One thing I notice is that in rssh -v I see:
sftp server binary = /usr/bin
but for makechroot.sh I see
Copying libraries for /usr/lib/ssh/sftp-server.
Since rssh has /usr/bin/sftp-server approved, if you then try to use
/usr/lib/ssh/sftp-server, rssh will freak out thinking you are trying to
hack the system and shut down. I would check to see if you have a duplicate
copy in either place and delete one or the other if you do and then
re-compile. strace may be of help identify which is the one that is used. I
had this happen to me once a blue moon ago. Let us know how it goes.
On 6/5/07, Kevin McNamee <[EMAIL PROTECTED]> wrote:
Hi Derek,
I have tried to answer your questions as completely as possible. Please
see my answers below.
Best regards,
Kevin
Derek Martin wrote:
First off, for those replying privately: please don't do that. Don't
be shy... your responses can be helpful to others, even if they don't
actually help solve the problem at hand. And if we can all see what
you wrote, it will potentially save a) me from a lot of typing and b)
others from wasting their time making the same suggestions. Please
keep discussions on the list, unless they're just totally off topic.
Just now, I had to click "Reply all" to get the mailing list into the
recipient list. Is the mailing list
configured to "Reply to list" as the default reply option?
On Sat, Jun 02, 2007 at 01:19:37AM +0200, Kevin McNamee wrote:
Ah, it is Solaris 10 on client T2000 and server T2000. RSSH was
downloaded yesterday from http://www.pizzashack.org/rssh/downloads.shtml
and compiled on T2000.
OK, so... What version are you running? Run rssh -v and post the
output please.
> rssh -v
rssh 2.3.2
Copyright 2002-5 Derek D. Martin <rssh-discuss at lists dot sourceforge
dot net>
rssh config file = /usr/local/etc/rssh.conf
chroot helper path = /usr/local/libexec/rssh_chroot_helper
scp binary path = /usr/bin
sftp server binary = /usr/bin
cvs binary path = /opt/sfw/bin/cvs
rdist binary path = /usr/bin/rdist
rsync binary path = /opt/sfw/bin/rsync
I have run the mkchroot script on the server that was adapted for
Solaris which I got from here:
That's somewhat useful to know. If your config is actually trying to
use it, it's at least somewhat likely that your chroot jail is not
properly configured. I have no knowledge of your script. From the
rest of your post, it's unclear if you're actually using this or
not...
> /mnt/Files/root/bin/mkchroot /usr/nobill_data/
NOT changing owner of root jail.
NOT changing perms of root jail.
setting up /usr/nobill_data//usr/bin
setting up /usr/nobill_data//usr/lib/ssh
setting up /usr/nobill_data//usr/local/libexec
setting up /usr/nobill_data//usr/local/bin
setting up /usr/nobill_data//bin
Copying libraries for /usr/bin/scp.
/lib/libsocket.so.1
/lib/libc.so.1
/lib/libnsl.so.1
/lib/libmp.so.2
/lib/libmd5.so.1
/lib/libscf.so.1
/lib/libdoor.so.1
/lib/libuutil.so.1
/lib/libm.so.2
/platform/SUNW,Sun-Fire-T200/lib/libc_psr.so.1
Copying libraries for /usr/lib/ssh/sftp-server.
/usr/sfw/lib/libcrypto.so.0.9.7
/lib/libc.so.1
/lib/libsocket.so.1
/lib/libnsl.so.1
/lib/libmp.so.2
/lib/libmd5.so.1
/lib/libscf.so.1
/lib/libdoor.so.1
/lib/libuutil.so.1
/lib/libm.so.2
/platform/SUNW,Sun-Fire-T200/lib/libc_psr.so.1
Copying libraries for /usr/local/bin/rssh.
/lib/libc.so.1
/lib/libm.so.2
/platform/SUNW,Sun-Fire-T200/lib/libc_psr.so.1
Copying libraries for /usr/local/libexec/rssh_chroot_helper.
/lib/libc.so.1
/lib/libm.so.2
/platform/SUNW,Sun-Fire-T200/lib/libc_psr.so.1
Copying libraries for /bin/ksh.
/lib/libsocket.so.1
/lib/libsecdb.so.1
/lib/libc.so.1
/lib/libnsl.so.1
/lib/libcmd.so.1
/lib/libmp.so.2
/lib/libmd5.so.1
/lib/libscf.so.1
/lib/libdoor.so.1
/lib/libuutil.so.1
/lib/libm.so.2
/platform/SUNW,Sun-Fire-T200/lib/libc_psr.so.1
copying name service resolution libraries...
tar: blocksize = 3
x ./usr/lib/nss_files.so.1 symbolic link to ../../lib/nss_files.so.1
Setting up /etc in the chroot jail
Chroot jail configuration completed.
Please outline the directory structure you used for your jail. Don't
list all the files, just give the directory tree structure. If you
have a reasonable Linux installation, you can probably do this easily
with this command:
$ tree -d <jail directory>
where <jail directory> is the directory you decided to use as the root
of your jail.
> find /usr/nobill_data/ -type d
/usr/nobill_data/
/usr/nobill_data/lost+found
/usr/nobill_data/usr
/usr/nobill_data/usr/bin
/usr/nobill_data/usr/lib
/usr/nobill_data/usr/lib/ssh
/usr/nobill_data/usr/local
/usr/nobill_data/usr/local/libexec
/usr/nobill_data/usr/local/bin
/usr/nobill_data/usr/sfw
/usr/nobill_data/usr/sfw/lib
/usr/nobill_data/bin
/usr/nobill_data/lib
/usr/nobill_data/platform
/usr/nobill_data/platform/SUNW,Sun-Fire-T200
/usr/nobill_data/platform/SUNW,Sun-Fire-T200/lib
/usr/nobill_data/etc
/usr/nobill_data/kevin
I have installed OpenSSH on the server, started the daemon and simply
uncommented "allowscp" in rssh.conf.
Please post your configuration.
> cat /usr/local/etc/rssh.conf
# This is the default rssh config file
# set the log facility. "LOG_USER" and "user" are equivalent.
logfacility = LOG_USER
# Leave these all commented out to make the default action for rssh to
lock
# users out completely...
allowscp
allowsftp
#allowcvs
#allowrdist
#allowrsync
# set the default umask
umask = 022
(Everything else is commented out)
If this is truly the only thing you did, then you're not using the
chroot jail you set up. If it isn't, the specifics are important.
The contents also depend on which version you installed, which you did
not answer.
When troubleshooting problems, you should never make assumptions, as
they may turn out to be wrong. You must only work off of exact
information determined by direct observation. So, for example, I
should not assume that, just because you downloaded the software from
the URL that you posted, you actually got the most recent version.
You may have somehow got an outdated cached copy, or followed links to
older versions, etc. If you don't say what version you're running,
you could be running something like this:
$ rssh -v
rssh 2.1.0 (c) 2002-3 Derek D. Martin <code at pizzashack dot org>
And I would have no way to know that. But that version has bugs, and
knowing it would be critical.
That's why I told you a lot more info was needed. I was slow to
respond partly because I was busy, and partly because you didn't
actually answer some of the questions I posted last time, and the
answers you did provide were a bit vague and mostly not helpful to
figure out the problem. Help those trying to help you! :)
I set rssh as the shell for "kevin" and then I ran the scp command
from the client which produced aforementioned output.
Please include the line from /etc/passwd for your user.
kevin:x:206:206:SFTP user:/usr/nobill_data:/usr/local/bin/rssh
The -f option in the scp command seems odd to me, but should not pose
a problem. More likely rssh is being told to run scp in a location
that is not the same as what it found when you ran ./configure before
you built rssh.
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
rssh-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/rssh-discuss
--
I thought about building you a boat to survive the river of tears I'm crying
for you, but the world's smallest violins just aren't a reliable source of
lumber, and that cross you're nailing yourself to seems buoyant enough
anyways - Dr Gregory House, M.D.
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
rssh-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/rssh-discuss
