Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 09-29-2011, 08:45 PM   #1
LQ Newbie
Registered: Apr 2009
Posts: 17

Rep: Reputation: 0
I'm defeated: Can't get SCP to work in chroot jail (but sftp and ssh work fine)

I'm defeated: Can't get SCP to work in chroot jail (but sftp and ssh work fine) - I've spent HOURS on this and I love the feeling when I figure something out... on the contrary I am pissed off right now on why this won't work! As the title suggests, my choot jail works fine for SSH and SFTP... but not SCP.

I've done scp -vvv (ssh -vvv), debugged sshd, run straces.. NOTHING! Only thing SCP says every time is "lost connection" on the client side - right after I login.. I get "lost connection" and am disconnected. WTF.. this is stupid....(again, debug output and strace say nothing useful).. so I'm stuck. Defeated.

I'm rarely defeated by Linux, only because the community is so strong, I hope to maintain that so PLEASE if anyone has anything, I'd love to hear it.

Old 09-30-2011, 07:56 AM   #2
Registered: Sep 2011
Location: France
Distribution: Debian Squeeze
Posts: 32

Rep: Reputation: Disabled
In Debian theres is a package available called "scponly", which is a shell.

If my memory is correct it forces the account into a chroot and you can do sftp and scp -- only

I remember doing this manually before having found that package and I had to create some devices manually in the chroot. This was to ensure basic system functionality. Plus I had to copy a bunch of stuff into the chroot, it was pretty messy.

Another solution is to restrict an ssh public key to specific commands for the account in question.
Old 09-30-2011, 12:06 PM   #3
Senior Member
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
What OS / version? Are you using OpenSSH's native ChrootDirectory (enumerated here), or some other method?

If you're using the former approach, one of the first steps to troubleshooting is to review the server-side sshd(8) logging. On Debian-based systems, you normally want to check /var/log/auth.log. On RH-based systems, you normally check /var/log/secure.

What do they tell you about the failed attempts?


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to setup SFTP chroot jail for some particular user. jeesun Linux - Security 1 08-09-2011 11:58 PM
Getting SFTP logs from a chroot jail beairstos Linux - Server 1 10-01-2009 09:20 AM
Chroot SSH problem: ssh working, not SFTP & SCP. NaCo Linux - Security 3 02-01-2009 03:23 AM
Chroot jail for sftp, Solaris 10, OpenSSH_5.1p1 saskak Solaris / OpenSolaris 1 12-14-2008 10:31 PM
chroot jail sftp users f1uke Linux - Security 1 07-28-2003 11:29 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:43 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration