[scponly] scponly on AIX with IBMs patches to OpenSSH

Eckert, Doug Doug.Eckert at dowjones.com
Thu Oct 25 12:13:42 EDT 2012 

BTW, this is built on the following:

System Model: IBM,7028-6C4
Machine Serial Number: 
Processor Type: PowerPC_POWER4
Processor Implementation Mode: POWER 4
Processor Version: PV_4_2
Number Of Processors: 1
Processor Clock Speed: 1201 MHz
CPU Type: 64-bit
Kernel Type: 64-bit
LPAR Info: 2 sbktesaix02
Memory Size: 1536 MB
Good Memory Size: 1536 MB
Platform Firmware level: 3R070425
Firmware Version: IBM,RG070425_d79e20_r

# oslevel -s
6100-05-07-1140
# xlc -qversion
IBM XL C/C++ for AIX, V11.1 (5724-X13)
Version: 11.01.0000.0000


-----Original Message-----
From: scponly-bounces at lists.ccs.neu.edu [mailto:scponly-bounces at lists.ccs.neu.edu] On Behalf Of Eckert, Doug
Sent: Thursday, October 25, 2012 12:09 PM
To: scponly at lists.ccs.neu.edu
Subject: Re: [scponly] scponly on AIX with IBMs patches to OpenSSH

Thanks,

I pulled the source from GitHub and built fresh.  Same result, and it's definitely pulling in the netbsd getopt_long.  I had a look at scponly.c for where the "request denied" comes in to play.  I figured I'd try to re-run configure with "--enable-scp-compat" 

Success!  I've got more testing to do, but looking good so far.

Oct 25 10:15:09 sbktesaix02 auth|security:info sshd[4784362]: Accepted password for XXXXXX from w.x.y.z port 59493 ssh2 Oct 25 10:15:09 sbktesaix02 auth|security:info scponly[3080228]: using netbsd's bundled getopt_long Oct 25 10:15:09 sbktesaix02 auth|security:debug scponly[3080228]: 3 arguments in total.
Oct 25 10:15:09 sbktesaix02 auth|security:debug scponly[3080228]:       arg 0 is scponly
Oct 25 10:15:09 sbktesaix02 auth|security:debug scponly[3080228]:       arg 1 is -c
Oct 25 10:15:09 sbktesaix02 auth|security:debug scponly[3080228]:       arg 2 is scp -t -- /tmp/cfgvg.out
Oct 25 10:15:09 sbktesaix02 auth|security:debug scponly[3080228]: opened log at LOG_AUTH, opts 0x00000009 Oct 25 10:15:09 sbktesaix02 auth|security:debug scponly[3080228]: determined USER is " XXXXXX " from environment Oct 25 10:15:09 sbktesaix02 auth|security:debug scponly[3080228]: retrieved home directory of "/home/ XXXXXX " for user " XXXXXX "
Oct 25 10:15:09 sbktesaix02 auth|security:debug scponly[3080228]: setting uid to 500 Oct 25 10:15:09 sbktesaix02 auth|security:debug scponly[3080228]: processing request: "scp -t -- /tmp/cfgvg.out"
Oct 25 10:15:09 sbktesaix02 auth|security:err|error scponly[3080228]: denied request: scp -t -- /tmp/cfgvg.out [username: XXXXXX (500), IP/port: w.x.y.z 59493 22] Oct 25 10:15:09 sbktesaix02 auth|security:info sshd[4718694]: Received disconnect from w.x.y.z: 11: disconnected by user Oct 25 11:58:36 sbktesaix02 auth|security:info sshd[5111888]: Accepted password for XXXXXX from w.x.y.z port 59808 ssh2 Oct 25 11:58:36 sbktesaix02 auth|security:info scponly[4718822]: running: /bin/scp -t -- /tmp/cfgvg.out (username: XXXXXX (500), IP/port: w.x.y.z 59808 22) Oct 25 11:58:36 sbktesaix02 auth|security:info sshd[3080236]: Received disconnect from w.x.y.z: 11: disconnected by user

_______________________________________________
scponly mailing list
scponly at lists.ccs.neu.edu
https://lists.ccs.neu.edu/bin/listinfo/scponly

More information about the scponly mailing list