[scponly] chroot + scp + unknown user
Skippy Lou
skippylou at gmail.com
Mon Nov 5 12:54:14 EST 2007
So after additional help from Kaleb, and strace'ing, I needed to
additionally copy libnss_files.so.2 into /home/scponly/lib64 from
/lib64.
On Nov 5, 2007 8:59 AM, ScottO <skippylou at gmail.com> wrote:
> So with Kaleb pointing out that scponly is in fact not a regular shell,
> I stopped testing with ssh and made the changes to get sftp working
> (/dev/null, libraries, etc.). However, scp doesn't seem to work in the
> chroot'ed setup, which seems to be the opposite of most posts on here -
> in that most people get scp working and not sftp first.
>
> I'm getting the unknown user output as below, which is strange, as the
> output also shows that it can match up the uid/username. LDAP is used
> to set the appropriate homedir and scponlyc shell, with authorized_keys
> doing the auth - which all seem to be working. I've setup passwd and
> group in the chroot'ed etc dir, and made sure all necessary libraries
> are there for scp (which I also copied under the usr/bin part of the
> chroot'ed environment). The debug output is below (-vv didn't give much
> more interesting insight), anyone have thoughts on this?:
>
> [testuser at desktop ~]$ scp test.txt
> testuser at chrooted_machine:/home/testuser/test.txt
> scponly[8171]: chrooted binary in place, will chroot()
> scponly[8171]: 3 arguments in total.
> scponly[8171]: arg 0 is scponlyc
> scponly[8171]: arg 1 is -c
> scponly[8171]: arg 2 is scp -t /home/testuser/test.txt
> scponly[8171]: opened log at LOG_AUTHPRIV, opts 0x00000029
> scponly[8171]: retrieved home directory of
> "/home/scponly//home/testuser" for user "testuser"
> scponly[8171]: chrooting to dir: "/home/scponly"
> scponly[8171]: chdiring to dir: "/home/testuser"
> scponly[8171]: setting uid to 1002
> scponly[8171]: processing request: "scp -t /home/testuser/test.txt"
> scponly[8171]: Found "USER" and setting it to "testuser"
> scponly[8171]: Environment contains "USER=testuser"
> scponly[8171]: running: /usr/bin/scp -t /home/testuser/test.txt
> (username: testuser(1002), IP/port: ::ffff:192.168.1.25 44198 22)
> unknown user 1002
> lost connection
>
>
More information about the scponly
mailing list