[scponly] Another lost connection problem

Paul Hyder Paul.Hyder at noaa.gov
Wed Dec 6 14:05:43 EST 2006 

Jason,
This message indicates that scp is not one of your permitted commands.

You probably just need to re-run configure with --enable-scp-compat added
to your selected configure options.  [It now defaults to disabled.]
	Paul Hyder
	NOAA Earth System Research Laboratory, Global Systems Division
	Boulder, CO

Justin Alcorn wrote:
> [please copy justin at jalcorn.net on replies - I haven't been approved yet]
> 
> I'm upgrading the server that I have chroot'd scp users on.  I'm using 
> RHEL4 and scponly-4.6 (old server used RHEL3 and scponly-3.11)
> 
> I've set everything up as it was before, using the setup_chroot.sh 
> script for the user.  /etc/shells has been updated.  After reading a lot 
> of the archives, I copied a lot more library files into the jail, but no 
> effect.  Here's what I get with debuglevel=2:
> 
> $ scp file scpuser at 10.x.x.x:incoming/
> scpuser at 10.x.x.x's password:
> scponly[8253]: chrooted binary in place, will chroot()
> scponly[8253]: 3 arguments in total.
> scponly[8253]:  arg 0 is scponlyc
> scponly[8253]:  arg 1 is -c
> scponly[8253]:  arg 2 is scp -t incoming/
> scponly[8253]: opened log at LOG_AUTHPRIV, opts 0x00000029
> scponly[8253]: retrieved home directory of "/home/ftpusers/scpuser" for 
> user "scpuser"
> scponly[8253]: chrooting to dir: "/home/ftpusers/scpuser"
> scponly[8253]: chdiring to dir: "/"
> scponly[8253]: setting uid to 504
> scponly[8253]: processing request: "scp -t incoming/"
> scponly[8253]: denied request: scp -t incoming/ [username: scpuser(504), 
> IP/port: ::ffff:10.y.y.y 56642 22]
> lost connection
> 
> 
> Here's the jail:
> 
> [/home/ftpusers/scpuser]# ls -lR
> .:
> total 40
> drwxr-xr-x  2 root     root     4096 Aug 19  2004 bin
> drwxr-xr-x  2 root     root     4096 Dec  6 11:44 etc
> drwxr-xr-x  2 scpuser scpuser 4096 Oct  1 09:01 incoming
> drwxr-xr-x  3 root     root     4096 Dec  6 11:38 lib
> drwxr-xr-x  6 root     root     4096 Aug 19  2004 usr
> 
> ./bin:
> total 368
> -rwxr-xr-x  1 root root 18076 Aug 19  2004 chgrp
> -rwxr-xr-x  1 root root 18076 Aug 19  2004 chmod
> -rwxr-xr-x  1 root root 19836 Aug 19  2004 chown
> -rwxr-xr-x  1 root root 16792 Dec  6 10:52 echo
> -rwxr-xr-x  1 root root  6785 Aug 19  2004 groups
> -rwxr-xr-x  1 root root 22204 Aug 19  2004 ln
> -rwxr-xr-x  1 root root 68660 Aug 19  2004 ls
> -rwxr-xr-x  1 root root 18524 Aug 19  2004 mkdir
> -rwxr-xr-x  1 root root 52148 Aug 19  2004 mv
> -rwxr-xr-x  1 root root 16544 Dec  6 10:52 pwd
> -rwxr-xr-x  1 root root 26652 Aug 19  2004 rm
> -rwxr-xr-x  1 root root 11932 Aug 19  2004 rmdir
> 
> ./etc:
> total 32
> -rw-r--r--  1 root root 2518 Dec  6 11:40 ld.so.cache
> -rwxr-xr-x  1 root root   54 Dec  6 11:44 ld.so.conf
> -rwxr-xr-x  1 root root   42 Dec  6 11:44 ld.so.conf.old
> -rw-r--r--  1 root root   69 Dec  6 11:43 passwd
> 
> ./incoming:
> total 0
> 
> ./lib:
> total 9604
> lrwxrwxrwx  1 root root      13 Dec  6 11:25 ld-2.3.4.so -> ld-linux.so.2
> -rwxr-xr-x  1 root root  106397 Dec  6 10:52 ld-linux.so.2
> -rwxr-xr-x  1 root root   19248 Aug 19  2004 libacl.so.1
> -rwxr-xr-x  1 root root    7148 Aug 19  2004 libattr.so.1
> -rwxr-xr-x  1 root root   60116 Dec  6 11:38 libaudit.so.0
> -rwxr-xr-x  1 root root    7004 Dec  6 10:52 libcom_err.so.2
> -rwxr-xr-x  1 root root  941024 Dec  6 10:52 libcrypto.so.4
> -rwxr-xr-x  1 root root   27191 Dec  6 10:52 libcrypt.so.1
> -rwxr-xr-x  1 root root   15324 Dec  6 10:52 libdl.so.2
> -rwxr-xr-x  1 root root   94746 Dec  6 10:52 libnsl.so.1
> -rwxr-xr-x  1 root root   34541 Dec  6 11:27 libnss1_compat-2.3.4.so
> -rwxr-xr-x  1 root root   34541 Dec  6 11:27 libnss1_compat.so.1
> -rwxr-xr-x  1 root root   16740 Dec  6 11:27 libnss1_dns-2.3.4.so
