[scponly] scp failing in chrooted environment
Paul Hyder
Paul.Hyder at noaa.gov
Wed Apr 13 11:35:38 EDT 2005
It turns out that scp, running under sshv2 since we also don't permit sshv1, is
sometimes a very useful tool, e.g. in *NIX shell scripts that automate file transfer.
Paul Hyder
NOAA Forecast Systems Lab
Boulder, CO
Ralf Durkee wrote:
> At 01:19 PM 4/11/2005, Paul Jones wrote:
>
>> I have set up scponly and it is almost working perfectly. I use it
>> with the chroot option. rsync works, sftp works, but scp does not.
>> scp complains: "unknown user 10001" 10001 is the correct user id. I
>> am thinking that I have just left something out the the chrooted area
>> that it needs, but I can not figure out what. usr/bin/id,
>> usr/bin/groups, usr/bin/scp are all there. Any thoughts about what
>> might be wrong?
>>
>> Paul
>
>
> I don't understand why anyone would want to go to all the extra work and
> risk to make the scp1 protocol work, when you've got the sftp protocol
> working. All of the scp clients I have tried will use the sftp protocol
> just fine. I don't see the benefit of having the higher risk protocol,
> when the sftp protocol is much easier to control and verify, and
> requires a simpler and smaller chroot. I configure my SSH server to
> only use SSHv2 as SSHv1 has some known weaknesses, and then compile
> scponlyc to only use the sftp protocol.
>
>
> -- Ralf Durkee, CISSP, GSEC, GCIH
> Principal Consultant
> http://rd1.net
>
> _______________________________________________
> scponly mailing list
> scponly at lists.ccs.neu.edu
> https://lists.ccs.neu.edu/bin/listinfo/scponly
More information about the scponly
mailing list