[scponly] Fedora Core 5

Ralf Durkee rd at rd1.net
Thu Oct 19 22:43:17 EDT 2006 

The error:

Oct 19 18:39:12 linuxhost1 scponly[15207]: failed: 
/usr/libexec/openssh/sftp-server with error Permission denied(13) 
(username: scpdemo(508), IP/port: 10.0.0.100 50806 22)

Is likely your problem, check the permissions on the file and each 
directory in the path.

-- Ralf Durkee, CISSP, GSEC, GCIH, GSNA
Principal Security Consultant
http://rd1.net



Bo Bruen wrote:
> I have searched the archives and though the question has been asked I 
> haven't been able to find a response.  So here goes...
>
> I am running Fedora Core 5 on a 64bit system (if that is significant) 
> and am attempting to create a sftp site which will strictly control 
> our clients access to the system.
>
> I installed scponly as follows
>
> ./configure --enabled-chrooted-binary --disable-scp-compt 
> --disable-winscp-compt
> make
> make install
> make jail
>
> I used the defaults for the jail
>
> I then make a user:
> adduser -s /usr/local/sbin/scponlyc scpdemo
>
> gave it a password and tried to login via sftp from the localhost and 
> from a seperate system.  Both instances gave the same errors.
>
> The following is from /var/log/security with scponly set to debug 
> level 1:
>
> Oct 19 14:39:11 linuxhost1 sshd[15204]: Accepted password for scpdemo 
> from 10.0.0.100 port 50806 ssh2
> Oct 19 14:39:11 linuxhost1 sshd[15206]: pam_unix(sshd:session): 
> session opened for user scpdemo by (uid=0)
> Oct 19 14:39:12 linuxhost1 sshd[15206]: subsystem request for sftp
> Oct 19 14:39:12 linuxhost1 scponly[15207]: chrooted binary in place, 
> will chroot()
> Oct 19 14:39:12 linuxhost1 scponly[15207]: 3 arguments in total.
> Oct 19 14:39:12 linuxhost1 scponly[15207]:     arg 0 is scponlyc
> Oct 19 14:39:12 linuxhost1 scponly[15207]:     arg 1 is -c
> Oct 19 14:39:12 linuxhost1 scponly[15207]:     arg 2 is 
> /usr/libexec/openssh/sftp-server
> Oct 19 14:39:12 linuxhost1 scponly[15207]: opened log at LOG_AUTHPRIV, 
> opts 0x00000029
> Oct 19 14:39:12 linuxhost1 scponly[15207]: retrieved home directory of 
> "/home/scpdemo" for user "scpdemo"
> Oct 19 14:39:12 linuxhost1 scponly[15207]: chrooting to dir: 
> "/home/scpdemo"
> Oct 19 14:39:12 linuxhost1 scponly[15207]: chdiring to dir: "/"
> Oct 19 18:39:12 linuxhost1 scponly[15207]: setting uid to 508
> Oct 19 18:39:12 linuxhost1 scponly[15207]: processing request: 
> "/usr/libexec/openssh/sftp-server"
> Oct 19 18:39:12 linuxhost1 scponly[15207]: running: 
> /usr/libexec/openssh/sftp-server (username: scpdemo(508), IP/port: 
> 10.0.0.100 50806 22)
> Oct 19 18:39:12 linuxhost1 scponly[15207]: failed: 
> /usr/libexec/openssh/sftp-server with error Permission denied(13) 
> (username: scpdemo(508), IP/port: 10.0.0.100 50806 22)
> Oct 19 14:39:13 linuxhost1 sshd[15206]: pam_unix(sshd:session): 
> session closed for user scpdemo
>
> In the likely event that I miss read or misunderstood the instructions 
> and tried a variety of direcotry configurations with no changes in the 
> error message save the directory locations.  Any help would be 
> appreciated.
>
> --Bo
>
>

More information about the scponly mailing list