[scponly] Antw: Re: Problem with Suse Linux Enterpise Server 10SP1

Axel Schneck axel at schnecken-clan.de
Sat Aug 4 16:38:12 EDT 2007 

Hi Kaleb,

yes and no. Using ftp there should be no entry in ssh-logs, right.
And right, normally using ftp should be nothing to do with sssh and also scponly.

But in fact there seems to be something with it.

I user the server for ftp, sftp and scp logins. And i need chrroted environment for alle kinds of transfer.
Using ftp it's no problem to set it up for chroot.

ssh doenst support it, so I use scponly.

Using SLES10 without SP1 there was no problem, setting up a user with scponly as shell; logging in using ftp (over vsftpd) works also as using sftp/scp where scponly will do it's work.

But using a SLES10 with SP1 installation something happens in the system (and I dont know what) thats breaks ftp. As soon as scponly is setup as shell for a user I can no longer log in using ftp with this user. I alwasy get the password prompt an after entering it I'll get the error message that login was denied.
Axel

>>> Kaleb Pederson <kibab at icehouse.net> 04.08.2007 03:30 >>>
I'm not sure I understand.  FTP is not supported by scponly as it does not use 
a shell, instead it connects to an FTP service listening on (typically) port 
21.  So, if you are indeed using FTP, as you indicate, you won't see anything 
in the logs about scponly.

--Kaleb

On Friday 03 August 2007, Axel Schneck wrote:
> Hi,
> ok, now I got logging working, but....
> Logging in using ftp (that is, what's not working) will do no entry for
> scponly in the log. But the vsftpd log says:
>
> Fri Aug  3 16:47:42 2007 [pid 21635] FTP response: Client "212.18.86.73",
> "220 (vsFTPd 2.0.4)" Fri Aug  3 16:47:42 2007 [pid 21635] FTP command:
> Client "212.18.86.73", "USER testscp" Fri Aug  3 16:47:42 2007 [pid 21635]
> [testscp] FTP response: Client "212.18.86.73", "331 Please specify the
> password." Fri Aug  3 16:47:42 2007 [pid 21635] [testscp] FTP command:
> Client "212.18.86.73", "PASS <password>" Fri Aug  3 16:47:42 2007 [pid
> 21634] [testscp] FAIL LOGIN: Client "212.18.86.73" Fri Aug  3 16:47:42 2007
> [pid 21635] [testscp] FTP response: Client "212.18.86.73", "530 Login
> incorrect." Fri Aug  3 16:47:48 2007 [pid 21635] FTP command: Client
> "212.18.86.73", "QUIT" Fri Aug  3 16:47:48 2007 [pid 21635] FTP response:
> Client "212.18.86.73", "221 Goodbye."
>
> As soon as I change the shell for the user in the /etc/passwd to /bin/bash
> rather than /....scponly I can login using ftp. Also using SLES10 without
> SP1 is working with scponly as shell! So it seems to happen with packages
> coming with SLES10SP1. Axel
>
> >>> Kaleb Pederson <kibab at icehouse.net> 03.08.2007 02:42 >>>
>
> On Thursday 02 August 2007, Axel Schneck (axel at schnecken-clan.de) wrote:
> > I tried to enable debugging as described in the howto but there will
> > nothing be logged to the /var/log/messages
>
> Depending on how your logger is setup, it could easily go somewhere else.
> I've typically seen it in the following locations:
>
> /var/log/messages
> /var/log/auth.log
> /var/log/secure
>
> It's also possible that it's going nowhere, although less likely.  You
> might try grepping for 'scponly' in your log directory to see if it's in a
> different file.
>
> Thanks.
>
> --Kaleb
>
> > Regards,
> > Axel

More information about the scponly mailing list