Re: chrooting with mkscproot and scponly - clearing up
- --- In email@example.com, Marcel Nijenhof <nslu2@...> wrote:
> On Wed, 2007-11-28 at 01:27 +0000, Ben Pollinger wrote:
> > I have been trying the mkscproot script from
> > http://www.nslu2-linux.org/wiki/Optware/Scponly
> > The wiki page is a bit confusing so I'd like to clear some things up
> > and rewrite it a bit. First I'll explain what I've done.
> > mkscproot -u testuser is not quite enough to get a working account.
> Which firmware did you use?
> Which version of scponly?
> Which ssh server software do you use?
> Did you see a warning that your firmware wasn't supported?
> > I need to do the following, as stated at the end of the above wiki
> > page:
> > cd /home/testuser_root
> > chmod 755 ./bin/* ./lib/* ./usr/bin/scp
> > chmod 644 ./etc/* ./usr/lib/libcrypto.so.0.9.7 ./usr/lib/libz.so.1.2.3hi ben, hi marcel!
> > chmod 755 ./bin ./etc
> > cp -p ./usr/libexec/openssh/sftp-server ./usr/lib
> Probably this is the combination of:
> openssh-sshd, openssh-sftp 4.0p1-r10 (from openslug)
> I have tested 3 configurations (from well tested to less tested):
> unslung + openssh
> openslug + dropbear
> openslug + openssh 4.7p1-1 (from optware for openslug)
> Probably the combination of openslug and the native openembbeded ssh
> daemon doesn't work.
> Can you confirm that you use that combination?
> > I also need to create a SSH key as per
> > http://www.nslu2-linux.org/wiki/HowTo/UseOpenSSHForRemoteAccess
> You don't need to do that!
> You are able to use normal passwords as well.
> You can argue that it is easier and saver with keys but it's
> not a hard requirement.
> > Within WinSCP my root dir is testuser_root so I can see subdirs bin,
> > dev, etc and so on
> > Is this right?
> > Can I chmod any of this to make it less accesible?
> You need to have access to these directories/files otherwise some
> functions won't work.
> > Also, by default, new users are made in /home - on my slug, this is a
> > small flash drive, so I want a new user's chroot space on my bigger
> > hard disk - e.g. /share/flash/data/home/testuser_root/
> > Can the mkscproot script do this with another switch?
> You are able to use the "-r" option for the "chrooted" location.
> # /tmp/mkscproot -H
> mkscproot [-n] [-r root] [-h <home>] -u <user>
> mkscproot -u scponly
> Don't use other options unless you know what you do!!
still doesnt work for me after bens workaround
-openssh - 4.7p1-2
-scponly - 4.6-5
-created environement simply as discribed with mkscproot -u username
- On Sun, 2008-03-09 at 10:22 +0000, zzzz3n wrote:
> still doesnt work for me after bens workaroundI did some checking and found that scp work but that there are problems
> -openssh - 4.7p1-2
> -unslung 6.10
> -scponly - 4.6-5
> -created environement simply as discribed with mkscproot -u username
with "sftp". I will try to fix this.