LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 09-29-2011, 07:45 PM   #1
ponga
LQ Newbie
 
Registered: Apr 2009
Posts: 17

Rep: Reputation: 0
I'm defeated: Can't get SCP to work in chroot jail (but sftp and ssh work fine)


I'm defeated: Can't get SCP to work in chroot jail (but sftp and ssh work fine) - I've spent HOURS on this and I love the feeling when I figure something out... on the contrary I am pissed off right now on why this won't work! As the title suggests, my choot jail works fine for SSH and SFTP... but not SCP.

I've done scp -vvv (ssh -vvv), debugged sshd, run straces.. NOTHING! Only thing SCP says every time is "lost connection" on the client side - right after I login.. I get "lost connection" and am disconnected. WTF.. this is stupid....(again, debug output and strace say nothing useful).. so I'm stuck. Defeated.

I'm rarely defeated by Linux, only because the community is so strong, I hope to maintain that so PLEASE if anyone has anything, I'd love to hear it.

--ponga
 
Old 09-30-2011, 06:56 AM   #2
KuimFieg
Member
 
Registered: Sep 2011
Location: France
Distribution: Debian Squeeze
Posts: 32

Rep: Reputation: Disabled
In Debian theres is a package available called "scponly", which is a shell.

If my memory is correct it forces the account into a chroot and you can do sftp and scp -- only

I remember doing this manually before having found that package and I had to create some devices manually in the chroot. This was to ensure basic system functionality. Plus I had to copy a bunch of stuff into the chroot, it was pretty messy.

Another solution is to restrict an ssh public key to specific commands for the account in question.
 
Old 09-30-2011, 11:06 AM   #3
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
What OS / version? Are you using OpenSSH's native ChrootDirectory (enumerated here), or some other method?

If you're using the former approach, one of the first steps to troubleshooting is to review the server-side sshd(8) logging. On Debian-based systems, you normally want to check /var/log/auth.log. On RH-based systems, you normally check /var/log/secure.

What do they tell you about the failed attempts?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to setup SFTP chroot jail for some particular user. jeesun Linux - Security 1 08-09-2011 10:58 PM
Getting SFTP logs from a chroot jail beairstos Linux - Server 1 10-01-2009 08:20 AM
Chroot SSH problem: ssh working, not SFTP & SCP. NaCo Linux - Security 3 02-01-2009 02:23 AM
Chroot jail for sftp, Solaris 10, OpenSSH_5.1p1 saskak Solaris / OpenSolaris 1 12-14-2008 09:31 PM
chroot jail sftp users f1uke Linux - Security 1 07-28-2003 10:29 AM


All times are GMT -5. The time now is 03:36 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration