[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[suse-security] chroot: ssh works, scp doesn't
Thanks for earlier help setting up a chroot ssh login.
That now works fully, and because of "compartment"'s --user --group options
I don't need the su that I thought I did (in the chroot user's /bin).
I can log on to my chroot user's area using ssh,
but I can't scp files across to it.
I _can_ scp files from the chroot login to the remote server.
I'll eventually use rsync, but scp is a starting point; scp and rsync fail
The command I'm running from the remote machine is:
"scp -vvv rsync/* update@test:/tmp/tmk"
And the output is as follows:
2634: debug2: we sent a publickey packet, wait for reply
2634: debug1: authentications that can continue: publickey,password
2634: debug2: we did not send a packet, disable method
2634: debug3: authmethod_lookup password
2634: debug3: remaining preferred: ,password
2634: debug3: authmethod_is_enabled password
2634: debug1: next auth method to try is password
2634: debug3: packet_send2: adding 64 (len 59 padlen 5 extra_pad 64)
2634: debug2: we sent a password packet, wait for reply
2634: debug1: ssh-userauth2 successful: method password
2634: debug1: fd 4 setting O_NONBLOCK
2634: debug1: fd 5 setting O_NONBLOCK
2634: debug1: channel 0: new [client-session]
2634: debug3: ssh_session2_open: channel_new: 0
2634: debug1: send channel open 0
2634: debug1: Entering interactive session.
2634: debug2: callback start
2634: debug1: ssh_session2_setup: id 0
2634: debug1: Sending command: scp -v -d -t /tmp/tmk
2634: debug1: channel request 0: exec
2634: debug2: callback done
2634: debug1: channel 0: open confirm rwindow 0 rmax 32768
2634: debug2: channel 0: rcvd adjust 131072
Obviously, the password works fine, but I can't figure out where to look
I can send the output of running "ssh -vvv update@test" if that helps.
Permissions on $JAIL/tmp/tmk look like this:
0 drwxrwxrwx 3 update nogroup 72 2004-01-22 14:34 .
0 drwxr-xr-x 10 update nogroup 272 2004-01-22 14:34 ..
0 drwxrwxrwx 2 update nogroup 48 2004-01-22 14:34 tmk
0 drwxrwxrwx 2 update nogroup 48 2004-01-22 14:34 .
0 drwxrwxrwx 3 update nogroup 72 2004-01-22 14:34 ..
I can send a description of the setup of the chroot jail if _that_ helps.
I know this isn't directly a security issue, so I won't be hurt if you point
me somewhere else... just _don't_ suggest Google, I've had a look around
In the long run I'll be using public key stuff to avoid passwords, but I've
taken that out to eliminate it as a possible problem.
System Administration Officer
Arts & Humanities Data Service
Tel: (0)20 7928 7371
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here