[scponly] Really struggling with Fedora Core 6
Andy Woolley
andy at milonic.com
Mon Nov 12 14:25:43 EST 2007
Hi All,
I've spent most of today getting scponly 4.6 to work on Fedora Core 6 but it
fails to allow any connections.
I've been using scponly for years (version 4.0) and never had ANY problems
until now but these latest versions just do not appear to work anymore.
Anyway, all I want to do is create a jail for users who want to connect to
our servers through SSH and SFTP.
I've been through ALL the docs and done EVERYTHING that was suggested
Here's some info that might help
[root at baba scponly-4.6]# ps -Af | grep -i ruth
root 8555 32736 0 18:55 pts/0 00:00:00 grep -i ruth
[root at baba scponly-4.6]# ps -Af | grep -i ruth
root 8556 2203 1 18:55 ? 00:00:00 sshd: ruth [priv]
sshd 8557 8556 0 18:55 ? 00:00:00 sshd: ruth [net]
root 8559 32736 0 18:55 pts/0 00:00:00 grep -i ruth
[root at baba scponly-4.6]# strace -o sftp.log -f -ff -p 8556
Process 8556 attached - interrupt to quit
Process 8556 detached
[root at baba scponly-4.6]# ps -Af | grep -i ruth
root 8566 2203 1 18:58 ? 00:00:00 sshd: ruth [priv]
sshd 8567 8566 0 18:58 ? 00:00:00 sshd: ruth [net]
root 8569 32736 0 18:58 pts/0 00:00:00 grep -i ruth
[root at baba scponly-4.6]# strace -o sftp.log -f -ff -p 8566
Process 8566 attached - interrupt to quit
Process 8573 attached (waiting for parent)
Process 8573 resumed (parent 8566 ready)
Process 8574 attached (waiting for parent)
Process 8574 resumed (parent 8573 ready)
Process 8574 detached
Process 8573 detached
Process 8566 detached
[root at baba scponly-4.6]# grep "^exec" sftp.log*
sftp.log.8574:execve("/usr/local/sbin/scponlyc", ["scponlyc"..., "-c"...,
"/usr/libexec/openssh/sftp-server"], [/* 9 vars */]) = 0
sftp.log.8574:execve("/usr/libexec/openssh/sftp-server",
["/usr/libexec/openssh/sftp-server"], [/* 0 vars */]) = 0
Here is some /var/log/secure details
[root at baba scponly-4.6]# tail -f /var/log/secure
*****This is SFTP ********
Nov 12 19:20:15 baba sshd[9078]: Accepted password for ruth from
123.123.123.123 port 34795 ssh2
Nov 12 19:20:15 baba sshd[9078]: pam_unix(sshd:session): session opened for
user ruth by (uid=0)
Nov 12 19:20:15 baba sshd[9080]: subsystem request for sftp
Nov 12 19:20:15 baba scponly[9081]: chrooted binary in place, will chroot()
Nov 12 19:20:15 baba scponly[9081]: 3 arguments in total.
Nov 12 19:20:15 baba scponly[9081]: arg 0 is scponlyc
Nov 12 19:20:15 baba scponly[9081]: arg 1 is -c
Nov 12 19:20:15 baba scponly[9081]: arg 2 is
/usr/libexec/openssh/sftp-server
Nov 12 19:20:15 baba scponly[9081]: opened log at LOG_AUTHPRIV, opts
0x00000029
Nov 12 19:20:15 baba scponly[9081]: retrieved home directory of "/home/ruth"
for user "ruth"
Nov 12 19:20:15 baba scponly[9081]: chrooting to dir: "/home/ruth"
Nov 12 19:20:15 baba scponly[9081]: chdiring to dir: "/"
Nov 12 19:20:15 baba scponly[9081]: setting uid to 506
Nov 12 19:20:15 baba scponly[9081]: processing request:
"/usr/libexec/openssh/sftp-server"
Nov 12 19:20:15 baba scponly[9081]: running:
/usr/libexec/openssh/sftp-server (username: ruth(506), IP/port:
123.123.123.123 34795 22)
Nov 12 19:20:15 baba sshd[9078]: pam_unix(sshd:session): session closed for
user ruth
*****This is SSH ********
Nov 12 19:20:26 baba sshd[9082]: Accepted password for ruth from
123.123.123.123 port 34797 ssh2
Nov 12 19:20:26 baba sshd[9082]: pam_unix(sshd:session): session opened for
user ruth by (uid=0)
Nov 12 19:20:26 baba scponly[9085]: 1 arguments in total.
Nov 12 19:20:26 baba scponly[9085]: arg 0 is -scponlyc
Nov 12 19:20:26 baba scponly[9085]: opened log at LOG_AUTHPRIV, opts
0x00000029
Nov 12 19:20:26 baba scponly[9085]: incorrect number of args
Nov 12 19:20:27 baba sshd[9082]: pam_unix(sshd:session): session closed for
user ruth
As you can see it tries to login but just disconnects straight away, can't
find anything useful in the logs and would really appreciate some help
Cheers,
Andy
More information about the scponly
mailing list