[scponly] Troubles with scponly-4.8

Kaleb Pederson kaleb.pederson at gmail.com
Thu Oct 28 13:57:59 EDT 2010 

Here's a few things to try in order of increasing complexity:

1) Set the debuglevel to 1
2) run ldconfig -r /path/to/chroot -v and verify that no missing libraries are found 

[Optionally -- if you have a shell with no dependencies you can install temporarily]:
2.a) copy /bin/sash or /bin/dash (a shell with no dependencies) into the chroot, then chroot using 'chroot /path/to/chroot /bin/sash' and then run /usr/libexec/openssh/sftp-server manually and see if it runs. Don't forget to remove the shell when you're done.

3) Strace the program as illustrated here: http://sublimation.org/scponly/wiki/index.php/FAQ#I_still_can.27t_find_my_problem.2C_what_else_can_I_try.3F

#3 should provide plenty of information that will allow us to figure out what's going, but it's a slightly cumbersome process.

-- 
Kaleb Pederson

Blog - http://kalebpederson.com
Twitter - http://twitter.com/kalebpederson

On Thursday, October 28, 2010 10:44:16 am Gary Autiello wrote:
> 
> Hey Kaleb,
> 
> Thanks for your reply.
> 
> The chroot-building script did copy over the sftp-server as you can see in
> the screen shot below.  The chrooted environment for the user
> is /apps/home/garytest/:
> 
> 
> I will look for that python script, but if you have any more ideas, please
> let me know.
> 
> Thanks,
> ______________________________________
> Gary Autiello, Network +, MCITP
> Network Administrator
> Dominion Diagnostics, LLC
> x886, 401-667-0886
> 
> 
> 
> 
> 
> From:	Kaleb Pederson <kaleb.pederson at gmail.com>
> To:	Gary Autiello <gautiello at dominiondiagnostics.com>
> Cc:	scponly at lists.ccs.neu.edu
> Date:	10/28/2010 01:39 PM
> Subject:	Re: Troubles with scponly-4.8
> 
> 
> 
> Gary,
> 
> I'm CCing the list now that you're subscribed.
> 
> The following is the culprit (or at least part of the problem):
> 
> > Oct 28 17:15:09 garytest139 scponly[32425]:
> > failed: /usr/libexec/openssh/sftp-server -l INFO -f LOCAL6 with error No
> > such file or directory(2) (username: garytest(813), IP/port: 192.168.1.43
> > 49384 22)
> 
> It looks as if the sftp-server wasn't copied into the chroot.  The
> chroot-building script isn't very powerful and has some problems. I'd
> actually recommend Jailkit (http://olivier.sessink.nl/jailkit/) for
> building the chroot.
> 
> If not using Jailkit, once the basic chroot is setup and functional,
> there's a python script that I wrote that should be in the archives
> somewhere that you can use to add or update supporting libraries for
> whatever programs you want to copy into the chroot.
> 
> Once you've copied over the sftp-server, please let me know if you run into
> any problems.
> 
> --Kaleb
> 
> CONFIDENTIALITY NOTICE: This e-mail, including attachments,
> is for the sole use of the individual to whom it is addressed
> This message is confidential and may contain information that
> is privileged, confidential and is exempt from disclosure under
> applicable law. Any unauthorized review, use, disclosure or
> distribution is prohibited. If you have received this e-mail
> in error, please notify the sender by reply e-mail and destroy
> this message and its attachments
> 
>

More information about the scponly mailing list