[scponly] scp failing in chrooted environment
Ralf Durkee
rd at rd1.net
Tue Apr 12 23:07:17 EDT 2005
At 01:19 PM 4/11/2005, Paul Jones wrote:
>I have set up scponly and it is almost working perfectly. I use it with
>the chroot option. rsync works, sftp works, but scp does not. scp
>complains: "unknown user 10001" 10001 is the correct user id. I am
>thinking that I have just left something out the the chrooted area that it
>needs, but I can not figure out what. usr/bin/id, usr/bin/groups,
>usr/bin/scp are all there. Any thoughts about what might be wrong?
>
>Paul
I don't understand why anyone would want to go to all the extra work and
risk to make the scp1 protocol work, when you've got the sftp protocol
working. All of the scp clients I have tried will use the sftp protocol
just fine. I don't see the benefit of having the higher risk protocol,
when the sftp protocol is much easier to control and verify, and requires a
simpler and smaller chroot. I configure my SSH server to only use SSHv2 as
SSHv1 has some known weaknesses, and then compile scponlyc to only use the
sftp protocol.
-- Ralf Durkee, CISSP, GSEC, GCIH
Principal Consultant
http://rd1.net
More information about the scponly
mailing list