[scponly] can't sftp with scponlyc

Sammy.C sammy_nyc at yahoo.com
Mon Aug 30 14:22:03 EDT 2004 

Thank you so much for your help. It's working great. 
The problem was the permission on the file called 
"sftp-server" 

Take care. 


--- Paul Hyder <Paul.Hyder at noaa.gov> wrote:

> Getting very close.  This is an sftp error, believe
> you
> said it worked with the scponly shell so it has to
> be something
> small in the configuration.
> 
> Have you tried a simple "ssh ls /" as the scponly
> user?  Or an
> scp instead of sftp?
> 
> The usual problems are permissions interaction
> between the top level
> /etc/passwd /etc/group files and the
> {altroot}/etc/passwd {altroot}/etc/group
> files.
> 
> Sanity checks, please let me know:
>      What the exact scponly "config" line looked
> like. (should be
>         near the top in the config.log file)
>      What the OS is on the server.
>      Which version of ssh you have installed.
> 
>    And email:
>      The output of an ls -lR for the altroot tree
> that was built
>      The lines for ONLY the scponly user from
> /etc/passwd and
>        {altroot}/etc/passwd
> 
> Should be just about there.
>      Paul Hyder
> 
> Sammy.C wrote:
> > I changed setup_chroot.sh script and I was able to
> run
> > it. Now I can see many directories and files under
> the
> > user.  But when I try to sftp as the user, I get
> this
> > error message. 
> > 
> > Couldn't read packet: Bad file number
> > 
> > 
> > Any idea?  Thank you for your help. 
> > Sammy
> > 
> > 
> > --- Paul Hyder <Paul.Hyder at noaa.gov> wrote:
> > 
> > 
> >>There is some documentation on building jail
> >>configurations in
> >>the build_extras directory, as noted it is not
> >>trivial.
> >>
> >>Anyway, the error messages are path differences in
> >>Solaris for
> >>specific versions of (at least) id and grep.
> >>
> >>Email archives have a similar solution for Solaris
> 8
> >>that should
> >>handle Solaris9 too.  Take a look at:
> >>
> > 
> >
>
https://lists.ccs.neu.edu/pipermail/scponly/2003-July/000292.html
> > 
> >>Try the script in the message.  Once you see a
> >>configuration
> >>it is pretty easy to understand.
> >>
> >>    Paul Hyder
> >>
> >>Sammy.C wrote:
> >>
> >>>Thank you so much for your help.
> >>>
> >>>When I try to run the " setup_chroot.sh" I get
> the
> >>>following error message. 
> >>>    ./setup_chroot.sh
> >>>    Usage: grep -hblcnsviw pattern file . . .
> >>>    ./setup_chroot.sh: cd$: not found
> >>>    /usr/bin/id: illegal option -- u
> >>>    Usage: id [-ap] [user]
> >>>   ./setup_chroot.sh: test: argument expected
> >>>
> >>>As you said, this shell script is very generic. I
> >>
> >>want
> >>
> >>>to do the steps manually. I didn't understand the
> >>>script that much.   Please tell me the stpes I
> >>
> >>need to
> >>
> >>>do?
> >>>
> >>>
> >>>--- Paul Hyder <Paul.Hyder at noaa.gov> wrote:
> >>>
> >>>
> >>>
> >>>>The chrooted version won't work without proper
> >>>>"jail"
> >>>>configuration.  There are password file changes,
> >>>>directories to make, permissions to set, and
> >>>>executables to copy.
> >>>>
> >>>>What is the error message?
> >>>>
> >>>>    Paul Hyder
> >>>>    NOAA Forecast Systems Lab
> >>>>    Boulder, CO
> >>>>
> >>>>FYI The script that make calls to build the
> >>
> >>chrooted
> >>
> >>>>environment is "setup_chroot.sh".  This shell
> >>
> >>script
> >>
> >>>>is extremely generic and it is likely that you
> >>
> >>will
> >>
> >>>>need to examine what it does to make site
> specific
> >>>>changes.  It is possible to manually do the
> steps
> >>>>to create an initial user for your testing.
> >>>>
> >>>>
> >>>>Sammy.C wrote:
> >>>>
> >>>>
> >>>>>Hi, 
> >>>>>
> >>>>>I have installed scponly on Solaris 9. I
> created
> >>>>
> >>>>user
> >>>>
> >>>>
> >>>>>with the shell "scponlyc" 
> >>>>>
> >>>>>But I can never log in.  I get connection
> closed
> >>>>
> >>>>error
> >>>>
> >>>>
> >>>>>message. I then changed the shell to " scponly"
> 
> >>>>
> >>>>Now I
> >>>>
> >>>>
> >>>>>am able to log in but I am able go every where
> >>>>
> >>>>such as
> >>>>
> >>>>
> >>>>>/etc/ /var. My goal is to restricte users. 
> >>>>>
> >>>>>I did read the readme file in scponly. At the
> end
> >>>>
> >>>>of
> >>>>
> >>>>
> >>>>>install, it says to run " make jail"  but I get
> >>>>
> >>>>error
> >>>>
> >>>>
> >>>>>message.
> >>>>
> >>>>
> >>>
> >>>
> >>>		
> >>>__________________________________
> >>>Do you Yahoo!?
> >>>New and Improved Yahoo! Mail - Send 10MB
> messages!
> >>>http://promotions.yahoo.com/new_mail 
> >>
> > 
> > 
> > 
> > 		
> > _______________________________
> > Do you Yahoo!?
> > Win 1 of 4,000 free domain names from Yahoo! Enter
> now.
> > http://promotions.yahoo.com/goldrush
> 
=== message truncated ===



	
		
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail

More information about the scponly mailing list