Public bug reported:
Binary package hint: scponly-full
The package scponly-full that allows chrooted scponly access appears to
be broken on Lucid server.
Versions
$ lsb_release -rd
Description: Ubuntu 10.04.1 LTS
Release: 10.04
$ apt-cache policy scponly-full
scponly-full:
Installed: 4.8-4
Candidate: 4.8-4
Version table:
*** 4.8-4 0
500 http://archive.ubuntu.com/ubuntu/ lucid/universe Packages
100 /var/lib/dpkg/status
Steps To Reproduce
1) Download ubuntu-10.04-server-amd64.iso
2) Install vanilla installation using VM Workstation hands off
installation / manual process
3) Log in and update to latest patches (sudo aptitude update ; sudo
aptitude upgrade)
4) Install scponly-full package (sudo aptitude install scponly-full)
5) Set package up:
cd /usr/share/doc/scponly-full/setup_chroot
sudo gunzip setup_chroot.sh.gz
sudo chmod +x setup_chroot.sh
6) Create chrooted scp user:
sudo ./setup_chroot.sh
and select default options (username = "scponly", path="/home/scponly",
incoming directory="incoming" ie just hit return each time)
set a password
7) Attempt to scp a file into the newly created chrooted scponly user's
incoming directory:
scp testfile scpo...@vmaddress:/incoming
receive this error:
$ scp testfile scpo...@192.168.0.238:/incoming
scpo...@192.168.0.238's password:
unknown user 1001
lost connection
The above steps work as expected on Karmic with the latest patches if
you build from the lucid source package:
sudo vi /etc/apt/sources
# Lucid sources for scponly-full
deb-src http://archive.ubuntu.com/ubuntu lucid main restricted universe
multiverse
sudo aptitude update
sudo apt-get build-dep scponly-full
sudo apt-get -b source -t lucid scponly-full
sudo aptitude purge scponly
sudo rm -rf /usr/share/doc/scponly
sudo dpkg -i scponly-full_4.8-4_amd64.deb
sudo dpkg-reconfigure -plow scponly-full
cd /usr/share/doc/scponly-full/setup_chroot
sudo gunzip setup_chroot.sh.gz
sudo chmod +x setup_chroot.sh
sudo ./setup_chroot.sh
Supporting Detail
Repeating step 7 whilst tailing /var/log/auth.log:
Oct 29 06:56:10 ubuntu sshd[23082]: Accepted password for scponly from
192.168.0.144 port 38968 ssh2
Oct 29 06:56:10 ubuntu sshd[23082]: pam_unix(sshd:session): session opened for
user scponly by (uid=0)
Oct 29 06:56:10 ubuntu scponly[23098]: running: /usr/bin/scp -t /incomin
(username: scponly(1001), IP/port: 192.168.0.144 38968 22)
Oct 29 06:56:10 ubuntu sshd[23097]: Received disconnect from 192.168.0.144: 11:
disconnected by user
Oct 29 06:56:10 ubuntu sshd[23082]: pam_unix(sshd:session): session closed for
user scponly
No errors logged.
8) Tried increasing debug level from 0 to 2 on the server for scponly:
sudo vi /etc/scponly/debuglevel
sudo /etc/init.d/ssh restart
Extra server log ouput:
sudo tail -f /var/log/auth.log
Oct 29 07:06:16 ubuntu sshd[1392]: Accepted password for scponly from
192.168.0.144 port 53769 ssh2
Oct 29 07:06:16 ubuntu sshd[1392]: pam_unix(sshd:session): session opened for
user scponly by (uid=0)
Oct 29 07:06:16 ubuntu scponly[1408]: chrooted binary in place, will chroot()
Oct 29 07:06:16 ubuntu scponly[1408]: 3 arguments in total.
