[scponly] scponly stopped working after last Red Hat erratum
Voetelink D.
voetelink at ecn.nl
Tue Dec 29 08:19:01 EST 2009
Hi,
>> Since the last Red Hat erratum for openssh was released
>> (http://rhn.redhat.com/errata/RHBA-2009-1668.html) scponly stopped
>> working with sftp connections on RHEL5.
>> I get no messages, the connection just gets closed after succesfully
>> logging on.
>
> I'm not sure of any reasons that an upgrade of that nature would cause it to fail.
>
> I'd probably try to reinstall all the libraries in the chroot after the upgrade, this should ensure that if any of the supporting libraries have changed, the new dependencies will be present. The setup_chroot script that comes with scponly might be sufficient, but if not you could use something like JailKit or the cplibdeps script (which I'll attach). I recommend re-running it any time binaries within your chroot change.
>
> If you're only running the sftp-server, it should be really easy to do using cplibdeps:
>
> cplibdeps /path/to/chroot /path/to/sftp-server
>
> If you have a lot of binaries, then you need to append the paths to the other binaries to the command above (or re-run it for each command).
I've also tried using the non-chroot shell (for testing purpose), but
the same thing happened.
> Also, have you tried the debugging information available on the FAQ?
>
> http://sublimation.org/scponly/wiki/index.php/FAQ
Yes I have, and now it seems like the debugging itself is part of the
problem. It seems I still had debuglevel set to 2 from a previous test.
If I set debuglevel to 0 or 1 everything seems to work okay. If I set it
to a higher value it stops working.
I did strace and found that it seems to fail while writing a line to the
(sys)log. (see attached strace dumpfiles, the debug# in the filename is
the debuglevel configured in the /etc/scp/debuglevel file...).
Syslog seems to work fine.
Also I'm at a loss why it started getting problems after the upgrade of
the openssh package. (which I can still reproduce by downgrading and
upgrading the openssh-packages).
I hope someone can help me fix this, although setting the debuglevel to
0 or 1 seems to solve it for now.
Dennis
--
************************************************************************
D. Voetelink
UNIX Systems Administrator
Energy research Centre of the Netherlands (ECN)
Facilities Department - Automation Services
Petten, Netherlands
e-mail : voetelink at ecn.nl
phone : (+31) 224 564738
************************************************************************
*********************************************************************
This message may contain information that is not intended for you.
If so, you are requested to immediately inform the sender and
delete the message. This e-mail is not intended to create a
legally binding commitment and ECN accepts no liability for damage
of any kind resulting from the risks inherent to the electronic
transmission of messages.
ECN, Dutch CoC number: 41151233
*********************************************************************
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: sftp.debug1.txt
Url: http://lists.ccs.neu.edu/pipermail/scponly/attachments/20091229/5b918a9d/attachment-0002.txt
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: sftp.debug4.txt
Url: http://lists.ccs.neu.edu/pipermail/scponly/attachments/20091229/5b918a9d/attachment-0003.txt
More information about the scponly
mailing list