SFTP to /bin/false account?

Cole Tuininga colet at code-energy.com
Mon Mar 15 15:02:00 EST 2004 

On Mon, 2004-03-15 at 14:21, Derek Martin wrote:

> The good news is, you can still get what you want.  I wrote a dummy
> shell called rssh which does this for you.  It can even handle
> chrooting the user to a jail, if you can set up a chroot jail
> properly.  I include some documentation on how to set up a jail, but
> the specifics are, well, somewhat system-specific.  :)  If you're on a
> recent Red Hat system, the instructions should basically work for you.

Great - I'm checking this out.  I have two questions:

1) During compilation, I got a couple of errors that tell me:

Using 'getpwuid' in statically linked applications requires at runtime
the shared libraries from the glibc version used for linking

Should I be concerned?


2) I've tried setting it up as a shell for a test user.  However, it
seems to be not allowing me to sftp or scp?  

scp gives me:

==> auth.log <==
Mar 15 15:00:14 blehh sshd[27409]: Accepted password for bob from
192.168.1.67 port 38629 ssh2
Mar 15 15:00:14 blehh PAM_unix[27411]: (ssh) session opened for user bob
by (uid=1002)
Mar 15 15:00:15 blehh PAM_unix[27411]: (ssh) session closed for user bob
Mar 15 15:00:15 blehh sshd[27411]: PAM pam_putenv: delete non-existent
entry; MAIL
 
==> daemon.log <==
Mar 15 15:00:14 blehh rssh[27412]: setting log facility to LOG_USER
 
==> messages <==
Mar 15 15:00:14 blehh rssh[27412]: setting umask to 022
 
==> syslog <==
Mar 15 15:00:14 blehh rssh[27412]: setting log facility to LOG_USER
Mar 15 15:00:14 blehh rssh[27412]: setting umask to 022
Mar 15 15:00:14 blehh rssh[27412]: user bob attempted to execute
forbidden commands
Mar 15 15:00:14 blehh rssh[27412]: command: scp -t /

While sftp gives me:

==> auth.log <==
Mar 15 15:01:03 blehh sshd[27417]: Accepted password for bob from
192.168.1.67 port 38630 ssh2
Mar 15 15:01:03 blehh sshd[27419]: subsystem request for sftp
Mar 15 15:01:03 blehh PAM_unix[27419]: (ssh) session opened for user bob
by (uid=1002)
Mar 15 15:01:03 blehh PAM_unix[27419]: (ssh) session closed for user bob
 
==> daemon.log <==
Mar 15 15:01:03 blehh rssh[27420]: setting log facility to LOG_USER
 
==> messages <==
Mar 15 15:01:03 blehh rssh[27420]: setting umask to 022
 
==> syslog <==
Mar 15 15:01:03 blehh rssh[27420]: setting log facility to LOG_USER
Mar 15 15:01:03 blehh rssh[27420]: setting umask to 022
Mar 15 15:01:03 blehh rssh[27420]: user bob attempted to execute
forbidden commands
Mar 15 15:01:03 blehh rssh[27420]: command: /usr/lib/sftp-server
 
Any ideas?

-- 
"Ha ha - you may be right, but remember!  You are also 
flammable..."  -Donald, one of my psycho cousins

Cole Tuininga
Lead Developer
Code Energy, Inc
colet at code-energy.com
PGP Key ID: 0x43E5755D

More information about the gnhlug-discuss mailing list