[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Jailkit-users] scp -t --
|
From: |
Rick Hall |
|
Subject: |
[Jailkit-users] scp -t -- |
|
Date: |
Thu, 5 Dec 2013 10:38:58 -0500 |
Oliver --
I have set up a chroot jail that I would like to restrict to SCP and SFTP. The
SFTP configuration seems to be working just fine, but I'm having problems with
the SCP configuration. I haven't been able find reports of similar issues on
the web or the jailkit mailing list, so it is likely that I'm missing something
obvious. I've attached some details of my systems below.
Thanks in advance.
-- Rick Hall
Here are the symptoms:
1) I am able to use SFTP to connect to servers running jailkit and I'm able to
transfer files to the servers.
2) If I try to use SCP to transfer the same files to the same server for the
same account, the files are not transferred. I've tried using both Mac OS X and
Fedora Linux clients, with the following command:
scp test_2013-12-04.txt test@<ip-address>:
On the client side, the reported error is "lost connection".
On the server side, the /var/log/messages file reports either:
Dec 4 16:07:57 localhost jk_lsh[9463]: WARNING: user test (542) tried to run
'scp -t -- .', which is not allowed according to /etc/jailkit/jk_lsh.ini
OR
Dec 4 17:00:21 localhost jk_lsh[9745]: WARNING: user test (542) tried to run
'scp -t .', which is not allowed according to /etc/jailkit/jk_lsh.ini
The first variation is when the client SCP program is run on Mac OS X; the
second variation is when the client is run on Fedora Linux 19.
3) If I substitute the dash shell for jk_lsh shell as the login shell of the
test account, then SCP transfers from the clients to server work. (I think this
shows I've got the right libraries and applications configured in the jail.)
On the server, I've tried running A) Fedora Linux 8 and jailkit 2.5 and B)
Fedora 19 and jailkit 2.16. The symptoms are the same in either case.
A) Here is an except of my jk_lsh.ini configuration on a (Fedora 8/jailkit 2.5)
server:
[test]
paths= /usr/lib/
executables= /usr/bin/scp, /usr/libexec/openssh/sftp-server
allow_word_expansion = 1
umask = 002
B) Here is an excerpt of my jk_lsh.ini configuration on a (Fedora 19/jailkit
2.16) server (no SFTP, only SCP):
[test]
paths= /usr/lib/, /usr/lib64
executables= /usr/bin/scp
allow_word_expansion = 0
umask = 002
Let me know if you'd like additional information.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Jailkit-users] scp -t --,
Rick Hall <=