Loading ...
Sorry, an error occurred while loading the content.

Scponly packet not working under Openslug 3.10

Expand Messages
  • mark.vanderhaegen
    I m trying in installing the scponly packet on to the openslug 3.10 firmware. root@Pistachio:/home/test_root/bin# /opt/bin/ipkg list_installed scponly - 4.6-3
    Message 1 of 11 , Aug 23 8:02 AM
    • 0 Attachment
      I'm trying in installing the scponly packet on to the openslug 3.10
      firmware.

      root@Pistachio:/home/test_root/bin# /opt/bin/ipkg list_installed
      scponly - 4.6-3 - A shell for users with scp/sftp only access

      Then I'm following the WIKI information on how to setup a Chroot
      environment for SCP.

      I receive the following loggin information tail -f /var/log/messages

      Aug 23 14:50:36 (none) auth.info sshd[3600]: Accepted publickey for
      test from 192.168.0.54 port 4575 ssh2
      Aug 23 14:50:36 (none) auth.err sshd[3604]: error: setlogin failed:
      Function not implemented
      Aug 23 14:50:36 (none) authpriv.info scponly[3605]: chrooted binary in
      place, will chroot()
      Aug 23 14:50:36 (none) authpriv.debug scponly[3605]: 1 arguments in total.
      Aug 23 14:50:36 (none) authpriv.debug scponly[3605]: ^Iarg 0 is -scponlyc
      Aug 23 14:50:36 (none) authpriv.debug scponly[3605]: opened log at
      LOG_AUTHPRIV, opts 0x00000029
      Aug 23 14:50:36 (none) authpriv.debug scponly[3605]: retrieved home
      directory of "/home/test_root//test" for user "test"
      Aug 23 14:50:36 (none) authpriv.debug scponly[3605]: chrooting to dir:
      "/home/test_root"
      Aug 23 14:50:36 (none) authpriv.debug scponly[3605]: chdiring to dir:
      "/test"
      Aug 23 14:50:36 (none) authpriv.debug scponly[3605]: setting uid to 2000
      Aug 23 14:50:36 (none) authpriv.debug scponly[3605]: entering WinSCP
      compatibility mode [username: test(2000), IP/port: 192.168.0.54 4575 22]
      Aug 23 14:50:37 (none) authpriv.debug scponly[3605]: processing
      request: "pwd"
      Aug 23 14:50:37 (none) authpriv.debug scponly[3605]: Unable to find
      "LOG_SFTP" in the environment
      Aug 23 14:50:37 (none) authpriv.debug scponly[3605]: Found "USER" and
      setting it to "test"
      Aug 23 14:50:37 (none) authpriv.debug scponly[3605]: Unable to find
      "SFTP_UMASK" in the environment
      Aug 23 14:50:37 (none) authpriv.debug scponly[3605]: Unable to find
      "SFTP_PERMIT_CHMOD" in the environment
      Aug 23 14:50:37 (none) authpriv.debug scponly[3605]: Unable to find
      "SFTP_PERMIT_CHOWN" in the environment
      Aug 23 14:50:37 (none) authpriv.debug scponly[3605]: Unable to find
      "SFTP_LOG_LEVEL" in the environment
      Aug 23 14:50:37 (none) authpriv.debug scponly[3605]: Unable to find
      "SFTP_LOG_FACILITY" in the environment
      Aug 23 14:50:37 (none) authpriv.debug scponly[3605]: Environment
      contains "USER=test"
      Aug 23 14:50:37 (none) authpriv.info scponly[3605]: running: /bin/pwd
      (username: test(2000), IP/port: 192.168.0.54 4575 22)
      Aug 23 14:50:37 (none) authpriv.err scponly[3606]: failed: /bin/pwd
      with error No such file or directory(2) (username: test(2000),
      IP/port: 192.168.0.54 4575 22)

      I receive the following logging information (end of file) in the
      WinSCP program that I use to verify my setup.

