[scponly] changing passwords remotely over scponly .. what am I
doing wrong ?
Kaleb Pederson
kpederson at mail.ewu.edu
Tue Mar 7 10:47:09 EST 2006
The logging depends on how your syslog daemon is setup, but will
typically show up in /var/log/messages. As you have now turned on
debugging, there should be quite a bit more information available in the
logs.
You should see something indicating how scponly was called, what command
is being issued, etc.
Thanks.
--Kaleb
On 10:30 Tue 07 Mar , Ensel Sharon wrote:
>
>
> On Mon, 6 Mar 2006, Kaleb Pederson wrote:
>
> > The debuglevel file's location is based on what --prefix is set to when the
> > install is done. I'm not sure what it would be set to on FreeBSD, so I can't
> > be of much help. If you can grab the configure line that ports use, that
> > should tell you what it is set to.
> >
> > Two common cases might be /usr/local/etc/scponly/debugelevel
> > and /opt/etc/scponly/debuglevel.
> >
> > Since -t didn't help, we will probably need the extra debugging info to find
> > out.
> >
> > Can you provide the configure line and the additional logging?
>
>
> Ok, I found the default - /usr/local/etc/scponly, and I set it to '1'
>
> # cat /usr/local/etc/scponly/debuglevel
> 1
> #
>
>
> But I see no additional logging created.The only logging I get from my
> action is in auth.log:
>
> Mar 7 07:04:24 hostname sshd[98571]: Accepted keyboard-interactive/pam
> for username from 10.10.10.10 port 52587 ssh2
> Mar 7 07:04:24 hostname scponly[98575]: chrooted binary in place, will
> chroot()
> Mar 7 07:04:24 hostname scponly[98575]: running: /usr/bin/passwd
> (username: username(1234), IP/port: 10.10.10.10 52587 22)
>
>
> Well, I guess that second line "chrooted binary in place" is new.
>
> The remote command I am running, and its results, are:
>
> # ssh -t username at hostname passwd
> Password:
> Changing local password for username
> Connection to hostname closed.
> #
>
>
> One other piece of information: I was running 4.3, which I built
> _without_ --enable-passwd-compat, then I got the 4.6 tarball, and added
> that directive to my configure line, and then `make ; make
> install`. However, I did not want to muck around with my chroot
> configuration again, so I _did not_ remake my jail after adding the passwd
> directive and upgrading. I simply copied /usr/bin/passwd and
> /usr/lib/libpam.so.3 into the chroot. That seemed to be all there was to
> add to the chroot.
>
> So that's my story - thanks for taking a look.
>
> I guess I am curious as to where the debugging goes, or if that single
> additional line is all the debugging there is, and I am curious as to
> whether I need to add anything else to my chroot other than the passwd
> binary and libpam.so.3 ...
>
More information about the scponly
mailing list