[scponly] Re: Unable to launch sftp-server from chroot: request
denied
John Barton
jbarton at technicalworks.net
Mon Nov 28 10:54:59 EST 2005
Thanks for the response, the only thing I didnt have in my chroot
filesystem were the device files, I created those and it still doesnt work.
I also figured out that scp doesnt work, although I thought it was. It
seems I can get WinSCP to connect if I use it in "scp" mode, but when I
try to perform a transfer, I get the same "denied request" about scp
-JB
Ralf Durkee wrote:
> Older Solaris systems are a bit of bugger to get working. Solaris 9 and
> 10 are a snap. One useful trick is to run sshd in the foreground with
> debugging enabled. There's a directory list below of a system done years
> ago on Solaris 6. Most likely you're missing a shared library.
>
> -- Ralf Durkee, CISSP, GSEC, GCIH
> Principal Security Consultant
> http://rd1.net
>
>
> John Barton wrote:
>
>> All,
>> I am trying to get scponly version 4.1 running on Solaris 8 sparc, and
>> I am having trouble that seems to be specific to sftp-server.
>>
>> If I try to use WinSCP in "scp" mode, I can connect without any
>> trouble, and I am properly chrooted into my home directory.
>>
>> If I try to use WinSCP in "sftp" mode, it fails with the following
>> error: "Connection has been unexpectedly closed. Server sent command
>> exit status 1". On the server side, in the messages log, it just says
>> "denied request: /opt/xxx/bin/sftp-server (resolved to sftp-server ..."
>>
>> The path to sftp-server is correct, and that path also exists inside
>> my chroot directory.
>>
>> If I try to sftp into the server using an account with a normal shell,
>> it logs in fine.
>>
>> Any pointers on where the problem might be?
>> Regards,
>> -JB
>>
>
>
> # ls -lR
> .:
> total 16
> drwx------ 2 root nogroup 512 Mar 7 11:21 bin
> drwxr-xr-x 2 root nogroup 512 Mar 10 10:37 dev
> drwxr-xr-x 2 root nogroup 512 Mar 14 13:02 etc
> drwx------ 3 inacct nogroup 512 Mar 18 10:38 incoming
> drwxr-x--- 2 root nogroup 512 Mar 7 11:11 lib
> dr-x------ 2 inacct nogroup 512 Mar 12 15:46 outgoing
> drwxr-xr-x 7 root nogroup 512 Mar 7 11:11 usr
> drwxr-xr-x 3 root nogroup 512 Mar 10 10:34 var
>
> ./bin:
> total 200
> -rwxr-xr-x 1 root other 9936 Mar 7 11:21 chmod
> -rwxr-xr-x 1 root other 6692 Mar 7 11:21 chown
> -rwxr-xr-x 1 root other 17908 Mar 7 11:20 ln
> -rwxr-xr-x 1 root other 17440 Mar 7 11:20 ls
> -rwxr-xr-x 1 root other 10588 Mar 7 11:21 mkdir
> -rwxr-xr-x 1 root other 17908 Mar 7 11:20 mv
> -rwxr-xr-x 1 root other 11196 Mar 7 11:20 rm
> -rwxr-xr-x 1 root other 6856 Mar 7 11:21 rmdir
>
> ./dev:
> total 0
> crw-r--r-- 1 root sys 21, 0 Mar 10 10:36 conslog
> crw-r--r-- 1 root other 21, 5 Mar 10 10:36 log
> crw-r--r-- 1 root sys 13, 2 Mar 10 10:37 null
> crw--w---- 1 root tty 0, 0 Mar 10 10:37 syscon
> crw-rw-rw- 1 root sys 11, 42 Mar 10 10:37 tcp
> crw-rw-rw- 1 root sys 11, 41 Mar 10 10:37 udp
