[scponly] installation of scponly on RHEL 3
Kyong Kim
kimkyong at fhda.edu
Tue Mar 7 18:11:45 EST 2006
Paul,
Thanks for all your help.
Your suggestion along with using scpjailer got everything working.
Thanks for such prompt responses.
Very nice program and mail list.
Kyong
At 3:12 PM -0700 3/7/06, Paul Hyder wrote:
>Sorry, should have caught this in the first message. With the current
>release scp is not enabled by default. You should re-configure with
>--enable-scp-compat set.
> Paul Hyder
>
>Kyong Kim wrote:
>> Paul,
>> I checked the ssh log and the login is being accepted.
>>
>> I enabled the debugging flag and seeing the following in the secure log
>> file-
>>
>> Mar 7 13:30:00 localhost sshd[19685]: Accepted password for user from
>> ::ffff:xxx.xxx.xxx.xxx port 1993
>> Mar 7 13:30:00 localhost scponly[19688]: chrooted binary in place, will
>> chroot()
>> Mar 7 13:30:00 localhost scponly[19688]: 3 arguments in total.
>> Mar 7 13:30:00 localhost scponly[19688]: arg 0 is scponlyc
>> Mar 7 13:30:00 localhost scponly[19688]: arg 1 is -c
>> Mar 7 13:30:00 localhost scponly[19688]: arg 2 is scp -t
>> /home/user/incoming
>> Mar 7 13:30:00 localhost scponly[19688]: opened log at LOG_AUTHPRIV,
>> opts 0x00000009
>> Mar 7 13:30:00 localhost scponly[19688]: retrieved home directory of
>> "/home/user" for user "user"
>> Mar 7 13:30:00 localhost scponly[19688]: chrooting to dir: "/home/user"
>> Mar 7 13:30:00 localhost scponly[19688]: chdiring to dir: "/"
>> Mar 7 21:30:00 localhost scponly[19688]: setting uid to 511
>> Mar 7 21:30:00 localhost scponly[19688]: processing request: "scp -t
>> /home/user/incoming"
>> Mar 7 21:30:00 localhost scponly[19688]: denied request: scp -t
>> /home/user/incoming [username: user(511), IP/port:
>> ::ffff:xxx.xxx.xxx.xxx 1993 22]
>>
>> I'm not sure what to make of the denied request message.
>> Thank you in advance.
>> Kyong
>>
>>
>>
>> At 11:55 AM -0700 3/7/06, Paul Hyder wrote:
>>
>>> If you change the value in /usr/local/etc/scponly/debuglevel from zero
>>> to 1 scponly will syslog trace messages. You should also check any ssh
>>> logging to make sure that the user is being permitted by ssh.
>>> Paul Hyder
>>> NOAA Earth System Research Laboratory, Global Systems Division
>>> Boulder, CO
>>>
>>> Kyong Kim wrote:
>>>
>>>> Hi guys,
>>>> I'm new to scponly and have been having some trouble getting it to
>>>> work.
>>>> I looked through the archives but could not find anything so I was
>>>> hoping someone could help me out..
>>>>
>>>> I downloaded scponly-4.6.tgz for use on RHEL 3.
>>>>
>>>> I configured it with only the following option --enable-chrooted-binary
>>>> checking build system type... x86_64-unknown-linux-gnu
>>>> checking host system type... x86_64-unknown-linux-gnu
>>>> checking for gcc... gcc
>>>> checking for C compiler default output file name... a.out
>>>> checking whether the C compiler works... yes
>>>> checking whether we are cross compiling... no
>>>> checking for suffix of executables...
>>>> checking for suffix of object files... o
>>>> checking whether we are using the GNU C compiler... yes
>>>> checking whether gcc accepts -g... yes
>>>> checking for gcc option to accept ANSI C... none needed
>>>> checking for a BSD-compatible install... /usr/bin/install -c
>>>> checking whether ln -s works... yes
>>>> checking for cut... /bin/cut
>>>> checking for grep... /bin/grep
>>>> checking for sort... /bin/sort
>>>> checking for ldd... /usr/bin/ldd
>>>> checking for useradd... no
>>>> checking for chown... /bin/chown
>>>> checking for chmod... /bin/chmod
>>>> checking for dirname... /usr/bin/dirname
>>>> checking for id... /usr/bin/id
>>>> checking for pw... /usr/bin/pw
>>>> checking for rm... /bin/rm
>>>> checking for pwd_mkdb... no
>>>> configure: enabling WinSCP compatability...
