[scponly] Another lost connection problem

Justin Alcorn justin at jalcorn.net
Wed Dec 6 13:12:06 EST 2006 

[please copy justin at jalcorn.net on replies - I haven't been approved yet]

I'm upgrading the server that I have chroot'd scp users on.  I'm using 
RHEL4 and scponly-4.6 (old server used RHEL3 and scponly-3.11)

I've set everything up as it was before, using the setup_chroot.sh 
script for the user.  /etc/shells has been updated.  After reading a lot 
of the archives, I copied a lot more library files into the jail, but no 
effect.  Here's what I get with debuglevel=2:

$ scp file scpuser at 10.x.x.x:incoming/
scpuser at 10.x.x.x's password:
scponly[8253]: chrooted binary in place, will chroot()
scponly[8253]: 3 arguments in total.
scponly[8253]:  arg 0 is scponlyc
scponly[8253]:  arg 1 is -c
scponly[8253]:  arg 2 is scp -t incoming/
scponly[8253]: opened log at LOG_AUTHPRIV, opts 0x00000029
scponly[8253]: retrieved home directory of "/home/ftpusers/scpuser" for 
user "scpuser"
scponly[8253]: chrooting to dir: "/home/ftpusers/scpuser"
scponly[8253]: chdiring to dir: "/"
scponly[8253]: setting uid to 504
scponly[8253]: processing request: "scp -t incoming/"
scponly[8253]: denied request: scp -t incoming/ [username: scpuser(504), 
IP/port: ::ffff:10.y.y.y 56642 22]
lost connection


Here's the jail:

[/home/ftpusers/scpuser]# ls -lR
.:
total 40
drwxr-xr-x  2 root     root     4096 Aug 19  2004 bin
drwxr-xr-x  2 root     root     4096 Dec  6 11:44 etc
drwxr-xr-x  2 scpuser scpuser 4096 Oct  1 09:01 incoming
drwxr-xr-x  3 root     root     4096 Dec  6 11:38 lib
drwxr-xr-x  6 root     root     4096 Aug 19  2004 usr

./bin:
total 368
-rwxr-xr-x  1 root root 18076 Aug 19  2004 chgrp
-rwxr-xr-x  1 root root 18076 Aug 19  2004 chmod
-rwxr-xr-x  1 root root 19836 Aug 19  2004 chown
-rwxr-xr-x  1 root root 16792 Dec  6 10:52 echo
-rwxr-xr-x  1 root root  6785 Aug 19  2004 groups
-rwxr-xr-x  1 root root 22204 Aug 19  2004 ln
-rwxr-xr-x  1 root root 68660 Aug 19  2004 ls
-rwxr-xr-x  1 root root 18524 Aug 19  2004 mkdir
-rwxr-xr-x  1 root root 52148 Aug 19  2004 mv
-rwxr-xr-x  1 root root 16544 Dec  6 10:52 pwd
-rwxr-xr-x  1 root root 26652 Aug 19  2004 rm
-rwxr-xr-x  1 root root 11932 Aug 19  2004 rmdir

./etc:
total 32
-rw-r--r--  1 root root 2518 Dec  6 11:40 ld.so.cache
-rwxr-xr-x  1 root root   54 Dec  6 11:44 ld.so.conf
-rwxr-xr-x  1 root root   42 Dec  6 11:44 ld.so.conf.old
-rw-r--r--  1 root root   69 Dec  6 11:43 passwd

