[scponly] Why isn't scponlyc siphoning off the path following the double slash?

Maurice Volaski mvolaski at aecom.yu.edu
Thu Nov 1 14:29:14 EDT 2007


>Please turn on debugging.  Details are in the FAQ but here's the summary:
>
>echo 1 > $INSTALL_PREFIX/etc/scponly/debuglevel
>
>Once you've done that, you can grab debug output from your syslog 
>daemon which will help us figure out what's going on.
>

Sorry, I didn't mention that I had debugging on. There are no 
messages logged about this or at all for that matter when I run it 
this way from scponly. I think that makes sense. It seems that sshd 
is reading /etc/passwd and scponlyc doesn't ever get to run. So how 
could the double slash mechanism ever work unless it were a feature 
of ssh? I'm running OpenSSH 4.7_p1.

>
>On 10/31/07, Maurice Volaski 
><<mailto:mvolaski at aecom.yu.edu>mvolaski at aecom.yu.edu> wrote:
>
>On a 64-bit Gentoo system, I have the following in /etc/passwd
>
>planaria:x:1004:1009::/home/halllvd/planaria//hallweb:/usr/sbin/scponlyc
>
>So /home/halllvd/planaria/ is the user's account on this system and
>also the chroot environment and it's owned by root, not this user.
>The .ssh directory for this user is in there, too.
>
>I can ssh to it given a bash shell here, and I can chroot to it, too.
>
>hallweb is the writable directory for this user within the chrooted
>environment and also the home in /etc/passwd of the chrooted
>environment.
>
>Without the double slash present, rsync can write files in it. But
>with the double slash present, rsync cannot connect and I see in the
>sshd debug
>
>debug1: trying public key file
>/home/halllvd/planaria//hallweb/.ssh/authorized_keys
>
>So for some reason, sshd is receiving this whole path, double slashes
>and all. Shouldn't scponlyc be siphoning off that information, so
>sshd sees just the chrooted path, which is where the .ssh directory
>is?
>--

-- 

Maurice Volaski, mvolaski at aecom.yu.edu
Computing Support, Rose F. Kennedy Center
Albert Einstein College of Medicine of Yeshiva University



More information about the scponly mailing list