scponly & chroot nefunguje

[Jiri B.]

Zdravim,

tak nevim jestli jsem to predtim prehledl nebo nejak :) ale proste mi 
nejede prihlaseni scponly kdyz je to v chrootu. Uzivatele vytvorim podle 
toho skriptu v /usr/local/share/examples/scponly/setup_chroot.sh

Kdyz to neni v chrootu tak to slape. Rovnez kdyz dam ssh sftpuser tak se 
prihlasim do nefunkcniho shellu scponly (samozrejme). No kdyz to 
nastavim aby byl sftpuser v chrootu tak to nefunguje :(

/etc/passwd
-----------
sftpuser:*:1004:1001:User 
&:/home/sftpusers/sftpuser:/usr/local/sbin/scponlyc

home sftpusera
--------------
drwxr-xr-x  2 root      wheel     512 Oct 18 21:33 bin
drwxr-xr-x  2 root      wheel     512 Oct 18 21:33 etc
drwxr-xr-x  2 sftpuser  sshusers  512 Oct 18 21:33 incoming
drwxr-xr-x  2 root      wheel     512 Oct 18 21:33 lib
drwxr-xr-x  2 root      wheel     512 Oct 18 21:33 libexec
drwxr-xr-x  6 root      wheel     512 Oct 18 21:33 usr

sftp je povoleny v sshd_config
------------------------------
Subsystem       sftp    /usr/libexec/sftp-server

Cast z auth.log
---------------
Oct 18 22:23:06 projekt sshd[6799]: Accepted keyboard-interactive/pam 
for sftpuser from 10.0.0.10 port 51505 ssh2
Oct 18 22:23:06 projekt sshd[6799]: subsystem request for sftp
Oct 18 20:23:06 projekt [6802]: running: /usr/libexec/sftp-server 
(username: sftpuser(1004), IP/port: 10.0.0.10 51505 22)
Oct 18 20:23:06 projekt [6802]: failed: /usr/libexec/sftp-server with 
error Permission denied(13) (username: sftpuser(1004), IP/port: 
10.0.0.10 51505 22)


sftp -v sftpuser at host
---------------------
Connecting to 10.0.0.101...
OpenSSH_3.8.1p1, OpenSSL 0.9.7d 17 Mar 2004
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 10.0.0.101 [10.0.0.101] port 22.
debug1: Connection established.
debug1: identity file /home/testovic/.ssh/id_rsa type -1
debug1: identity file /home/testovic/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version 
OpenSSH_3.8.1p1 FreeBSD-20040419
debug1: match: OpenSSH_3.8.1p1 FreeBSD-20040419 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '10.0.0.101' is known and matches the DSA host key.
debug1: Found key in /home/testovic/.ssh/known_hosts:1
debug1: ssh_dss_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/testovic/.ssh/id_rsa
debug1: Trying private key: /home/testovic/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:
debug1: Authentication succeeded (keyboard-interactive).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending subsystem: sftp
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.2 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 13
Connection closed

Predem diky.

jirib

-- 
mail: jiri.b at sendmail.cz | jabber: jiri.b at njs.netlab.cz
IRCnet/EFnet/SILCnet: jirib | ICQ: 261273235
GPGfingerprint: 21A1 8E02 CDF0 DCAA B385  A253 EF0C F1CE B618 8EAB