Issues with scponlyc on amd64 squeeze final release.
On a new Squeeze [amd64] machine, I've created a new user with the script:
/usr/share/doc/scponly/setup_chroot/setup_chroot.sh.gz
(uncompressed and placed in /tmp together with the config.h file).
For the new user, let's call him Peter for argument sake, we have the
following:
# grep peter /etc/passwd
peter:x:1050:1050::/home/peter:/usr/sbin/scponlyc
# ls -ald /home/peter/
drwxr-xr-x 18 root root 4096 Feb 12 23:25 /home/peter/
# ls -lad /home/peter/.ssh
drwx------ 2 peter peter 4096 Feb 12 17:23 .ssh
# ls -ald /home/peter/.ssh/authorized_keys
-rw------- 1 peter peter 629 Feb 12 17:23 /home/peter/.ssh/authorized_keys
# echo /usr/sbin/scponlyc >> /etc/shells
So, all the ownership and permissions look right to me....
There are some root owned directories and files as created by the
setup_chroot.sh script.
All _should_ be good, but a user on another machine cannot sshfs mount
Peter's area using Peter's credentials. The same issues manifests itself
for winscp use as well.
Logging shows on each end, that the other end disconnected the session --
great, the client gives me the run around and so does the server!
An older machine (i386 Lenny) works fine in both of the same scenarios
with identical setup type (just different macine arch and binaries).
The /etc/ssh/sshd_config has an entry for sftp-server (exactly the same on
each server).
Everything works if I change the login shell to /bin/bash, but I don't
want this user to have any command line access to the new server (as he
didn't have on the old server).
I need scponlyc (chroot version) to work as I also do not want Peter to be
able to snoop in other directories that don't concern him.
Does anybody have any ideas as to what is required to fix this problem?
--
Kind Regards
AndrewM
Andrew McGlashan
Broadband Solutions now including VoIP
Reply to: