NSLU2-Linux
view · edit · print · history

Optware.Scponly History

Hide minor edits - Show changes to markup

March 19, 2008, at 04:21 PM by marceln -- Added update 4.6-6
Changed lines 30-31 from:

Please report to the nslu2-general@yahoogroups.com if

to:

Please report to the nslu2-general@yahoogroups.com mailing list if

March 19, 2008, at 04:20 PM by marceln -- Added update 4.6-6
Changed line 30 from:

Please report to the [nslu2-general@yahoogroups.com|nslu2-general@yahoogroups.com] if

to:

Please report to the nslu2-general@yahoogroups.com if

March 19, 2008, at 04:19 PM by marceln -- Added update 4.6-6
Changed lines 30-31 from:

Please report to the mailing list if "mkscproot -u user" doesn't work as expected. Because in that case there is a bug which should be solved. Running commands after the installation isn't a solution but a work around which shouldn't be necessary.

to:

Please report to the [nslu2-general@yahoogroups.com|nslu2-general@yahoogroups.com] if "mkscproot -u user" doesn't work as expected. Because in that case there is a bug which should be solved. Running commands after the installation isn't a solution but a work around which shouldn't be necessary.

Added lines 39-42:

Solved bugs

  • 4.6-6: Solved the problem with the build in path to sftp-server.
March 09, 2008, at 10:19 AM by slugzen --
Changed lines 55-61 from:
 - Confirmed the above - mkscproot did most of it but had to copy the sftp-server for the new user
to:
 - Confirmed the above - mkscproot did most of it but had to copy the sftp-server for the new user

 - must confirm the above too. but still doest'n work after the workaround:
                  -openssh - 4.7p1-2
                  -unslung 6.10
                  -scponly - 4.6-5
                  -created environement simply as discribed with mkscproot -u username
November 26, 2007, at 05:44 PM by benp -- confirmed need to copy and chmod after mkscproot
Changed lines 53-55 from:

NOTE: Could somebody confirm this problem! I am not able to reproduce this problem.

to:

NOTE: Could somebody confirm this problem! I am not able to reproduce this problem.

 - Confirmed the above - mkscproot did most of it but had to copy the sftp-server for the new user
August 23, 2007, at 05:56 PM by marceln -- Added comment about unslung 6.8 and bug reporting.
Added lines 26-27:

This script is developed and tested for unslung 6.8 with openssh.

Changed lines 30-32 from:

Please report to the mailing list if "mkscproot -u user" doesn't work as expected. Because in that case there is a bug which should be solved. Running commands after the installation isn't a solution but a work around which shouldn't be necessary.

to:

Please report to the mailing list if "mkscproot -u user" doesn't work as expected. Because in that case there is a bug which should be solved. Running commands after the installation isn't a solution but a work around which shouldn't be necessary.

Please report the following details:

  • Which firmware do you run (e.g. unslung 6.8)
  • Which version of ssh do you use (e.g. openssh 4.5p1-1)
  • Which version of scponly do you use (e.g. scponly 4.6-3)
  • How did you create the chroot environment (e.g. mkscproot -u scponly)
August 11, 2007, at 09:22 AM by marceln -- Added comment on bug
Added lines 45-46:

NOTE: Could somebody confirm this problem! I am not able to reproduce this problem.

August 11, 2007, at 08:23 AM by marceln -- Added remarks about bugs
Added lines 26-32:

Report bugs

Please report to the mailing list if "mkscproot -u user" doesn't work as expected. Because in that case there is a bug which should be solved. Running commands after the installation isn't a solution but a work around which shouldn't be necessary.

Possible bug?

August 09, 2007, at 10:50 PM by Harald Biehl -- mkscproot - example
Changed lines 26-29 from:

All necessary files will be copied by the mkscproot script, but you have to set the file permissions manually.

I.e. Create a chrooted environment for new user public:

to:

Nearly all necessary files will be copied by the mkscproot script, but you have to set the file permissions manually and also copy the sftp-server file to /usr/lib.

I.e.: Create a chrooted environment for new user public:

Added line 36:

cp -p ./usr/libexec/openssh/sftp-server ./usr/lib

August 09, 2007, at 10:40 PM by Harald Biehl -- mkscproot - set file permissions
Changed lines 28-30 from:

I.e. Create an chrooted envirnoment for user public:

[@#

to:

I.e. Create a chrooted environment for new user public:

[@

August 09, 2007, at 10:39 PM by Harald Biehl -- mkscproot - set file permissions
Changed lines 24-36 from:
  mkscproot -u user
to:
  mkscproot -u user

All necessary files will be copied by the mkscproot script, but you have to set the file permissions manually.

I.e. Create an chrooted envirnoment for user public:

#
mkscproot -u public
cd /home/public_root
chmod 755 ./bin/* ./lib/* ./usr/bin/scp ./usr/libexec/openssh/sftp-server
chmod 644 ./etc/* ./usr/lib/libcrypto.so.0.9.7 ./usr/lib/libz.so.1.2.3
chmod 755 ./bin ./etc
June 27, 2007, at 02:50 PM by fcarolo -- removed false wikilinks
Changed lines 10-11 from:

Upon login WinSCP? complains about not being able to read groups but works non the less. To fix this open up WinSCP?, at the login window, select "Advanced options". In the tree, select "Environment->SCP". Untick "Lookup user groups" and save your login profile.

to:

Upon login WinSCP complains about not being able to read groups but works non the less. To fix this open up WinSCP, at the login window, select "Advanced options". In the tree, select "Environment->SCP". Untick "Lookup user groups" and save your login profile.

