[scponly] Fedora Core 5

Kaleb Pederson kibab at icehouse.net
Thu Oct 19 23:09:58 EDT 2006 

Ralf is right.  Note also that the path indicated refers to a file that exists 
within the chroot, so the absolute path on your system would be prefixed by 
the path to your chroot.

Let us know if you still have problems.

Thanks.

--Kaleb

On Thursday 19 October 2006 7:43 pm, Ralf Durkee wrote:
> The error:
>
> Oct 19 18:39:12 linuxhost1 scponly[15207]: failed:
> /usr/libexec/openssh/sftp-server with error Permission denied(13)
> (username: scpdemo(508), IP/port: 10.0.0.100 50806 22)
>
> Is likely your problem, check the permissions on the file and each
> directory in the path.
>
> -- Ralf Durkee, CISSP, GSEC, GCIH, GSNA
> Principal Security Consultant
> http://rd1.net
>
> Bo Bruen wrote:
> > I have searched the archives and though the question has been asked I
> > haven't been able to find a response.  So here goes...
> >
> > I am running Fedora Core 5 on a 64bit system (if that is significant)
> > and am attempting to create a sftp site which will strictly control
> > our clients access to the system.
> >
> > I installed scponly as follows
> >
> > ./configure --enabled-chrooted-binary --disable-scp-compt
> > --disable-winscp-compt
> > make
> > make install
> > make jail
> >
> > I used the defaults for the jail
> >
> > I then make a user:
> > adduser -s /usr/local/sbin/scponlyc scpdemo
> >
> > gave it a password and tried to login via sftp from the localhost and
> > from a seperate system.  Both instances gave the same errors.
> >
> > The following is from /var/log/security with scponly set to debug
> > level 1:
> >
> > Oct 19 14:39:11 linuxhost1 sshd[15204]: Accepted password for scpdemo
> > from 10.0.0.100 port 50806 ssh2
> > Oct 19 14:39:11 linuxhost1 sshd[15206]: pam_unix(sshd:session):
> > session opened for user scpdemo by (uid=0)
> > Oct 19 14:39:12 linuxhost1 sshd[15206]: subsystem request for sftp
> > Oct 19 14:39:12 linuxhost1 scponly[15207]: chrooted binary in place,
> > will chroot()
> > Oct 19 14:39:12 linuxhost1 scponly[15207]: 3 arguments in total.
> > Oct 19 14:39:12 linuxhost1 scponly[15207]:     arg 0 is scponlyc
> > Oct 19 14:39:12 linuxhost1 scponly[15207]:     arg 1 is -c
> > Oct 19 14:39:12 linuxhost1 scponly[15207]:     arg 2 is
> > /usr/libexec/openssh/sftp-server
> > Oct 19 14:39:12 linuxhost1 scponly[15207]: opened log at LOG_AUTHPRIV,
> > opts 0x00000029
> > Oct 19 14:39:12 linuxhost1 scponly[15207]: retrieved home directory of
> > "/home/scpdemo" for user "scpdemo"
> > Oct 19 14:39:12 linuxhost1 scponly[15207]: chrooting to dir:
> > "/home/scpdemo"
> > Oct 19 14:39:12 linuxhost1 scponly[15207]: chdiring to dir: "/"
> > Oct 19 18:39:12 linuxhost1 scponly[15207]: setting uid to 508
> > Oct 19 18:39:12 linuxhost1 scponly[15207]: processing request:
> > "/usr/libexec/openssh/sftp-server"
> > Oct 19 18:39:12 linuxhost1 scponly[15207]: running:
> > /usr/libexec/openssh/sftp-server (username: scpdemo(508), IP/port:
> > 10.0.0.100 50806 22)
> > Oct 19 18:39:12 linuxhost1 scponly[15207]: failed:
> > /usr/libexec/openssh/sftp-server with error Permission denied(13)
> > (username: scpdemo(508), IP/port: 10.0.0.100 50806 22)
> > Oct 19 14:39:13 linuxhost1 sshd[15206]: pam_unix(sshd:session):
> > session closed for user scpdemo
> >
> > In the likely event that I miss read or misunderstood the instructions
> > and tried a variety of direcotry configurations with no changes in the
> > error message save the directory locations.  Any help would be
> > appreciated.
> >
> > --Bo
>
> _______________________________________________
> scponly mailing list
> scponly at lists.ccs.neu.edu
> https://lists.ccs.neu.edu/bin/listinfo/scponly
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : https://lists.ccs.neu.edu/pipermail/scponly/attachments/20061019/bf79a9e9/attachment.bin

More information about the scponly mailing list