./incoming:
total 0

./lib:
total 9604
lrwxrwxrwx  1 root root      13 Dec  6 11:25 ld-2.3.4.so -> ld-linux.so.2
-rwxr-xr-x  1 root root  106397 Dec  6 10:52 ld-linux.so.2
-rwxr-xr-x  1 root root   19248 Aug 19  2004 libacl.so.1
-rwxr-xr-x  1 root root    7148 Aug 19  2004 libattr.so.1
-rwxr-xr-x  1 root root   60116 Dec  6 11:38 libaudit.so.0
-rwxr-xr-x  1 root root    7004 Dec  6 10:52 libcom_err.so.2
-rwxr-xr-x  1 root root  941024 Dec  6 10:52 libcrypto.so.4
-rwxr-xr-x  1 root root   27191 Dec  6 10:52 libcrypt.so.1
-rwxr-xr-x  1 root root   15324 Dec  6 10:52 libdl.so.2
-rwxr-xr-x  1 root root   94746 Dec  6 10:52 libnsl.so.1
-rwxr-xr-x  1 root root   34541 Dec  6 11:27 libnss1_compat-2.3.4.so
-rwxr-xr-x  1 root root   34541 Dec  6 11:27 libnss1_compat.so.1
-rwxr-xr-x  1 root root   16740 Dec  6 11:27 libnss1_dns-2.3.4.so
-rwxr-xr-x  1 root root   16740 Dec  6 11:27 libnss1_dns.so.1
-rwxr-xr-x  1 root root   41119 Dec  6 11:27 libnss1_files-2.3.4.so
-rwxr-xr-x  1 root root   41119 Dec  6 11:27 libnss1_files.so.1
-rwxr-xr-x  1 root root   37754 Dec  6 11:27 libnss1_nis-2.3.4.so
-rwxr-xr-x  1 root root   37754 Dec  6 11:27 libnss1_nis.so.1
-rwxr-xr-x  1 root root   37276 Aug 19  2004 libnss_compat-2.3.2.so
-rwxr-xr-x  1 root root   39595 Dec  6 10:52 libnss_compat-2.3.4.so
-rwxr-xr-x  1 root root   34541 Dec  6 10:52 libnss_compat.so.1
-rwxr-xr-x  1 root root   39595 Dec  6 10:52 libnss_compat.so.2
-rwxr-xr-x  1 root root  548068 Dec  6 11:27 libnss_db.so.2
-rwxr-xr-x  1 root root  548068 Dec  6 11:27 libnss_db.so.2.0.0
-rwxr-xr-x  1 root root   21280 Dec  6 11:27 libnss_dns-2.3.4.so
-rwxr-xr-x  1 root root   16740 Dec  6 11:27 libnss_dns.so.1
-rwxr-xr-x  1 root root   21280 Dec  6 11:27 libnss_dns.so.2
-rwxr-xr-x  1 root root   45889 Dec  6 11:27 libnss_files-2.3.4.so
-rwxr-xr-x  1 root root   41119 Dec  6 11:27 libnss_files.so.1
-rwxr-xr-x  1 root root   45889 Dec  6 11:27 libnss_files.so.2
-rwxr-xr-x  1 root root   22118 Dec  6 11:27 libnss_hesiod-2.3.4.so
-rwxr-xr-x  1 root root   22118 Dec  6 11:27 libnss_hesiod.so.2
-rwxr-xr-x  1 root root 2285888 Dec  6 11:27 libnss_ldap-2.3.4.so
-rwxr-xr-x  1 root root 2285888 Dec  6 11:27 libnss_ldap.so.2
-rwxr-xr-x  1 root root   41463 Dec  6 11:27 libnss_nis-2.3.4.so
-rwxr-xr-x  1 root root   54452 Dec  6 11:27 libnss_nisplus-2.3.4.so
-rwxr-xr-x  1 root root   54452 Dec  6 11:27 libnss_nisplus.so.2
-rwxr-xr-x  1 root root   37754 Dec  6 11:27 libnss_nis.so.1
-rwxr-xr-x  1 root root   41463 Dec  6 11:27 libnss_nis.so.2
-rwxr-xr-x  1 root root   15584 Dec  6 11:27 libnss_winbind.so
-rwxr-xr-x  1 root root   15584 Dec  6 11:27 libnss_winbind.so.2
-rwxr-xr-x  1 root root  706088 Dec  6 11:27 libnss_wins.so
-rwxr-xr-x  1 root root  706088 Dec  6 11:27 libnss_wins.so.2
-rwxr-xr-x  1 root root   32024 Dec  6 11:38 libpam.so.0
-rwxr-xr-x  1 root root   79488 Dec  6 10:52 libresolv.so.2
-rwxr-xr-x  1 root root   56328 Dec  6 10:52 libselinux.so.1
-rwxr-xr-x  1 root root   11784 Aug 19  2004 libtermcap.so.2
-rwxr-xr-x  1 root root   14542 Dec  6 10:52 libutil.so.1
drwxr-xr-x  2 root root    4096 Aug 19  2004 tls

./lib/tls:
total 1432
-rwxr-xr-x  1 root root 1454802 Dec  6 10:52 libc.so.6

./usr:
total 32
drwxr-xr-x  2 root root 4096 Aug 19  2004 bin
drwxr-xr-x  3 root root 4096 Aug 19  2004 kerberos
drwxr-xr-x  2 root root 4096 Dec  6 11:36 lib
drwxr-xr-x  3 root root 4096 Aug 19  2004 libexec

./usr/bin:
total 72
-rwxr-xr-x  1 root root  1675 Dec  6 10:52 groups
-rwxr-xr-x  1 root root 19628 Dec  6 10:52 id
-rwxr-xr-x  1 root root 32844 Aug 19  2004 scp

./usr/kerberos:
total 8
drwxr-xr-x  2 root root 4096 Aug 19  2004 lib

./usr/kerberos/lib:
total 472
-rwxr-xr-x  1 root root   5572 Aug 19  2004 libcom_err.so.3
-rwxr-xr-x  1 root root  63880 Aug 19  2004 libk5crypto.so.3
-rwxr-xr-x  1 root root 385220 Aug 19  2004 libkrb5.so.3

./usr/lib:
total 756
-rwxr-xr-x  1 root root  82944 Dec  6 10:52 libgssapi_krb5.so.2
-rwxr-xr-x  1 root root 136016 Dec  6 10:52 libk5crypto.so.3
-rwxr-xr-x  1 root root 415188 Dec  6 10:52 libkrb5.so.3
-rwxr-xr-x  1 root root  28504 Dec  6 11:36 libwrap.so.0
-rwxr-xr-x  1 root root  63624 Dec  6 10:52 libz.so.1

./usr/libexec:
total 8
drwxr-xr-x  2 root root 4096 Aug 19  2004 openssh

./usr/libexec/openssh:
total 36
-rwxr-xr-x  1 root root 30784 Dec  6 10:52 sftp-server

More information about the scponly mailing list