.150.5 port 33958 ssh2
Aug 30 16:47:21 box [15058]: chrooted binary in place, will chroot()
Aug 30 16:47:21 box [15058]: 3 arguments in total.
Aug 30 16:47:21 box [15058]: arg 0 is scponlyc
Aug 30 16:47:21 box [15058]: arg 1 is -c
Aug 30 16:47:21 box [15058]: arg 2 is /usr/local/sbin/scponlyc
Aug 30 16:47:21 box [15058]: opened log at LOG_AUTHPRIV, opts 0x00000009
Aug 30 16:47:21 box [15058]: retrieved home directory of "/var/www/user101" for user "user101"
Aug 30 16:47:21 box [15058]: chrooting to dir: "/var/www/user101"
Aug 30 16:47:21 box [15058]: chdiring to dir: "/"
Aug 30 16:47:21 box [15058]: setting uid to 518
Aug 30 16:47:21 box [15058]: processing request: "/usr/local/sbin/scponlyc"
Aug 30 16:47:21 box [15058]: denied request: /usr/local/sbin/scponlyc (resolved to: scponlyc) [username: user101(518), IP/port: ::ffff:192.168.150.5 33958 22]
Specifying a different shell such as /usr/local/sbin/scponlyc in the winscp profile of the site doesn't solve this issue. Any ideas what is going on here? I saw there was a patch for the FreeBSD ports for this, but this could be unrelated to this problem.
Any ideas are welcome
Cheers
Tom
--
Tom Van de Wiele, CISSP
Security Engineer
UNISKILL nv
Bilksken 36 B
9920 Lovendegem
Belgium
http://www.uniskill.com
Tel: +32(0)9 376 41 53
Fax: +32(0)9 376 41 54
Mobile: +32(0)497 585 749
Key fingerprint : DF24 89C2 C683 7896 7BC9 AE18 E4B3 126B CC99 FE29
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the scponly
mailing list