> -rwxr-xr-x  1 root root   16740 Dec  6 11:27 libnss1_dns.so.1
> -rwxr-xr-x  1 root root   41119 Dec  6 11:27 libnss1_files-2.3.4.so
> -rwxr-xr-x  1 root root   41119 Dec  6 11:27 libnss1_files.so.1
> -rwxr-xr-x  1 root root   37754 Dec  6 11:27 libnss1_nis-2.3.4.so
> -rwxr-xr-x  1 root root   37754 Dec  6 11:27 libnss1_nis.so.1
> -rwxr-xr-x  1 root root   37276 Aug 19  2004 libnss_compat-2.3.2.so
> -rwxr-xr-x  1 root root   39595 Dec  6 10:52 libnss_compat-2.3.4.so
> -rwxr-xr-x  1 root root   34541 Dec  6 10:52 libnss_compat.so.1
> -rwxr-xr-x  1 root root   39595 Dec  6 10:52 libnss_compat.so.2
> -rwxr-xr-x  1 root root  548068 Dec  6 11:27 libnss_db.so.2
> -rwxr-xr-x  1 root root  548068 Dec  6 11:27 libnss_db.so.2.0.0
> -rwxr-xr-x  1 root root   21280 Dec  6 11:27 libnss_dns-2.3.4.so
> -rwxr-xr-x  1 root root   16740 Dec  6 11:27 libnss_dns.so.1
> -rwxr-xr-x  1 root root   21280 Dec  6 11:27 libnss_dns.so.2
> -rwxr-xr-x  1 root root   45889 Dec  6 11:27 libnss_files-2.3.4.so
> -rwxr-xr-x  1 root root   41119 Dec  6 11:27 libnss_files.so.1
> -rwxr-xr-x  1 root root   45889 Dec  6 11:27 libnss_files.so.2
> -rwxr-xr-x  1 root root   22118 Dec  6 11:27 libnss_hesiod-2.3.4.so
> -rwxr-xr-x  1 root root   22118 Dec  6 11:27 libnss_hesiod.so.2
> -rwxr-xr-x  1 root root 2285888 Dec  6 11:27 libnss_ldap-2.3.4.so
> -rwxr-xr-x  1 root root 2285888 Dec  6 11:27 libnss_ldap.so.2
> -rwxr-xr-x  1 root root   41463 Dec  6 11:27 libnss_nis-2.3.4.so
> -rwxr-xr-x  1 root root   54452 Dec  6 11:27 libnss_nisplus-2.3.4.so
> -rwxr-xr-x  1 root root   54452 Dec  6 11:27 libnss_nisplus.so.2
> -rwxr-xr-x  1 root root   37754 Dec  6 11:27 libnss_nis.so.1
> -rwxr-xr-x  1 root root   41463 Dec  6 11:27 libnss_nis.so.2
> -rwxr-xr-x  1 root root   15584 Dec  6 11:27 libnss_winbind.so
> -rwxr-xr-x  1 root root   15584 Dec  6 11:27 libnss_winbind.so.2
> -rwxr-xr-x  1 root root  706088 Dec  6 11:27 libnss_wins.so
> -rwxr-xr-x  1 root root  706088 Dec  6 11:27 libnss_wins.so.2
> -rwxr-xr-x  1 root root   32024 Dec  6 11:38 libpam.so.0
> -rwxr-xr-x  1 root root   79488 Dec  6 10:52 libresolv.so.2
> -rwxr-xr-x  1 root root   56328 Dec  6 10:52 libselinux.so.1
> -rwxr-xr-x  1 root root   11784 Aug 19  2004 libtermcap.so.2
> -rwxr-xr-x  1 root root   14542 Dec  6 10:52 libutil.so.1
> drwxr-xr-x  2 root root    4096 Aug 19  2004 tls
> 
> ./lib/tls:
> total 1432
> -rwxr-xr-x  1 root root 1454802 Dec  6 10:52 libc.so.6
> 
> ./usr:
> total 32
> drwxr-xr-x  2 root root 4096 Aug 19  2004 bin
> drwxr-xr-x  3 root root 4096 Aug 19  2004 kerberos
> drwxr-xr-x  2 root root 4096 Dec  6 11:36 lib
> drwxr-xr-x  3 root root 4096 Aug 19  2004 libexec
> 
> ./usr/bin:
> total 72
> -rwxr-xr-x  1 root root  1675 Dec  6 10:52 groups
> -rwxr-xr-x  1 root root 19628 Dec  6 10:52 id
> -rwxr-xr-x  1 root root 32844 Aug 19  2004 scp
> 
> ./usr/kerberos:
> total 8
> drwxr-xr-x  2 root root 4096 Aug 19  2004 lib
> 
> ./usr/kerberos/lib:
> total 472
> -rwxr-xr-x  1 root root   5572 Aug 19  2004 libcom_err.so.3
> -rwxr-xr-x  1 root root  63880 Aug 19  2004 libk5crypto.so.3
> -rwxr-xr-x  1 root root 385220 Aug 19  2004 libkrb5.so.3
> 
> ./usr/lib:
> total 756
> -rwxr-xr-x  1 root root  82944 Dec  6 10:52 libgssapi_krb5.so.2
> -rwxr-xr-x  1 root root 136016 Dec  6 10:52 libk5crypto.so.3
> -rwxr-xr-x  1 root root 415188 Dec  6 10:52 libkrb5.so.3
> -rwxr-xr-x  1 root root  28504 Dec  6 11:36 libwrap.so.0
> -rwxr-xr-x  1 root root  63624 Dec  6 10:52 libz.so.1
> 
> ./usr/libexec:
> total 8
> drwxr-xr-x  2 root root 4096 Aug 19  2004 openssh
> 
> ./usr/libexec/openssh:
> total 36
> -rwxr-xr-x  1 root root 30784 Dec  6 10:52 sftp-server
> 
> 
> 
> 
> 
> _______________________________________________
> scponly mailing list
> scponly at lists.ccs.neu.edu
> https://lists.ccs.neu.edu/bin/listinfo/scponly

More information about the scponly mailing list