> crw-r--r-- 1 root sys 13, 12 Mar 10 10:37 zero
>
> ./etc:
> total 10
> -r--r--r-- 1 root other 107 Mar 14 12:04 passwd
> -r-------- 1 root other 35 Mar 7 17:08 shadow
> -r--r--r-- 1 root other 86 Mar 7 11:24 shells
> -rw-r--r-- 1 root sys 1037 Nov 8 10:04 syslog.conf
>
> ./incoming:
> total 0
>
>
> ./lib:
> total 0
>
> ./outgoing:
> total 0
>
> ./usr:
> total 10
> drwxr-xr-x 2 root other 512 Mar 7 11:11 bin
> drwxr-xr-x 2 root other 512 Mar 7 12:17 lib
> drwxr-xr-x 3 root other 512 Mar 7 11:11 libexec
> drwxr-xr-x 7 root other 512 Mar 10 10:22 local
> drwxr-xr-x 2 root other 512 Mar 7 11:11 sbin
>
> ./usr/bin:
> total 0
>
> ./usr/lib:
> total 4122
> -rwxr-xr-x 1 root other 205880 Mar 7 12:17 ld.so.1
> -rwxr-xr-x 1 root other 1025560 Mar 7 12:17 libc.so.1
> -rwxr-xr-x 1 root other 4664 Mar 7 12:17 libdl.so.1
> -rwxr-xr-x 1 root other 19304 Mar 7 12:17 libmp.so.2
> -rwxr-xr-x 1 root other 756856 Mar 7 12:17 libnsl.so.1
> -rwxr-xr-x 1 root other 53656 Mar 7 12:17 libsocket.so.1
>
> ./usr/libexec:
> total 2
> drwxr-xr-x 2 root other 512 Mar 7 11:11 openssh
>
> ./usr/libexec/openssh:
> total 0
>
> ./usr/local:
> total 10
> drwxr-xr-x 2 root other 512 Mar 7 17:14 bin
> drwxr-xr-x 2 root other 512 Mar 10 10:28 etc
> drwxr-xr-x 2 root other 512 Mar 7 17:00 lib
> drwxr-xr-x 2 root other 512 Mar 7 11:20 libexec
> drwxr-xr-x 3 root other 512 Mar 7 12:16 ssl
>
> ./usr/local/bin:
> total 274
> -rwxr-xr-x 1 bin bin 31736 Aug 5 2002 scp
> -rwxr-xr-x 1 root root 44636 Mar 7 10:54 scponly
> -rwxr-xr-x 1 bin bin 53576 Aug 5 2002 sftp
>
> ./usr/local/etc:
> total 24
> -rw-r--r-- 1 bin bin 1114 Aug 5 2002 ssh_config
> -rw------- 1 root other 668 Oct 1 17:15 ssh_host_dsa_key
> -rw-r--r-- 1 root other 599 Oct 1 17:15 ssh_host_dsa_key.pub
> -rw------- 1 root other 524 Oct 1 16:26 ssh_host_key
> -rw-r--r-- 1 root other 328 Oct 1 16:26 ssh_host_key.pub
> -rw------- 1 root other 883 Oct 1 17:12 ssh_host_rsa_key
> -rw-r--r-- 1 root other 219 Oct 1 17:12 ssh_host_rsa_key.pub
> -rw-r--r-- 1 bin bin 2451 Mar 7 17:11 sshd_config
>
> ./usr/local/lib:
> total 1852
> -rw-r--r-- 1 bin bin 800564 Aug 29 2002 libgcc_s.so.1
> -rwxr-xr-x 1 root other 67632 Mar 7 12:17 libz.so
> -rwxr-xr-x 1 bin bin 67632 Jun 20 2002 libz.so.1.1.4
>
> ./usr/local/libexec:
> total 56
> -rwxr-xr-x 1 bin bin 28332 Aug 5 2002 sftp-server
>
> ./usr/local/ssl:
> total 2
> drwxr-xr-x 2 root other 512 Mar 7 12:17 lib
>
> ./usr/local/ssl/lib:
> total 3456
> -r-xr-xr-x 1 bin bin 1755172 Aug 31 2002 libcrypto.so.0.9.6
>
> ./usr/sbin:
> total 0
>
> ./var:
> total 2
> drwxr-xr-x 3 root other 512 Mar 10 10:34 adm
>
> ./var/adm:
> total 2
> drwxr-xr-x 2 root other 512 Mar 10 10:34 log
> -rw-r--r-- 1 root other 0 Mar 10 10:34 messages
>
> ./var/adm/log:
> total 0
>
>
>
> _______________________________________________
> scponly mailing list
> scponly at lists.ccs.neu.edu
> https://lists.ccs.neu.edu/bin/listinfo/scponly
More information about the scponly
mailing list