Please report to the nslu2-general@yahoogroups.com mailing list if

Please report to the nslu2-general@yahoogroups.com if

Please report to the [nslu2-general@yahoogroups.com|nslu2-general@yahoogroups.com] if "mkscproot -u user" doesn't work as expected. Because in that case there is a bug which should be solved. Running commands after the installation isn't a solution but a work around which shouldn't be necessary.

Solved bugs

• 4.6-6: Solved the problem with the build in path to sftp-server.

 - Confirmed the above - mkscproot did most of it but had to copy the sftp-server for the new user

 - must confirm the above too. but still doest'n work after the workaround:
                  -openssh - 4.7p1-2
                  -unslung 6.10
                  -scponly - 4.6-5
                  -created environement simply as discribed with mkscproot -u username

NOTE: Could somebody confirm this problem! I am not able to reproduce this problem.

 - Confirmed the above - mkscproot did most of it but had to copy the sftp-server for the new user

This script is developed and tested for unslung 6.8 with openssh.

Please report to the mailing list if "mkscproot -u user" doesn't work as expected. Because in that case there is a bug which should be solved. Running commands after the installation isn't a solution but a work around which shouldn't be necessary.

Please report the following details:

• Which firmware do you run (e.g. unslung 6.8)
• Which version of ssh do you use (e.g. openssh 4.5p1-1)
• Which version of scponly do you use (e.g. scponly 4.6-3)
• How did you create the chroot environment (e.g. mkscproot -u scponly)

NOTE: Could somebody confirm this problem! I am not able to reproduce this problem.

Report bugs

Please report to the mailing list if "mkscproot -u user" doesn't work as expected. Because in that case there is a bug which should be solved. Running commands after the installation isn't a solution but a work around which shouldn't be necessary.

Possible bug?

Nearly all necessary files will be copied by the mkscproot script, but you have to set the file permissions manually and also copy the sftp-server file to /usr/lib.

I.e.: Create a chrooted environment for new user public:

cp -p ./usr/libexec/openssh/sftp-server ./usr/lib

I.e. Create a chrooted environment for new user public:

[@

  mkscproot -u user

All necessary files will be copied by the mkscproot script, but you have to set the file permissions manually.

I.e. Create an chrooted envirnoment for user public:

#
mkscproot -u public
cd /home/public_root
chmod 755 ./bin/* ./lib/* ./usr/bin/scp ./usr/libexec/openssh/sftp-server
chmod 644 ./etc/* ./usr/lib/libcrypto.so.0.9.7 ./usr/lib/libz.so.1.2.3
chmod 755 ./bin ./etc

Upon login WinSCP complains about not being able to read groups but works non the less. To fix this open up WinSCP, at the login window, select "Advanced options". In the tree, select "Environment->SCP". Untick "Lookup user groups" and save your login profile.

  mkscproot -u user

@ mkscproot -u user@

[ mkscproot -u user]

Remember that friend has no shell access to your slug but can access all the files on it. So you still have to trust this person quite a bit or use the chroot setup.

Thanks for compiling and packaging scponly! Whoever did it.

chroot setup

Setting up scponly for chroot setup requires you to setup a minimal set of files and directories in the user directory so that the programs can run chrooted. This requires you to create a directory structure as describt in Any experience with chroot jail for SFTP with unslung6?.

The new scponly package 4.6-2 contains a script mkscproot which setup a complete chrooted account for scp/sftp. Just run:

1. mkscproot -u user

Upon login WinSCP? complains about not being able to read groups but works non the less. To fix this open up WinSCP?, at the login window, select "Advanced options". In the tree, select "Environment->SCP". Untick "Lookup user groups" and save your login profile.

There is one issue when the file or directory name is too long and the filename and the group become one (not space separated any more) when using ls. If this is the case access to the file/dir is not possible via (Win)Scp. A workaround is to shorten the group eg. from 'everyone' to 'all'.

1. Add friend to group everyone in /etc/groups
2. Symlink scp. ln -s /opt/bin/scp /usr/bin/scp

scponly does not yet work properly. Connecting and directory browsing (with WinSCP?) works, but copying files fails.

1. Add a new account or modify an existing one with scponly as the shell. I duplicated one line in /etc/passwd and changed the password with passwd accountname afterwards. Remember to increment UID and GID. Example: friend:3uEgVpZubtT3U:503:503::/share/flash/data:/opt/bin/scponly.

1. Add a new account or modify an existing one with scponly as the shell. I duplicated one line in /etc/passwd and changed the password with passwd accountname afterwards. Remember to increment UDI and GID. Example: friend:3uEgVpZubtT3U:503:503::/share/flash/data:/opt/bin/scponly.

Installing scponly on the slug is quite straight forward. You need to establish scp access for scponly to make sense.

1. Install Openssl and Openssh using ipkg. I did not test with dropbear. Maybe someone can confirm that dropbear works too.
2. ipkg install scponly
3. Add a new account or modify an existing one with scponly as the shell. I duplicated one line in /etc/passwd and changed the password with passwd accountname afterwards. Example: friend:3uEgVpZubtT3U:503:503::/share/flash/data:/opt/bin/scponly.
4. Ready. You can now scp to your slug. http://winscp.sourceforge.net/eng/ WinSCP works.

Upon login WinSCP? complains about not being able to read groups but works non the less. I remember that this is a known issue with WinSCP?. Have to look up the solution.

Remember that friend has no shell access to your slug but can access all the files on it. So you still have to trust this person quite a bit. Setting up a chrooted scponly is a hassle even on a normal Linux box, so I did not try at this point.

Thanks for compiling and packaging scponly! Whoever did it.