Installing scponly on the slug is quite straight forward. You need to establish scp access for scponly to make sense.
Upon login WinSCP complains about not being able to read groups but works non the less. To fix this open up WinSCP, at the login window, select "Advanced options". In the tree, select "Environment->SCP". Untick "Lookup user groups" and save your login profile.
There is one issue when the file or directory name is too long and the filename and the group become one (not space separated any more) when using ls. If this is the case access to the file/dir is not possible via (Win)Scp. A workaround is to shorten the group eg. from 'everyone' to 'all'.
Thanks for compiling and packaging scponly! Whoever did it.
Setting up scponly for chroot setup requires you to setup a minimal set of files and directories in the user directory so that the programs can run chrooted. This requires you to create a directory structure as describt in Any experience with chroot jail for SFTP with unslung6?.
The new scponly package 4.6-2 contains a script mkscproot which setup a complete chrooted account for scp/sftp. Just run:
mkscproot -u user
This script is developed and tested for unslung 6.8 with openssh.
Please report to the email@example.com mailing list if "mkscproot -u user" doesn't work as expected. Because in that case there is a bug which should be solved. Running commands after the installation isn't a solution but a work around which shouldn't be necessary.
Please report the following details:
Nearly all necessary files will be copied by the mkscproot script, but you have to set the file permissions manually and also copy the
I.e.: Create a chrooted environment for new user public:
mkscproot -u public cd /home/public_root chmod 755 ./bin/* ./lib/* ./usr/bin/scp ./usr/libexec/openssh/sftp-server chmod 644 ./etc/* ./usr/lib/libcrypto.so.0.9.7 ./usr/lib/libz.so.1.2.3 chmod 755 ./bin ./etc cp -p ./usr/libexec/openssh/sftp-server ./usr/lib
NOTE: Could somebody confirm this problem! I am not able to reproduce this problem.
- Confirmed the above - mkscproot did most of it but had to copy the sftp-server for the new user - must confirm the above too. but still doest'n work after the workaround: -openssh - 4.7p1-2 -unslung 6.10 -scponly - 4.6-5 -created environement simply as discribed with mkscproot -u username