[scponly] Installation steps of scponly on Solaris 9

Kaleb Pederson kibab at icehouse.net
Mon Jun 19 09:20:36 EDT 2006 

On Sunday 18 June 2006 3:08 am, Melanie Pfefer wrote:
[snip]
> In step 5, I created a user called 'testuser'.
> However, upon a new telnet session, and after system
> login using this user, the session is closed.

This sounds right.  If you are trying to use telnet or using su, the users 
shell will be scponly, which will look for specific arguments so that it 
knows what program to execute.  If there are no correct arguments, it will 
just exit, which is probably the behavior that you are seeing.

> If I do a ssh or a telnet using another user, the
> session opens. Then if I 'su testuser', this user can
> freely browse the filesystem.

This makes sense if they don't have scponly as their shell -- this would be 
the expected behavior.

> If I ftp to the system and authenticate using
> testuser, the ftp session works but the user can
> freely browse the file system instead of being jailed.

As Fred was getting at, ftp is not affected by scponly.  However, as you 
indicated that you were using sftp, try the following:

1) echo 1 > /usr/local/etc/scponly/debuglevel
2) Try to sftp to the account again.
3) Send us the syslog output.  It should look similar to the following:

...
scponly[2535]: 3 arguments in total.
scponly[2535]:    arg 0 is scponlyc
scponly[2535]:    arg 1 is -c
scponly[2535]:    arg 2 is /usr/lib/misc/sftp-server
scponly[2535]: opened log at LOG_AUTHPRIV, opts 0x00000009
scponly[2535]: retrieved home directory of "/home/scponly" for user "scponly"
...

If you see any extra logging, you'll need to check your syslog daemon to make 
sure it's logging those events somewhere.

Hope that helps.

--Kaleb


> Could you please advise?
>
> Thank you,
> Melanie.
>
>
>
>
> ___________________________________________________________
> To help you stay safe and secure online, we've developed the all new Yahoo!
> Security Centre. http://uk.security.yahoo.com
>
> _______________________________________________
> scponly mailing list
> scponly at lists.ccs.neu.edu
> https://lists.ccs.neu.edu/bin/listinfo/scponly
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : https://lists.ccs.neu.edu/pipermail/scponly/attachments/20060619/0df3cef5/attachment.bin

More information about the scponly mailing list