>>>> checking for pwd... /bin/pwd
>>>> checking for groups... /usr/bin/groups
>>>> checking for id... /usr/bin/id
>>>> checking for echo... /bin/echo
>>>> configure: enabling SFTP compatability...
>>>> checking for sftp-server... /usr/libexec/openssh/sftp-server
> >>> checking how to run the C preprocessor... gcc -E
>>>> checking for egrep... grep -E
>>>> checking for ANSI C header files... yes
>>>> checking for sys/types.h... yes
>>>> checking for sys/stat.h... yes
>>>> checking for stdlib.h... yes
>>>> checking for string.h... yes
>>>> checking for memory.h... yes
>>>> checking for strings.h... yes
>>>> checking for inttypes.h... yes
>>>> checking for stdint.h... yes
>>>> checking for unistd.h... yes
>>>> checking for stdlib.h... (cached) yes
>>>> checking for string.h... (cached) yes
>>>> checking syslog.h usability... yes
>>>> checking syslog.h presence... yes
>>>> checking for syslog.h... yes
>>>
>>> > checking for unistd.h... (cached) yes
>>>
>>>> checking wordexp.h usability... yes
>>>> checking wordexp.h presence... yes
>>>> checking for wordexp.h... yes
>>>> checking glob.h usability... yes
>>>> checking glob.h presence... yes
>>>> checking for glob.h... yes
>>>> checking libgen.h usability... yes
>>>> checking libgen.h presence... yes
>>>> checking for libgen.h... yes
>>>> checking getopt.h usability... yes
>>>> checking getopt.h presence... yes
>>>> checking for getopt.h... yes
>>>> checking for an ANSI C-conforming const... yes
>>>> checking for inline... inline
>>>> checking for working alloca.h... yes
>>>> checking for alloca... yes
>>>> checking for malloc... yes
>>>> checking for atexit... yes
>>>> checking for bzero... yes
>>>> checking for strchr... yes
>>>> checking for strerror... yes
>>>> checking for glob... yes
>>>> checking for wordexp... yes
>>>> checking for strspn... yes
>>>> checking for basename... yes
>>>> checking for getopt... yes
>>>> checking whether optreset is declared... no
>>>> configure: creating ./config.status
>>>> config.status: creating Makefile
>>>> config.status: creating setup_chroot.sh
>>>> config.status: creating config.h
>>>> config.status: config.h is unchanged
>>>>
>>>> When I ran make install, I get the following output-
>>>>
>>>> /usr/bin/install -c -d /usr/local/bin
>>>> /usr/bin/install -c -d /usr/local/man/man8
>>>> /usr/bin/install -c -d /usr/local/etc/scponly
>>>> /usr/bin/install -c -o 0 -g 0 scponly /usr/local/bin/scponly
>>>> /usr/bin/install -c -o 0 -g 0 -m 0644 scponly.8
>>>> /usr/local/man/man8/scponly.8
>>>> /usr/bin/install -c -o 0 -g 0 -m 0644 debuglevel
>>>> /usr/local/etc/scponly/debuglevel
>>>> if test "xscponlyc" != "x"; then \
>>>> /usr/bin/install -c -d
>>>> /usr/local/sbin; \
>>>> rm -f /usr/local/sbin/scponlyc; \
>>>> cp scponly scponlyc; \
>>>> /usr/bin/install -c -o 0 -g 0 -m 4755 scponlyc
>>>> /usr/local/sbin/scponlyc; \
>>>> fi
>>>>
>>>>
>>>> I verified that scponlyc is installed in /usr/local/bin directory.
>>>>
>>>> I used setup_chroot.sh to create users and everything ran okay.
>>>> But each time I try to use pscp to upload a small text file, I get the
>>>> following error.
>>>>
>>>> Fatal: Connection Lost
>>>>
>>>> I tried to use setup_chroot.sh.rh9 in build_extras directory but I get
>>>> the following error-
>>>>
>>>> your scponly build is not configured for chrooted operation.
>>>> please reconfigure as follows, then rebuild and reinstall:
>>>>
>>>> ./configure --enable-chrooted-binary (... other options)
>>>>
>>>> Has anyone else encountered this problem and able to resolve it?
>>>> I'm not sure whether the problem is with the build or setup_chroot.sh.
>>>>
>>>> Thank you in advance for any help.
>>>> Kyong
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> scponly mailing list
>>>> scponly at lists.ccs.neu.edu
>>>> https://lists.ccs.neu.edu/bin/listinfo/scponly
>>
>>
More information about the scponly
mailing list