[scponly] Need help with chrooted scponly 4.6 on centos 5

Security Team security at peakpeak.com
Wed Sep 12 13:26:33 EDT 2007 

Hello!

I have done a lot, could really use some help here!  Here is all that I did.

For the user userguy I have this in /etc/passwd

userguy:x:816:817::/home/userguy:/usr/local/sbin/scponlyc

I do have suid on root:

# ls -l /usr/local/sbin/scponlyc
-rwsr-xr-x 1 root root 33462 Sep 12 07:15 /usr/local/sbin/scponlyc

I ran the chroot jail-making script and have this for the home dir
structure:

# ls -l /home | grep userguy
drwxr-xr-x   7 root                root    4096 Sep 12 07:06 userguy

# ls -l /home/userguy
total 20
drwxr-xr-x 2 root   root   4096 Sep 12 07:06 bin
drwxr-xr-x 2 root   root   4096 Sep 12 07:06 etc
drwxr-xr-x 2 userguy userguy 4096 Sep 12 07:06 incoming
drwxr-xr-x 2 root   root   4096 Sep 12 07:06 lib
drwxr-xr-x 5 root   root   4096 Sep 12 07:06 usr

In /etc/ssh/sshd_config I have:

Subsystem       sftp    /usr/local/sbin/scponlyc

And finally, I built scponly with these options (here is my build script):
--------
tar xvfz scponly-4.6.tgz
cd scponly-4.6

./configure -enable-chrooted-binary --enable-sftp-logging-compat
--enable-rsync-compat \
        --enable-scp-compat --enable-quota-compat --disable-chroot-checkdir

make
make install
chmod +x ./setup_chroot.sh
echo 2 > /usr/local/etc/scponly/debuglevel
chmod 4755 /usr/local/sbin/scponlyc
echo "/usr/local/sbin/scponlyc" >> /etc/shells
--------

When I try to log in over sftp (after opening the firewall) I get these
messages.  I'm at a loss here, can anyone suggest anything?

Thanks,
Chris

Sep 12 08:32:57 teton1 sshd[18674]: Accepted password for userguy from
199.165.157.152 port 64461 ssh2
Sep 12 08:32:57 teton1 sshd[18674]: pam_unix(sshd:session): session opened
for user userguy by (uid=0)
Sep 12 08:32:57 teton1 sshd[18676]: subsystem request for sftp
Sep 12 08:32:57 teton1 scponly[18677]: chrooted binary in place, will
chroot()
Sep 12 08:32:57 teton1 scponly[18677]: 3 arguments in total.
Sep 12 08:32:57 teton1 scponly[18677]:  arg 0 is scponlyc
Sep 12 08:32:57 teton1 scponly[18677]:  arg 1 is -c
Sep 12 08:32:57 teton1 scponly[18677]:  arg 2 is /usr/local/sbin/scponlyc
Sep 12 08:32:57 teton1 scponly[18677]: opened log at LOG_AUTHPRIV, opts
0x00000029
Sep 12 08:32:57 teton1 scponly[18677]: retrieved home directory of
"/home/userguy" for user "userguy"
Sep 12 08:32:57 teton1 scponly[18677]: chrooting to dir: "/home/userguy"
Sep 12 08:32:57 teton1 scponly[18677]: chdiring to dir: "/"
Sep 12 14:32:57 teton1 scponly[18677]: setting uid to 816
Sep 12 14:32:57 teton1 scponly[18677]: processing request:
"/usr/local/sbin/scponlyc"
Sep 12 14:32:57 teton1 scponly[18677]: denied request:
/usr/local/sbin/scponlyc (resolved to: scponlyc) [username: userguy(816),
IP/port: 192.168.10.5 64461 22]
Sep 12 08:32:57 teton1 sshd[18674]: pam_unix(sshd:session): session closed
for user userguy

More information about the scponly mailing list