Loading ...
Sorry, an error occurred while loading the content.

Re: chrooting with mkscproot and scponly - clearing up

Expand Messages
  • zzzz3n
    ... ./usr/libexec/openssh/sftp-server ... hi ben, hi marcel! still doesnt work for me after bens workaround configuration: -openssh - 4.7p1-2 -unslung 6.10
    Message 1 of 6 , Mar 9, 2008
    • 0 Attachment
      --- In nslu2-general@yahoogroups.com, Marcel Nijenhof <nslu2@...> wrote:
      >
      > On Wed, 2007-11-28 at 01:27 +0000, Ben Pollinger wrote:
      >
      > >
      > > I have been trying the mkscproot script from
      > > http://www.nslu2-linux.org/wiki/Optware/Scponly
      > >
      > > The wiki page is a bit confusing so I'd like to clear some things up
      > > and rewrite it a bit. First I'll explain what I've done.
      > >
      > > mkscproot -u testuser is not quite enough to get a working account.
      >
      > Which firmware did you use?
      > Which version of scponly?
      > Which ssh server software do you use?
      > Did you see a warning that your firmware wasn't supported?
      >
      > > I need to do the following, as stated at the end of the above wiki
      > > page:
      > >
      > > cd /home/testuser_root
      > > chmod 755 ./bin/* ./lib/* ./usr/bin/scp
      ./usr/libexec/openssh/sftp-server
      > > chmod 644 ./etc/* ./usr/lib/libcrypto.so.0.9.7 ./usr/lib/libz.so.1.2.3
      > > chmod 755 ./bin ./etc
      > > cp -p ./usr/libexec/openssh/sftp-server ./usr/lib
      >
      > Probably this is the combination of:
      > openslug
      > openssh-sshd, openssh-sftp 4.0p1-r10 (from openslug)
      >
      > I have tested 3 configurations (from well tested to less tested):
      > unslung + openssh
      > openslug + dropbear
      > openslug + openssh 4.7p1-1 (from optware for openslug)
      >
      > Probably the combination of openslug and the native openembbeded ssh
      > daemon doesn't work.
      >
      > Can you confirm that you use that combination?
      >
      > > I also need to create a SSH key as per
      > > http://www.nslu2-linux.org/wiki/HowTo/UseOpenSSHForRemoteAccess
      >
      > You don't need to do that!
      >
      > You are able to use normal passwords as well.
      > You can argue that it is easier and saver with keys but it's
      > not a hard requirement.
      >
      > > Within WinSCP my root dir is testuser_root so I can see subdirs bin,
      > > dev, etc and so on
      > >
      > > Is this right?
      >
      > Yes.
      >
      > > Can I chmod any of this to make it less accesible?
      >
      > No.
      >
      > You need to have access to these directories/files otherwise some
      > functions won't work.
      >
      > >
      > > Also, by default, new users are made in /home - on my slug, this is a
      > > small flash drive, so I want a new user's chroot space on my bigger
      > > hard disk - e.g. /share/flash/data/home/testuser_root/
      > >
      > > Can the mkscproot script do this with another switch?
      >
      > You are able to use the "-r" option for the "chrooted" location.
      >
      > # /tmp/mkscproot -H
      >
      > mkscproot [-n] [-r root] [-h <home>] -u <user>
      >
      > Example:
      > mkscproot -u scponly
      >
      > Don't use other options unless you know what you do!!
      >
      > --
      > marceln
      >
      hi ben, hi marcel!

      still doesnt work for me after bens workaround
      configuration:

      -openssh - 4.7p1-2
      -unslung 6.10
      -scponly - 4.6-5
      -created environement simply as discribed with mkscproot -u username

      best, slugzen
    • Marcel Nijenhof
      ... I did some checking and found that scp work but that there are problems with sftp . I will try to fix this. -- marceln
      Message 2 of 6 , Mar 17, 2008
      • 0 Attachment
        On Sun, 2008-03-09 at 10:22 +0000, zzzz3n wrote:

        > still doesnt work for me after bens workaround
        > configuration:
        >
        > -openssh - 4.7p1-2
        > -unslung 6.10
        > -scponly - 4.6-5
        > -created environement simply as discribed with mkscproot -u username

        I did some checking and found that scp work but that there are problems
        with "sftp". I will try to fix this.

        --
        marceln
      • Marcel Nijenhof
        ... This problem should be fix in 4.6-6. -- marceln
        Message 3 of 6 , Mar 19, 2008
        • 0 Attachment
          On Mon, 2008-03-17 at 23:22 +0100, Marcel Nijenhof wrote:

          > > -scponly - 4.6-5

          This problem should be fix in 4.6-6.

          --
          marceln
        Your message has been successfully submitted and would be delivered to recipients shortly.