[scponly] installation of scponly on RHEL 3

Paul Hyder Paul.Hyder at noaa.gov
Tue Mar 7 17:12:41 EST 2006


Sorry, should have caught this in the first message.  With the current
release scp is not enabled by default.  You should re-configure with
--enable-scp-compat set.
   Paul Hyder

Kyong Kim wrote:
> Paul,
> I checked the ssh log and the login is being accepted.
> 
> I enabled the debugging flag and seeing the following in the secure log
> file-
> 
> Mar  7 13:30:00 localhost sshd[19685]: Accepted password for user from
> ::ffff:xxx.xxx.xxx.xxx port 1993
> Mar  7 13:30:00 localhost scponly[19688]: chrooted binary in place, will
> chroot()
> Mar  7 13:30:00 localhost scponly[19688]: 3 arguments in total.
> Mar  7 13:30:00 localhost scponly[19688]:       arg 0 is scponlyc
> Mar  7 13:30:00 localhost scponly[19688]:       arg 1 is -c
> Mar  7 13:30:00 localhost scponly[19688]:       arg 2 is scp -t
> /home/user/incoming
> Mar  7 13:30:00 localhost scponly[19688]: opened log at LOG_AUTHPRIV,
> opts 0x00000009
> Mar  7 13:30:00 localhost scponly[19688]: retrieved home directory of
> "/home/user" for user "user"
> Mar  7 13:30:00 localhost scponly[19688]: chrooting to dir: "/home/user"
> Mar  7 13:30:00 localhost scponly[19688]: chdiring to dir: "/"
> Mar  7 21:30:00 localhost scponly[19688]: setting uid to 511
> Mar  7 21:30:00 localhost scponly[19688]: processing request: "scp -t
> /home/user/incoming"
> Mar  7 21:30:00 localhost scponly[19688]: denied request: scp -t
> /home/user/incoming [username: user(511), IP/port:
> ::ffff:xxx.xxx.xxx.xxx 1993 22]
> 
> I'm not sure what to make of the denied request message.
> Thank you in advance.
> Kyong
> 
> 
> 
> At 11:55 AM -0700 3/7/06, Paul Hyder wrote:
> 
>> If you change the value in /usr/local/etc/scponly/debuglevel from zero
>> to 1 scponly will syslog trace messages.  You should also check any ssh
>> logging to make sure that the user is being permitted by ssh.
>>     Paul Hyder
>>     NOAA Earth System Research Laboratory, Global Systems Division
>>     Boulder, CO
>>
>> Kyong Kim wrote:
>>
>>>  Hi guys,
>>>  I'm new to scponly and have been having some trouble getting it to
>>> work.
>>>  I looked through the archives but could not find anything so I was
>>>  hoping someone could help me out..
>>>
>>>  I downloaded scponly-4.6.tgz for use on RHEL 3.
>>>
>>>  I configured it with only the following option --enable-chrooted-binary
>>>  checking build system type... x86_64-unknown-linux-gnu
>>>  checking host system type... x86_64-unknown-linux-gnu
>>>  checking for gcc... gcc
>>>  checking for C compiler default output file name... a.out
>>>  checking whether the C compiler works... yes
>>>  checking whether we are cross compiling... no
>>>  checking for suffix of executables...
>>>  checking for suffix of object files... o
>>>  checking whether we are using the GNU C compiler... yes
>>>  checking whether gcc accepts -g... yes
>>>  checking for gcc option to accept ANSI C... none needed
>>>  checking for a BSD-compatible install... /usr/bin/install -c
>>>  checking whether ln -s works... yes
>>>  checking for cut... /bin/cut
>>>  checking for grep... /bin/grep
>>>  checking for sort... /bin/sort
>>>  checking for ldd... /usr/bin/ldd
>>>  checking for useradd... no
>>>  checking for chown... /bin/chown
>>>  checking for chmod... /bin/chmod
>>>  checking for dirname... /usr/bin/dirname
>>>  checking for id... /usr/bin/id
>>>  checking for pw... /usr/bin/pw
>>>  checking for rm... /bin/rm
>>>  checking for pwd_mkdb... no
>>>  configure: enabling WinSCP compatability...
>>>  checking for pwd... /bin/pwd
>>>  checking for groups... /usr/bin/groups
>>>  checking for id... /usr/bin/id
>>>  checking for echo... /bin/echo
>>>  configure: enabling SFTP compatability...
>>>  checking for sftp-server... /usr/libexec/openssh/sftp-server
>>>  checking how to run the C preprocessor... gcc -E
>>>  checking for egrep... grep -E
>>>  checking for ANSI C header files... yes
>>>  checking for sys/types.h... yes
>>>  checking for sys/stat.h... yes
>>>  checking for stdlib.h... yes
>>>  checking for string.h... yes
>>>  checking for memory.h... yes
>>>  checking for strings.h... yes
>>>  checking for inttypes.h... yes
>>>  checking for stdint.h... yes
>>>  checking for unistd.h... yes
>>>  checking for stdlib.h... (cached) yes
>>>  checking for string.h... (cached) yes
>>>  checking syslog.h usability... yes
>>>  checking syslog.h presence... yes
>>>  checking for syslog.h... yes
>>
>>  > checking for unistd.h... (cached) yes
>>
>>>  checking wordexp.h usability... yes
>>>  checking wordexp.h presence... yes
>>>  checking for wordexp.h... yes
>>>  checking glob.h usability... yes
>>>  checking glob.h presence... yes
>>>  checking for glob.h... yes
>>>  checking libgen.h usability... yes
>>>  checking libgen.h presence... yes
>>>  checking for libgen.h... yes
>>>  checking getopt.h usability... yes
>>>  checking getopt.h presence... yes
>>>  checking for getopt.h... yes
>>>  checking for an ANSI C-conforming const... yes
>>>  checking for inline... inline
>>>  checking for working alloca.h... yes
>>>  checking for alloca... yes
>>>  checking for malloc... yes
>>>  checking for atexit... yes
>>>  checking for bzero... yes
>>>  checking for strchr... yes
>>>  checking for strerror... yes
>>>  checking for glob... yes
>>>  checking for wordexp... yes
>>>  checking for strspn... yes
>>>  checking for basename... yes
>>>  checking for getopt... yes
>>>  checking whether optreset is declared... no
>>>  configure: creating ./config.status
>>>  config.status: creating Makefile
>>>  config.status: creating setup_chroot.sh
>>>  config.status: creating config.h
>>>  config.status: config.h is unchanged
>>>
>>>  When I ran make install, I get the following output-
>>>
>>>  /usr/bin/install -c -d /usr/local/bin
>>>  /usr/bin/install -c -d /usr/local/man/man8
>>>  /usr/bin/install -c -d /usr/local/etc/scponly
>>>  /usr/bin/install -c -o 0 -g 0 scponly /usr/local/bin/scponly
>>>  /usr/bin/install -c -o 0 -g 0 -m 0644 scponly.8
>>>  /usr/local/man/man8/scponly.8
>>>  /usr/bin/install -c -o 0 -g 0 -m 0644 debuglevel
>>>  /usr/local/etc/scponly/debuglevel
>>>  if test "xscponlyc" != "x"; then                        \
>>>          /usr/bin/install -c -d
>>> /usr/local/sbin;                         \
>>>          rm -f /usr/local/sbin/scponlyc;                 \
>>>          cp scponly scponlyc;                            \
>>>          /usr/bin/install -c -o 0 -g 0 -m 4755 scponlyc
>>>  /usr/local/sbin/scponlyc;        \
>>>  fi
>>>
>>>
>>>  I verified that scponlyc is installed in /usr/local/bin directory.
>>>
>>>  I used setup_chroot.sh to create users and everything ran okay.
>>>  But each time I try to use pscp to upload a small text file, I get the
>>>  following error.
>>>
>>>  Fatal: Connection Lost
>>>
>>>  I tried to use setup_chroot.sh.rh9 in build_extras directory but I get
>>>  the following error-
>>>
>>>  your scponly build is not configured for chrooted operation.
>>>  please reconfigure as follows, then rebuild and reinstall:
>>>
>>>  ./configure --enable-chrooted-binary (... other options)
>>>
>>>  Has anyone else encountered this problem and able to resolve it?
>>>  I'm not sure whether the problem is with the build or setup_chroot.sh.
>>>
>>>  Thank you in advance for any help.
>>>  Kyong
>>>
>>>
>>>
>>>
>>>  _______________________________________________
>>>  scponly mailing list
>>>  scponly at lists.ccs.neu.edu
>>>  https://lists.ccs.neu.edu/bin/listinfo/scponly
> 
> 




More information about the scponly mailing list