[scponly] Problem swapping to writable subdirectory - incoming with WinSCP

Adrian Jones ajones at umces.edu
Fri Feb 23 13:05:11 EST 2007 

Hi Kaleb,

First of all, sorry I don't seem to be able to get my replies to stay in the
same thread - not sure what I am doing wrong there.

Ok, I have found what we're looking for - it was in my auth.log file. So I
have included two outputs here. The first is when I log on with WinSCP,
which is when I have the problem in that it won't switch to the incoming
sub-directory. 

Feb 23 12:37:33 ian sshd[6961]: Accepted keyboard-interactive/pam for
umdaccounts from xxx.xxx.xxx.x port 2438 ssh2
Feb 23 12:37:33 ian sshd[17739]: (pam_unix) session opened for user
umdaccounts by (uid=0)
Feb 23 12:37:33 ian sshd[17739]: subsystem request for sftp
Feb 23 12:37:33 ian scponly[13109]: chrooted binary in place, will chroot()
Feb 23 12:37:33 ian scponly[13109]: 3 arguments in total.
Feb 23 12:37:33 ian scponly[13109]: ^Iarg 0 is scponlyc
Feb 23 12:37:34 ian scponly[13109]: ^Iarg 1 is -c
Feb 23 12:37:34 ian scponly[13109]: ^Iarg 2 is /usr/lib/sftp-server
Feb 23 12:37:34 ian scponly[13109]: opened log at LOG_AUTHPRIV, opts
0x00000029
Feb 23 12:37:34 ian scponly[13109]: retrieved home directory of
"/home/umdaccounts//incoming" for user "umdaccounts"
Feb 23 12:37:34 ian scponly[13109]: chrooting to dir: "/home/umdaccounts"
Feb 23 12:37:34 ian scponly[13109]: chdiring to dir: "/incoming"
Feb 23 12:37:34 ian scponly[13109]: setting uid to 1018
Feb 23 12:37:34 ian scponly[13109]: processing request:
"/usr/lib/sftp-server" 
Feb 23 12:37:34 ian scponly[13109]: running: /usr/lib/sftp-server (username:
umdaccounts(1018), IP/port: xxx.xxx.xxx.x 2438 22)


This second output is when I log on using SSH's SFT and in this case it
switches perfectly straight to the incoming sub-directory with no ability to
browse above this directory.

Feb 23 12:46:04 ian sshd[19322]: Accepted keyboard-interactive/pam for
umdaccounts from xxx.xxx.xxx.x port 2463 ssh2
Feb 23 12:46:04 ian sshd[24665]: (pam_unix) session opened for user
umdaccounts by (uid=0)
Feb 23 12:46:05 ian scponly[31640]: 1 arguments in total.
Feb 23 12:46:05 ian scponly[31640]: ^Iarg 0 is -scponlyc
Feb 23 12:46:05 ian scponly[31640]: opened log at LOG_AUTHPRIV, opts
0x00000029
Feb 23 12:46:05 ian scponly[31640]: incorrect number of args
Feb 23 12:46:05 ian sshd[24665]: subsystem request for sftp
Feb 23 12:46:05 ian scponly[7750]: chrooted binary in place, will chroot()
Feb 23 12:46:05 ian scponly[7750]: 3 arguments in total.
Feb 23 12:46:05 ian scponly[7750]: ^Iarg 0 is scponlyc
Feb 23 12:46:05 ian scponly[7750]: ^Iarg 1 is -c
Feb 23 12:46:05 ian scponly[7750]: ^Iarg 2 is /usr/lib/sftp-server
Feb 23 12:46:05 ian scponly[7750]: opened log at LOG_AUTHPRIV, opts
0x00000029
Feb 23 12:46:05 ian scponly[7750]: retrieved home directory of
"/home/umdaccounts//incoming" for user "umdaccounts"
Feb 23 12:46:05 ian scponly[7750]: chrooting to dir: "/home/umdaccounts"
Feb 23 12:46:05 ian scponly[7750]: chdiring to dir: "/incoming"
Feb 23 12:46:05 ian scponly[7750]: setting uid to 1018
Feb 23 12:46:05 ian scponly[7750]: processing request:
"/usr/lib/sftp-server" 
Feb 23 12:46:05 ian scponly[7750]: running: /usr/lib/sftp-server (username:
umdaccounts(1018), IP/port: xxx.xxx.xxx.x 2463 22)
Feb 23 12:46:05 ian sshd[24665]: session_input_channel_req: no session 0 req
window-change

I really can't see anything that suggests anything different happening. FYI,
I am using WinSCP 3.8.2(Build 330), SSH Secure Shell 3.2.9 (Build 282), and
on the Debian Sarge server it's OpenBSD Secure Shell server 3.8.1

Thanks again for any help with this,

--Adrian


----------------------------------------------------------------------------
------

Date: Thu, 22 Feb 2007 18:43:34 -0800
From: Kaleb Pederson <kibab at icehouse.net>
Subject: Re: [scponly] Problem swapping to writable subdirectory -
	incoming	with WinSCP
To: scponly at lists.ccs.neu.edu
Message-ID: <200702221843.34574.kibab at icehouse.net>
Content-Type: text/plain;  charset="iso-8859-1"

It looks like you setup logging correctly, so your syslog daemon is probably
writing to a different log file or not writing to one at all.