      ...........
      < 2007-08-23 16:51:10.078 WinSCP: this is end-of-file:0
      > 2007-08-23 16:51:10.078 unset "HUMAN_BLOCKS" ; echo "WinSCP: this is
      end-of-file:$status"
      < 2007-08-23 16:51:10.109 WinSCP: this is end-of-file:0
      . 2007-08-23 16:51:10.109 Getting current directory name.
      > 2007-08-23 16:51:10.109 pwd ; echo "WinSCP: this is end-of-file:$status"
      ! 2007-08-23 16:51:10.156 scponly[3605]: processing request: "pwd"
      ! 2007-08-23 16:51:10.156 scponly[3605]: Unable to find "LOG_SFTP" in
      the environment
      ! 2007-08-23 16:51:10.156 scponly[3605]: Found "USER" and setting it
      to "test"
      ! 2007-08-23 16:51:10.156 scponly[3605]: Unable to find "SFTP_UMASK"
      in the environment
      ! 2007-08-23 16:51:10.156 scponly[3605]: Unable to find
      "SFTP_PERMIT_CHMOD" in the environment
      ! 2007-08-23 16:51:10.156 scponly[3605]: Unable to find
      "SFTP_PERMIT_CHOWN" in the environment
      ! 2007-08-23 16:51:10.156 scponly[3605]: Unable to find
      "SFTP_LOG_LEVEL" in the environment
      ! 2007-08-23 16:51:10.156 scponly[3605]: Unable to find
      "SFTP_LOG_FACILITY" in the environment
      ! 2007-08-23 16:51:10.156 scponly[3605]: Environment contains "USER=test"
      ! 2007-08-23 16:51:10.156 scponly[3605]: running: /bin/pwd (username:
      test(2000), IP/port: 192.168.0.54 4575 22)
      ! 2007-08-23 16:51:10.312 scponly[3606]: failed: /bin/pwd with error
      No such file or directory(2) (username: test(2000), IP/port:
      192.168.0.54 4575 22)
      ! 2007-08-23 16:51:10.312 *** glibc detected *** -scponlyc: free():
      invalid pointer: 0x00014738 ***
      . 2007-08-23 16:51:10.312 Server exited on signal "ABRT"
      ! 2007-08-23 16:51:10.312 *** glibc detected *** -scponlyc: free():
      invalid pointer: 0x00014738 ***
      . 2007-08-23 16:51:10.312 All channels closed. Disconnecting
      . 2007-08-23 16:51:10.312 Server closed network connection
      * 2007-08-23 16:51:10.343 (ESshFatal) Connection has been unexpectedly
      closed. Server sent command exit status 0.
      * 2007-08-23 16:51:10.343 Error getting name of current remote directory.

      Is there anyone how can point me in the right direction to find a
      solution for this.
      Thanks
      Mark
    • Marcel Nijenhof
      ... I have tested this package on unslung and developed the mkscproot script for unslung. ... Do you mean: http://www.nslu2-linux.org/wiki/Optware/Scponly
      Message 2 of 11 , Aug 23 10:22 AM
      • 0 Attachment
        On Thu, 2007-08-23 at 15:02 +0000, mark.vanderhaegen wrote:

        > I'm trying in installing the scponly packet on to the openslug 3.10
        > firmware.

        I have tested this package on unslung and developed the "mkscproot"
        script for unslung.

        >
        > root@Pistachio:/home/test_root/bin# /opt/bin/ipkg list_installed
        > scponly - 4.6-3 - A shell for users with scp/sftp only access
        >
        > Then I'm following the WIKI information on how to setup a Chroot
        > environment for SCP.

        Do you mean:
        http://www.nslu2-linux.org/wiki/Optware/Scponly

        And specific:
        The new scponly package 4.6-2 contains a script mkscproot which
        setup a complete chrooted account for scp/sftp. Just run:

        mkscproot -u user

        This is only tested on unslung and there is a change that it doesn't
        work on openslug.

        Could you be more specific about the setup (which ssh daemon, how did
        you create the chroot). In that case i will check if i can get it to
        work on openslug as well.

        --
        marceln
      • mark.vanderhaegen
        Hi Marcel, Thanks for the reply. I understand that the scponly packet was tested and also the mkscproot was based on unslung, and yes I was using
        Message 3 of 11 , Aug 23 2:30 PM
        • 0 Attachment
          Hi Marcel,

          Thanks for the reply.

          I understand that the scponly packet was tested and also the mkscproot
          was based on unslung, and yes I was using
          http://www.nslu2-linux.org/wiki/Optware/Scponly
          as base document for my setup and configuration

          I followed the following http://www.nslu2-linux.org/wiki/Optware/Slugosbe
          to have ipkg feed from unslung and openslung.

          I was sucessfull replacing dropbear by openssh before moving towards
          Scponly, I was using the following information pages for this
          http://www.nslu2-linux.org/wiki/HowTo/SwapFromDropbearToOpenSSH
          http://www.nslu2-linux.org/wiki/HowTo/UseOpenSSHForRemoteAccess

          I worked my way trough the mkscproot script and changed some of the
          directories from /opt/... towards /usr/... where needed. I can send
          you this information.

