[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] chroot: ssh works, scp doesn't

Hello all....

Thanks for earlier help setting up a chroot ssh login.
That now works fully, and because of "compartment"'s --user --group options
I don't need the su that I thought I did (in the chroot user's /bin).

    I can log on to my chroot user's area using ssh,
    but I can't scp files across to it.

I _can_ scp files from the chroot login to the remote server.
I'll eventually use rsync, but scp is a starting point; scp and rsync fail

The command I'm running from the remote machine is:
"scp -vvv rsync/* update@test:/tmp/tmk"

And the output is as follows:
(snip lots)
2634: debug2: we sent a publickey packet, wait for reply
2634: debug1: authentications that can continue: publickey,password
2634: debug2: we did not send a packet, disable method
2634: debug3: authmethod_lookup password
2634: debug3: remaining preferred: ,password
2634: debug3: authmethod_is_enabled password
2634: debug1: next auth method to try is password
update@test's password:
2634: debug3: packet_send2: adding 64 (len 59 padlen 5 extra_pad 64)
2634: debug2: we sent a password packet, wait for reply
2634: debug1: ssh-userauth2 successful: method password
2634: debug1: fd 4 setting O_NONBLOCK
2634: debug1: fd 5 setting O_NONBLOCK
2634: debug1: channel 0: new [client-session]
2634: debug3: ssh_session2_open: channel_new: 0
2634: debug1: send channel open 0
2634: debug1: Entering interactive session.
2634: debug2: callback start
2634: debug1: ssh_session2_setup: id 0
2634: debug1: Sending command: scp -v -d -t /tmp/tmk
2634: debug1: channel request 0: exec
2634: debug2: callback done
2634: debug1: channel 0: open confirm rwindow 0 rmax 32768
2634: debug2: channel 0: rcvd adjust 131072

Obviously, the password works fine, but I can't figure out where to look

I can send the output of running "ssh -vvv update@test" if that helps.

Permissions on $JAIL/tmp/tmk look like this:
total 0
   0 drwxrwxrwx    3 update   nogroup        72 2004-01-22 14:34 .
   0 drwxr-xr-x   10 update   nogroup       272 2004-01-22 14:34 ..
   0 drwxrwxrwx    2 update   nogroup        48 2004-01-22 14:34 tmk

total 0
   0 drwxrwxrwx    2 update   nogroup        48 2004-01-22 14:34 .
   0 drwxrwxrwx    3 update   nogroup        72 2004-01-22 14:34 ..

I can send a description of the setup of the chroot jail if _that_ helps.

I know this isn't directly a security issue, so I won't be hurt if you point
me somewhere else... just _don't_ suggest Google, I've had a look around
there already!

In the long run I'll be using public key stuff to avoid passwords, but I've
taken that out to eliminate it as a possible problem.



Tom Knight
System Administration Officer
Arts & Humanities Data Service
Web:     http://www.ahds.ac.uk
Email:   tom.knight@xxxxxxxxxx
Tel:     (0)20 7928 7371

Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here