June 23, 2007, at 09:12 PM by marceln -- Added comment about mkscproot
Changed line 24 from:

@ mkscproot -u user@

to:
  mkscproot -u user
June 23, 2007, at 09:10 PM by marceln -- Added comment about mkscproot
Changed line 24 from:

[ mkscproot -u user]

to:

@ mkscproot -u user@

June 23, 2007, at 09:09 PM by marceln -- Added comment about mkscproot
Changed line 24 from:
  1. mkscproot -u user
to:

[ mkscproot -u user]

June 23, 2007, at 09:08 PM by marceln -- Added comment about mkscproot
Changed lines 12-13 from:

Remember that friend has no shell access to your slug but can access all the files on it. So you still have to trust this person quite a bit. Setting up a chrooted scponly is a hassle even on a normal Linux box, so I did not try at this point.

to:

Remember that friend has no shell access to your slug but can access all the files on it. So you still have to trust this person quite a bit or use the chroot setup.

Changed lines 16-24 from:

Thanks for compiling and packaging scponly! Whoever did it.

to:

Thanks for compiling and packaging scponly! Whoever did it.

chroot setup

Setting up scponly for chroot setup requires you to setup a minimal set of files and directories in the user directory so that the programs can run chrooted. This requires you to create a directory structure as describt in Any experience with chroot jail for SFTP with unslung6?.

The new scponly package 4.6-2 contains a script mkscproot which setup a complete chrooted account for scp/sftp. Just run:

  1. mkscproot -u user
March 31, 2006, at 07:36 AM by Michael Edholm -- Insert Solution for \"Unable to read groups\"
Changed lines 10-11 from:

Upon login WinSCP? complains about not being able to read groups but works non the less. I remember that this is a known issue with WinSCP?. Have to look up the solution.

to:

Upon login WinSCP? complains about not being able to read groups but works non the less. To fix this open up WinSCP?, at the login window, select "Advanced options". In the tree, select "Environment->SCP". Untick "Lookup user groups" and save your login profile.

June 03, 2005, at 04:59 AM by jsilence -- Describing a minor bug with lonk dir or filenames
Added lines 14-15:

There is one issue when the file or directory name is too long and the filename and the group become one (not space separated any more) when using ls. If this is the case access to the file/dir is not possible via (Win)Scp. A workaround is to shorten the group eg. from 'everyone' to 'all'.

November 28, 2004, at 07:17 PM by jsilence --
Deleted lines 0-1:

scponly does not yet work properly. Connecting and directory browsing (with WinSCP?) works, but copying files fails.

Added lines 6-7:
  1. Add friend to group everyone in /etc/groups
  2. Symlink scp. ln -s /opt/bin/scp /usr/bin/scp
November 28, 2004, at 10:04 AM by jsilence --
Added lines 1-2:

scponly does not yet work properly. Connecting and directory browsing (with WinSCP?) works, but copying files fails.

November 28, 2004, at 09:28 AM by jsilence --
Changed line 5 from:
  1. Add a new account or modify an existing one with scponly as the shell. I duplicated one line in /etc/passwd and changed the password with passwd accountname afterwards. Remember to increment UDI and GID. Example: friend:3uEgVpZubtT3U:503:503::/share/flash/data:/opt/bin/scponly.
to:
  1. Add a new account or modify an existing one with scponly as the shell. I duplicated one line in /etc/passwd and changed the password with passwd accountname afterwards. Remember to increment UID and GID. Example: friend:3uEgVpZubtT3U:503:503::/share/flash/data:/opt/bin/scponly.
November 28, 2004, at 09:27 AM by jsilence --
Changed line 5 from:
  1. Add a new account or modify an existing one with scponly as the shell. I duplicated one line in /etc/passwd and changed the password with passwd accountname afterwards. Example: friend:3uEgVpZubtT3U:503:503::/share/flash/data:/opt/bin/scponly.
to:
  1. Add a new account or modify an existing one with scponly as the shell. I duplicated one line in /etc/passwd and changed the password with passwd accountname afterwards. Remember to increment UDI and GID. Example: friend:3uEgVpZubtT3U:503:503::/share/flash/data:/opt/bin/scponly.
November 28, 2004, at 09:26 AM by jsilence --
Changed lines 1-12 from:

Describe {{Scponly}} here.

to:

Installing scponly on the slug is quite straight forward. You need to establish scp access for scponly to make sense.

  1. Install Openssl and Openssh using ipkg. I did not test with dropbear. Maybe someone can confirm that dropbear works too.
  2. ipkg install scponly
  3. Add a new account or modify an existing one with scponly as the shell. I duplicated one line in /etc/passwd and changed the password with passwd accountname afterwards. Example: friend:3uEgVpZubtT3U:503:503::/share/flash/data:/opt/bin/scponly.
  4. Ready. You can now scp to your slug. http://winscp.sourceforge.net/eng/ WinSCP works.

Upon login WinSCP? complains about not being able to read groups but works non the less. I remember that this is a known issue with WinSCP?. Have to look up the solution.

Remember that friend has no shell access to your slug but can access all the files on it. So you still have to trust this person quite a bit. Setting up a chrooted scponly is a hassle even on a normal Linux box, so I did not try at this point.

Thanks for compiling and packaging scponly! Whoever did it.

view · edit · print · history · Last edited by marceln.
Based on work by marceln, slugzen, benp, Harald Biehl, fcarolo, Michael Edholm, and jsilence.
Originally by jsilence.
Page last modified on March 19, 2008, at 04:21 PM