[scponly] Permission denied
Kaleb Pederson
kpederson at mail.ewu.edu
Fri Apr 1 10:59:27 EST 2005
On Friday 01 April 2005 6:53 am, you wrote:
> It works if I change to the non-chrooted binary so I doubt it's the shell
> (am I wrong?).
It depends, I don't believe that scponly adds the shell to /etc/shells, so one
could easily be there without the other unless it was added.
What does `grep scponly /etc/shells` give as output? (I know... you said it's
there... I'm grasping at straws a bit.)
> > If they happen to be getting to scponly, then you could do something like
> > the following to turn up debugging:
> >
> > echo "1" > /etc/scponly/debuglevel
> >
> > Once you up your debuglevel (change the path above as necessary), then
> > you should get quite a few messages in the log when the user is actually
> > getting to scponly, but I doubt that's the problem.
>
> Which log file would show the errors? I didn't see anything in messages
> or debug or anything new in auth.log. Nothing new showed on the client
> side.
It will depend on your logger, but I see them in my debug log on AIX. I don't
see them at all in Linux (but I'm using metalog and it might not be
configured correctly.... although I haven't bothered to trace down the
problem yet). However, I did at least see the calls being made when I
strace'd my ssh connection.
> > If you still can't figure it out, you could strace your ssh process and
> > find out what ssh is doing for authentication and the associated failure.
>
> Well again it works when I use the non-chrooted binary. Would you strace
> the server, the client, or both?
I would run strace on the server that you're connecting to.
--Kaleb
More information about the scponly
mailing list