[scponly] scponly stopped working after last Red Hat erratum
Kaleb Pederson
kaleb.pederson at gmail.com
Tue Dec 22 15:51:47 EST 2009
On Tuesday 22 December 2009 12:33:55 pm Voetelink D. wrote:
> Hi,
>
> Since the last Red Hat erratum for openssh was released
> (http://rhn.redhat.com/errata/RHBA-2009-1668.html) scponly stopped
> working with sftp connections on RHEL5.
> I get no messages, the connection just gets closed after succesfully
> logging on.
I'm not sure of any reasons that an upgrade of that nature would cause it to fail.
I'd probably try to reinstall all the libraries in the chroot after the upgrade, this should ensure that if any of the supporting libraries have changed, the new dependencies will be present. The setup_chroot script that comes with scponly might be sufficient, but if not you could use something like JailKit or the cplibdeps script (which I'll attach). I recommend re-running it any time binaries within your chroot change.
If you're only running the sftp-server, it should be really easy to do using cplibdeps:
cplibdeps /path/to/chroot /path/to/sftp-server
If you have a lot of binaries, then you need to append the paths to the other binaries to the command above (or re-run it for each command).
Also, have you tried the debugging information available on the FAQ?
http://sublimation.org/scponly/wiki/index.php/FAQ
> When I configure the ssh server to use 'internal-sftp' it works again,
> but then the chroot-function of scponly doesn't work (which is essential
> for us.)
This bypasses scponly so it is expected behavior for the chroot not to be present.
--
Kaleb Pederson
Blog - http://kalebpederson.com
Twitter - http://twitter.com/kalebpederson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cplibdeps
Type: text/x-python
Size: 3060 bytes
Desc: not available
Url : http://lists.ccs.neu.edu/pipermail/scponly/attachments/20091222/8144c136/attachment.py
More information about the scponly
mailing list