--Kaleb

On Wednesday 21 February 2007 12:22 pm, Adrian Jones wrote:
> Ok, well I set the debug level to 2, but I don't seem to be getting 
> very verbose output. Here is the content from my syslog after logging 
> on using WinSCP with the chrooted user:
>
> exec of /home/testuser/usr/lib/sftp-server within chroot by process 
> /usr/local/sbin/scponlyc[scponlyc:15503] uid/euid:1018/1018 
> gid/egid:100/100, parent /usr/sbin/sshd[sshd:3132] uid/euid:1018/1018 
> gid/egid:100/100
>
> Just to confirm, I did a: cat /usr/local/etc/scponly/debuglevel and 
> the output is: 2
>
> Sorry, really not sure why I am not getting more output.
>
> Thanks for your help with this,
> Adrian
>
>
>
> -----Original Message-----
> From: scponly-bounces at lists.ccs.neu.edu 
> [mailto:scponly-bounces at lists.ccs.neu.edu] On Behalf Of 
> scponly-request at lists.ccs.neu.edu
> Sent: Wednesday, February 21, 2007 9:00 AM
> To: scponly at lists.ccs.neu.edu
> Subject: scponly Digest, Vol 50, Issue 8
>
> Send scponly mailing list submissions to
> 	scponly at lists.ccs.neu.edu
>
> To subscribe or unsubscribe via the World Wide Web, visit
> 	https://lists.ccs.neu.edu/bin/listinfo/scponly
> or, via email, send a message with subject or body 'help' to
> 	scponly-request at lists.ccs.neu.edu
>
> You can reach the person managing the list at
> 	scponly-owner at lists.ccs.neu.edu
>
> When replying, please edit your Subject line so it is more specific 
> than
> "Re: Contents of scponly digest..."
>
>
> Date: Wed, 21 Feb 2007 00:51:08 -0800
> From: "Adrian Jones" <ajones at umces.edu>
> Subject: [scponly] Problem swapping to writable subdirectory -
> 	incoming with	WinSCP
> To: <scponly at lists.ccs.neu.edu>
> Message-ID: <044b01c75595$713400b0$04d27683 at adrian>
> Content-Type: text/plain; charset="us-ascii"
>
> Hi everyone.
>
> Well after a bunch of problems trying to install scponly using the 
> Debian apt package, I setup the latest unstable .deb package and 
> things seem to be working pretty well. I am using scponlyc with 
> chroot. Using the SSH SFT window the user is logged in and taken 
> straight to the incoming subfolder with no access to anything above it -
exactly what I want to have happen.
> However, with WinSCP they are take to their home directory. They can 
> see all the other folders inside home, but cannot browse above their 
> home directory. Can someone tell me why WinSCP is not taking them 
> straight to the incoming subfolder and limiting them to that folder?
>
> On a somewhat related note - I am getting transfer errors with the SHH 
> SFT window when copying files into the incoming subdirectory. The file 
> is actually transferred and seems to be fine, but I always get the 
> error. I don't get this error with WinSCP.
>
> Would appreciate any help.
>
> Thanks,
> Adrian
> -------------- next part -------------- HTML attachment scrubbed and 
> removed
>
> ------------------------------
>
> Message: 2
> Date: Wed, 21 Feb 2007 07:31:48 -0800
> From: Kaleb Pederson <kibab at icehouse.net>
> Subject: Re: [scponly] Problem swapping to writable subdirectory -
> 	incoming	with WinSCP
> To: scponly at lists.ccs.neu.edu
> Message-ID: <200702210731.48350.kibab at icehouse.net>
> Content-Type: text/plain;  charset="utf-8"
>
> Hi,
>
> Could you turn on logging and post the output?  That will help us 
> determine what's going on as there are a number of things it could be.
>
> Information on turning on logging is available here:
>
>
http://sublimation.org/scponly/wiki/index.php/FAQ#How_do_I_turn_on_logging.
>3 F
>
> Thanks.
>
> --Kaleb
>
> On Wednesday 21 February 2007 12:51 am, Adrian Jones wrote:
> > Hi everyone.
> >
> > Well after a bunch of problems trying to install scponly using the 
> > Debian apt package, I setup the latest unstable .deb package and 
> > things seem to be working pretty well. I am using scponlyc with 
> > chroot. Using the SSH SFT window the user is logged in and taken 
> > straight to the incoming subfolder with no access to anything above 
> > it -
>
> exactly what I want to have happen.
>
> > However, with WinSCP they are take to their home directory. They can 
> > see all the other folders inside home, but cannot browse above their 
> > home directory. Can someone tell me why WinSCP is not taking them 
> > straight to the incoming subfolder and limiting them to that folder?
> >
> > On a somewhat related note - I am getting transfer errors with the 
> > SHH SFT window when copying files into the incoming subdirectory. 
> > The file is actually transferred and seems to be fine, but I always 
> > get the error. I don't get this error with WinSCP.
> >
> > Would appreciate any help.
> >
> > Thanks,
> > Adrian
>
> ------------------------------
>

More information about the scponly mailing list