I'm defeated: Can't get SCP to work in chroot jail (but sftp and ssh work fine)
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm defeated: Can't get SCP to work in chroot jail (but sftp and ssh work fine)
I'm defeated: Can't get SCP to work in chroot jail (but sftp and ssh work fine) - I've spent HOURS on this and I love the feeling when I figure something out... on the contrary I am pissed off right now on why this won't work! As the title suggests, my choot jail works fine for SSH and SFTP... but not SCP.
I've done scp -vvv (ssh -vvv), debugged sshd, run straces.. NOTHING! Only thing SCP says every time is "lost connection" on the client side - right after I login.. I get "lost connection" and am disconnected. WTF.. this is stupid....(again, debug output and strace say nothing useful).. so I'm stuck. Defeated.
I'm rarely defeated by Linux, only because the community is so strong, I hope to maintain that so PLEASE if anyone has anything, I'd love to hear it.
In Debian theres is a package available called "scponly", which is a shell.
If my memory is correct it forces the account into a chroot and you can do sftp and scp -- only
I remember doing this manually before having found that package and I had to create some devices manually in the chroot. This was to ensure basic system functionality. Plus I had to copy a bunch of stuff into the chroot, it was pretty messy.
Another solution is to restrict an ssh public key to specific commands for the account in question.
What OS / version? Are you using OpenSSH's native ChrootDirectory (enumerated here), or some other method?
If you're using the former approach, one of the first steps to troubleshooting is to review the server-side sshd(8) logging. On Debian-based systems, you normally want to check /var/log/auth.log. On RH-based systems, you normally check /var/log/secure.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.