Oct 29 07:06:16 ubuntu scponly[1408]: #011arg 0 is scponlyc
Oct 29 07:06:16 ubuntu scponly[1408]: #011arg 1 is -c
Oct 29 07:06:16 ubuntu scponly[1408]: #011arg 2 is scp -t /incoming
Oct 29 07:06:16 ubuntu scponly[1408]: opened log at LOG_AUTHPRIV, opts
0x00000029
Oct 29 07:06:16 ubuntu scponly[1408]: determined USER is "scponly" from
environment
Oct 29 07:06:16 ubuntu scponly[1408]: retrieved home directory of
"/home/scponly" for user "scponly"
Oct 29 07:06:16 ubuntu scponly[1408]: chrooting to dir: "/home/scponly"
Oct 29 07:06:16 ubuntu scponly[1408]: chdiring to dir: "/"
Oct 29 07:06:16 ubuntu scponly[1408]: setting uid to 1001
Oct 29 07:06:16 ubuntu scponly[1408]: processing request: "scp -t /incoming"
Oct 29 07:06:16 ubuntu scponly[1408]: Using getopt processing for cmd
/usr/bin/scp#012 (username: scponly(1001), IP/port: 192.168.0.144 53769 22)
Oct 29 07:06:16 ubuntu scponly[1408]: getopt processing returned 't' (username:
scponly(1001), IP/port: 192.168.0.144 53769 22)
Oct 29 07:06:16 ubuntu scponly[1408]: Found "HOME" and setting it to
"/home/scponly"
Oct 29 07:06:16 ubuntu scponly[1408]: Environment contains "HOME=/home/scponly"
Oct 29 07:06:16 ubuntu scponly[1408]: Looking for 'HOME=' in
'HOME=/home/scponly'
Oct 29 07:06:16 ubuntu scponly[1408]: 'HOME' env entry now reads
'HOME=/home/scponly'
Oct 29 07:06:16 ubuntu scponly[1408]: set non-chrooted HOME environment
variable to /home/scponly (username: scponly(1001), IP/port: 192.168.0.144
53769 22)
Oct 29 07:06:16 ubuntu scponly[1408]: running: /usr/bin/scp -t /incoming
(username: scponly(1001), IP/port: 192.168.0.144 53769 22)
Oct 29 07:06:16 ubuntu scponly[1408]: about to exec "/usr/bin/scp" (username:
scponly(1001), IP/port: 192.168.0.144 53769 22)
Oct 29 07:06:16 ubuntu sshd[1407]: Received disconnect from 192.168.0.144: 11:
disconnected by user
Oct 29 07:06:16 ubuntu sshd[1392]: pam_unix(sshd:session): session closed for
user scponly
and client:
da...@monolith:~$ scp testfile scpo...@192.168.0.238:/incoming
scpo...@192.168.0.238's password:
scponly[1408]: chrooted binary in place, will chroot()
scponly[1408]: 3 arguments in total.
scponly[1408]: arg 0 is scponlyc
scponly[1408]: arg 1 is -c
scponly[1408]: arg 2 is scp -t /incoming
scponly[1408]: opened log at LOG_AUTHPRIV, opts 0x00000029
scponly[1408]: determined USER is "scponly" from environment
scponly[1408]: retrieved home directory of "/home/scponly" for user "scponly"
scponly[1408]: chrooting to dir: "/home/scponly"
scponly[1408]: chdiring to dir: "/"
scponly[1408]: setting uid to 1001
scponly[1408]: processing request: "scp -t /incoming"
scponly[1408]: Using getopt processing for cmd /usr/bin/scp
(username: scponly(1001), IP/port: 192.168.0.144 53769 22)
scponly[1408]: getopt processing returned 't' (username: scponly(1001),
IP/port: 192.168.0.144 53769 22)
scponly[1408]: Found "HOME" and setting it to "/home/scponly"
scponly[1408]: Environment contains "HOME=/home/scponly"
scponly[1408]: Looking for 'HOME=' in 'HOME=/home/scponly'
scponly[1408]: 'HOME' env entry now reads 'HOME=/home/scponly'
scponly[1408]: set non-chrooted HOME environment variable to /home/scponly
(username: scponly(1001), IP/port: 192.168.0.144 53769 22)
scponly[1408]: running: /usr/bin/scp -t /incoming (username: scponly(1001),
IP/port: 192.168.0.144 53769 22)
scponly[1408]: about to exec "/usr/bin/scp" (username: scponly(1001), IP/port:
192.168.0.144 53769 22)
unknown user 1001
lost connection
So apparently no obviously useful extra information there.
The only potentially relevant existing information I could find on the net ->
http://muzso.hu/2007/11/23/how-to-create-an-sftp-chroot-jail-easily-on-debian-with-scponly,
but the chrooted scponly user already has a world readable password file with
the correct details in
it:
/home/scponly/etc$ ls -l
total 8
-rw-r--r-- 1 root root 639 2010-10-29 06:31 group
-rw-r--r-- 1 root root 54 2010-10-29 06:31 passwd
/home/scponly/etc$ more passwd
scponly:x:1001:1001::/home/scponly:/usr/sbin/scponlyc
And the user also exists in the Ubuntu host's master password file:
$ grep 1001 /etc/passwd
scponly:x:1001:1001::/home/scponly:/usr/sbin/scponlyc
$ grep 1001 /etc/group
scponly:x:1001:
and http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=353976 (closed with
no real resolution)
Unless I'm doing something wrong, this seems to be a clearly
reproducible bug that renders the scponly-full package unusable in the
vanilla configuration on Lucid.
** Affects: scponly (Ubuntu)
Importance: Undecided
Status: New
--
Scponly-full broken on default Lucid install?
https://bugs.launchpad.net/bugs/668366
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