          I used the logging information from the winscp program (Version 4.0.2)
          and from the sshd deamon (openssh-ssh/sshd/sftp/scp - 4.0p1-r10)in
          /var/log/messages(LogLevel Debug) to verify the correctness of my
          setup. I was not switching to chroot scp configuring before I had this
          user correct working with Putty and openssh.

          Finally when I thought to have it working I was blocked with the
          following logging messages. See first email for full logging.

          Last messages from /var/log/messages complaining on pwd.
          -- Aug 23 14:50:37 (none) authpriv.err scponly[3606]: failed:
          /bin/pwd with error No such file or directory(2) (username:
          test(2000), IP/port: 192.168.0.54 4575 22)

          Messages from winSCP going with it.
          ! 2007-08-23 16:51:10.312 scponly[3606]: failed: /bin/pwd with error
          No such file or directory(2) (username: test(2000), IP/port:
          192.168.0.54 4575 22)
          ! 2007-08-23 16:51:10.312 *** glibc detected *** -scponlyc: free():
          invalid pointer: 0x00014738 ***
          . 2007-08-23 16:51:10.312 Server exited on signal "ABRT"
          ! 2007-08-23 16:51:10.312 *** glibc detected *** -scponlyc: free():
          invalid pointer: 0x00014738 ***

          I'm worried about the glibc invalid pointer messages. Could this come
          from the fact that this packet is coming from the OPT feed? As I did
          compiling of a packet I'm locking for some help.

          Hopefull this information is valuable and thanks for your time.
          Greetings
          Mark
        • Marcel Nijenhof
          ... In that case we should try to port the mkscproot script for openslug as well. ... Which openssh do you use. There are two openssh for openslug The openslug
          Message 4 of 11 , Aug 23 3:16 PM
          • 0 Attachment
            On Thu, 2007-08-23 at 21:30 +0000, mark.vanderhaegen wrote:

            > I understand that the scponly packet was tested and also the mkscproot
            > was based on unslung, and yes I was using
            > http://www.nslu2-linux.org/wiki/Optware/Scponly
            > as base document for my setup and configuration

            In that case we should try to port the mkscproot script for openslug as
            well.


            > I was sucessfull replacing dropbear by openssh before moving towards
            > Scponly, I was using the following information pages for this
            > http://www.nslu2-linux.org/wiki/HowTo/SwapFromDropbearToOpenSSH
            > http://www.nslu2-linux.org/wiki/HowTo/UseOpenSSHForRemoteAccess

            Which openssh do you use.

            There are two openssh for openslug
            The openslug native package "openssh-sshd - 4.0p1-r10"
            The optware package "openssh - 4.5p1-1"

            On the other hand we should ask our self which version should we
            support?

            >
            > I worked my way trough the mkscproot script and changed some of the
            > directories from /opt/... towards /usr/... where needed. I can send
            > you this information.
            >

            That can be helpful but in the end we need to change this in the script.

            The script should do all the magic needed!

            I hope to have some time this weekend to port the script to openslug
            as well!

            I am working on the wl-hdd as well but unfortunately i don't have enough
            time to get everything working.

            --
            marceln
          • Marcel Nijenhof
            ... I have changed the mkscproot script so that it will give a warning if the firmware or ssh type isn t supported. I made a test setup for the combination
            Message 5 of 11 , Aug 25 2:10 PM
            • 0 Attachment
              On Fri, 2007-08-24 at 00:16 +0200, Marcel Nijenhof wrote:

              > In that case we should try to port the mkscproot script for openslug
              > as well.

              I have changed the "mkscproot" script so that it will give a warning
              if the firmware or ssh type isn't supported.

              I made a test setup for the combination of openslug and dropbear which
              seems to work.

              At this moment i consider "unslung and openssh" as working and "openslug
              and dropbear" as testing. All other configurations are not tested at
              all.

              --
              marceln
            • C N
              Hi, I have a similar problem, and am using this 6-week old thread as a background. On my slugosbe, I am running openssh-sshd - 4.0p1-r10 (ipkg installed).
              Message 6 of 11 , Nov 4, 2007
              • 0 Attachment
                Hi,

                I have a similar problem, and am using this 6-week old thread as a
                background. On my slugosbe, I am running openssh-sshd - 4.0p1-r10
                (ipkg installed). Everything appears to work fine, login is ok. I
                have been using it for many months now. But everytime I do an ssh
                login I get 3 error lines in the messages log:

                Nov 4 14:53:32 sshd[19197]: Accepted publickey for xxx from
                192.168.p.q port 3080 ssh2
                Nov 4 14:53:32 sshd[19197]: subsystem request for sftp
                Nov 4 14:53:32 sshd[19201]: error: setlogin failed: Function not implemented
                Nov 4 14:53:32 sshd[19202]: error: setlogin failed: Function not implemented
                Nov 4 14:53:32 sshd[19203]: error: setlogin failed: Function not implemented

                It would be nice if I can do some fix to remove these errors from
                happening in the log, since my system runs with practically no other
                errors on a routine basis. Any suggestions?

