[prev in list] [next in list] [prev in thread] [next in thread] 

List:       scponly
Subject:    Re: [scponly] Fedora Core 5
From:       Kaleb Pederson <kibab () icehouse ! net>
Date:       2006-06-27 4:49:54
Message-ID: 200606262150.06055.kibab () icehouse ! net
[Download RAW message or body]


Can you turn on scponly debug mode?  You should be able to do that by doing 
the following:

echo 1 > $install_prefix/etc/scponly/debuglevel

After you have turned on debugging mode, please send us the additional syslog 
information.  Depending on how your syslog daemon is configured, you might 
need to change it's configuration.

--Kaleb

On Monday 26 June 2006 7:12 am, Stephen Sankarsingh wrote:
> Sorry if this has been asked before, I couldn't find the solution to
> this problem in the forum.
>
> I had been using scponly with the chrooted binary on WhiteBox Linux
> (based on RHEL 4) to grant my users access to my site.  All I needed to
> do was run the "make jail" script for a particular user and it just
> worked. Recently, I "upgraded" to Fedora Core 5 since the update servers
> were more reliable than WBL, now when I try to create a jailed user with
> the "make jail" script, I am prompted for the password then get
> "connection closed" immediately afterwards.
>
> This is the output from '/var/log/secure' after issuing the command,
> "sftp test@localhost":
>
>
> Jun 26 09:57:17 server sshd[2208]: Accepted password for test from
> 127.0.0.1 port 39589 ssh2
> Jun 26 13:57:17 server sshd[2209]: Accepted password for test from
> 127.0.0.1 port 39589 ssh2
> Jun 26 09:57:17 server sshd[2210]: pam_unix(sshd:session): session
> opened for user test by (uid=0)
> Jun 26 09:57:17 server sshd[2210]: subsystem request for sftp
> Jun 26 13:57:18 server scponly[2211]: running:
> /usr/libexec/openssh/sftp-server (username: test(501), IP/port:
> 127.0.0.1 39589 22)
> Jun 26 09:57:18 server sshd[2210]: pam_unix(sshd:session): session
> closed for user test
>
>
>
> When I try this in debug mode, I see that the error given is 'exit
> status 1'
>
> If on the other hand, I simply change the user's shell to scponly in
> '/etc/passwd', it works but then they aren't chrooted and I would prefer
> if they were chrooted.
>
> Is there any easy way to fix this? This script was extremely convenient
> when it worked :)

[Attachment #3 (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]