[scponly] unable to rsync with rsync-enabled scponlyc ...
Hideyuki KURASHINA
rushani at bl.mmtr.or.jp
Thu Oct 27 01:42:36 EDT 2005
Hi,
>>> On Wed, 26 Oct 2005 16:38:53 -0400 (EDT), user <user at dhp.com> said:
>
> I have installed scponly on a FreeBSD 5.4 system, using the compile time
> options:
>
> WITH_SCPONLY_CHROOT="yes" WITH_SCPONLY_RSYNC="yes"
Thanks for using FreeBSD port.
> It has been working fine for me - I have successfully scp'd documents to
> my target users on the host that have the scponlyc shell specified as
> their shell. I have tested the chroot cage, and that works as well.
>
> I cannot, however, rsync as those user.
>
> When I try to rsync files to that user at host, I get this error:
>
> rsync: connection unexpectedly closed (0 bytes received so far) [sender]
> rsync error: error in rsync protocol data stream (code 12) at io.c(365)
>
> Here is a small transcript that shows I can successfully scp a file, but
> not rsync:
>
> #
> #
> # scp hepper good at 192.168.0.4:/good
> Password:
> hepper
> 100% 0 0.0KB/s 00:00
> #
> # rsync -avz -e ssh hepper good at 192.168.0.4:/good
^^^^^^
> Password:
> rsync: connection unexpectedly closed (0 bytes received so far) [sender]
> rsync error: error in rsync protocol data stream (code 12) at io.c(365)
> #
> #
I think this is just a design, but not a bug.
rssh and scponly arbitrary command execution
http://www.securityfocus.com/archive/1/383046
found by Jason Wies will show the answer (This vulnerability was fixed
in scponly v4.0).
How about using environmental variable RSYNC_RSH rather than '-e ssh' ?
-- rushani
More information about the scponly
mailing list