                Cordially, Chacko

                On Aug 25, 2007 1:10 PM, Marcel Nijenhof <nslu2@...> wrote:
                > On Fri, 2007-08-24 at 00:16 +0200, Marcel Nijenhof wrote:
                >
                > > In that case we should try to port the mkscproot script for openslug
                > > as well.
                >
                > I have changed the "mkscproot" script so that it will give a warning
                > if the firmware or ssh type isn't supported.
                >
                > I made a test setup for the combination of openslug and dropbear which
                > seems to work.
                >
                > At this moment i consider "unslung and openssh" as working and "openslug
                > and dropbear" as testing. All other configurations are not tested at
                > all.
                >
                >
                > --
                > marceln
                >
                >
                >
                >
                > Yahoo! Groups Links
                >
                >
                >
                >
              • Marcel Nijenhof
                ... The script mkscproot has a list of files that it copies to the chrooted environment. But on openslug this list is based on dropbear ssh. So probably it
                Message 7 of 11 , Nov 5, 2007
                • 0 Attachment
                  On Sun, 2007-11-04 at 20:14 -0800, C N wrote:
                  >
                  > > At this moment i consider "unslung and openssh" as working and
                  > > "openslug and dropbear" as testing. All other configurations are
                  > > not tested at
                  >
                  > I have a similar problem, and am using this 6-week old thread as a
                  > background. On my slugosbe, I am running openssh-sshd - 4.0p1-r10
                  > (ipkg installed). Everything appears to work fine, login is ok. I
                  > have been using it for many months now. But everytime I do an ssh
                  > login I get 3 error lines in the messages log:
                  >
                  > Nov 4 14:53:32 sshd[19197]: Accepted publickey for xxx from
                  > 192.168.p.q port 3080 ssh2
                  > Nov 4 14:53:32 sshd[19197]: subsystem request for sftp
                  > Nov 4 14:53:32 sshd[19201]: error: setlogin failed: Function not implemented

                  The script "mkscproot" has a list of files that it copies to the
                  chrooted environment. But on openslug this list is based on dropbear
                  ssh.
                  So probably it doesn't copy all the files for openssh.

                  I will try to figure out how it works for openssh as well.

                  --
                  marceln
                • Chacko N
                  Marcel, If I understand right, you are implying that the current mkscproot in my system which got installed thru some ipkg needs updating for slugosb. I
                  Message 8 of 11 , Nov 5, 2007
                  • 0 Attachment
                    Marcel,

                    If I understand right, you are implying that the current mkscproot in my system which got installed thru some ipkg needs updating for slugosb.  I searched my whole system for the above script and did not find it there.  I have not done anything knowing to setup chroot for any ssh or related functions.

                    Cordially, Chacko


                    On 11/5/07, Marcel Nijenhof <nslu2@...> wrote:

                    On Sun, 2007-11-04 at 20:14 -0800, C N wrote:
                    >
                    > > At this moment i consider "unslung and openssh" as working and
                    > > "openslug and dropbear" as testing. All other configurations are
                    > > not tested at
                    >
                    > I have a similar problem, and am using this 6-week old thread as a
                    > background. On my slugosbe, I am running openssh-sshd - 4.0p1-r10
                    > (ipkg installed). Everything appears to work fine, login is ok. I
                    > have been using it for many months now. But everytime I do an ssh
                    > login I get 3 error lines in the messages log:
                    >
                    > Nov 4 14:53:32 sshd[19197]: Accepted publickey for xxx from
                    > 192.168.p.q port 3080 ssh2
                    > Nov 4 14:53:32 sshd[19197]: subsystem request for sftp
                    > Nov 4 14:53:32 sshd[19201]: error: setlogin failed: Function not implemented

                    The script "mkscproot" has a list of files that it copies to the
                    chrooted environment. But on openslug this list is based on dropbear
                    ssh.
                    So probably it doesn't copy all the files for openssh.

                    I will try to figure out how it works for openssh as well.

                    --
                    marceln


                  • Marcel Nijenhof
                    ... The optware scponly package contains that script. You where reacting on a old thread of scponly so i thought that your messages where about a scponly
                    Message 9 of 11 , Nov 5, 2007
                    • 0 Attachment
                      On Mon, 2007-11-05 at 07:29 -0800, Chacko N wrote:

                      >
                      > If I understand right, you are implying that the current mkscproot in
                      > my system which got installed thru some ipkg needs updating for
                      > slugosb. I searched my whole system for the above script and did not
                      > find it there. I have not done anything knowing to setup chroot for
                      > any ssh or related functions.

                      The optware scponly package contains that script. You where reacting
                      on a old thread of "scponly" so i thought that your messages where
                      about a scponly chrooted setup.

                      Otherwise your problem isn't related to this thread and my answer is
                      of course irrelevant.

                      --
                      marceln
                    • Chacko N
                      Thanks, Marcel. I assume others have seen this problem before on slugosbe and hopefully somebody will respond with a suggestion. Cordially, Chacko ... --
                      Message 10 of 11 , Nov 5, 2007
                      • 0 Attachment
                        Thanks, Marcel.

                        I assume others have seen this problem before on slugosbe and hopefully somebody will respond with a suggestion.

                        Cordially, Chacko

                        On 11/5/07, Marcel Nijenhof <nslu2@...> wrote:

                        On Mon, 2007-11-05 at 07:29 -0800, Chacko N wrote:

                        >
                        > If I understand right, you are implying that the current mkscproot in
                        > my system which got installed thru some ipkg needs updating for
                        > slugosb. I searched my whole system for the above script and did not
                        > find it there. I have not done anything knowing to setup chroot for
                        > any ssh or related functions.

                        The optware scponly package contains that script. You where reacting
                        on a old thread of "scponly" so i thought that your messages where
                        about a scponly chrooted setup.

                        Otherwise your problem isn't related to this thread and my answer is
                        of course irrelevant.

                        --
                        marceln




                        --

                        Cordially, Chacko
                      • Jacques
                        Chacko, You would probably want to install openssh-sftp, which is a separate package. ipkg install openssh-sftp should do the trick. -Jacques ... From: C N To:
                        Message 11 of 11 , Nov 6, 2007
                        • 0 Attachment
                          Chacko,
                           
                          You would probably want to install openssh-sftp, which is a separate
                          package. ipkg install openssh-sftp should do the trick.

                          -Jacques
                          ----- Original Message -----
                          From: C N
                          Sent: Monday, November 05, 2007 5:14 AM
                          Subject: Re: [nslu2-linux] Re: Scponly packet not working under Openslug 3.10

                          Hi,

                          I have a similar problem, and am using this 6-week old thread as a
                          background. On my slugosbe, I am running openssh-sshd - 4.0p1-r10
                          (ipkg installed). Everything appears to work fine, login is ok. I
                          have been using it for many months now. But everytime I do an ssh
                          login I get 3 error lines in the messages log:

                          Nov 4 14:53:32 sshd[19197]: Accepted publickey for xxx from
                          192.168.p.q port 3080 ssh2
                          Nov 4 14:53:32 sshd[19197]: subsystem request for sftp
                          Nov 4 14:53:32 sshd[19201]: error: setlogin failed: Function not implemented
                          Nov 4 14:53:32 sshd[19202]: error: setlogin failed: Function not implemented
                          Nov 4 14:53:32 sshd[19203]: error: setlogin failed: Function not implemented

                          It would be nice if I can do some fix to remove these errors from
                          happening in the log, since my system runs with practically no other
                          errors on a routine basis. Any suggestions?

                          Cordially, Chacko

                          On Aug 25, 2007 1:10 PM, Marcel Nijenhof <nslu2@...4all. nl> wrote:
                          > On Fri, 2007-08-24 at 00:16 +0200, Marcel Nijenhof wrote:
                          >
                          > > In that case we should try to port the mkscproot script for openslug
                          > > as well.
                          >
                          > I have changed the "mkscproot" script so that it will give a warning
                          > if the firmware or ssh type isn't supported.
                          >
                          > I made a test setup for the combination of openslug and dropbear which
                          > seems to work.
                          >
                          > At this moment i consider "unslung and openssh" as working and "openslug
                          > and dropbear" as testing. All other configurations are not tested at
                          > all.
                          >
                          >
                          > --
                          > marceln
                          >
                          >
                          >
                          >
                          > Yahoo! Groups Links
                          >
                          >
                          >
                          >

                        Your message has been successfully submitted and would be delivered to recipients shortly.