view · edit · print · history

Installing scponly on the slug is quite straight forward. You need to establish scp access for scponly to make sense.

  1. Install Openssl and Openssh using ipkg. I did not test with dropbear. Maybe someone can confirm that dropbear works too.
  2. ipkg install scponly
  3. Add a new account or modify an existing one with scponly as the shell. I duplicated one line in /etc/passwd and changed the password with passwd accountname afterwards. Remember to increment UID and GID. Example: friend:3uEgVpZubtT3U:503:503::/share/flash/data:/opt/bin/scponly.
  4. Add friend to group everyone in /etc/groups
  5. Symlink scp. ln -s /opt/bin/scp /usr/bin/scp
  6. Ready. You can now scp to your slug. WinSCP works.

Upon login WinSCP complains about not being able to read groups but works non the less. To fix this open up WinSCP, at the login window, select "Advanced options". In the tree, select "Environment->SCP". Untick "Lookup user groups" and save your login profile.

Remember that friend has no shell access to your slug but can access all the files on it. So you still have to trust this person quite a bit or use the chroot setup.

There is one issue when the file or directory name is too long and the filename and the group become one (not space separated any more) when using ls. If this is the case access to the file/dir is not possible via (Win)Scp. A workaround is to shorten the group eg. from 'everyone' to 'all'.

Thanks for compiling and packaging scponly! Whoever did it.

chroot setup

Setting up scponly for chroot setup requires you to setup a minimal set of files and directories in the user directory so that the programs can run chrooted. This requires you to create a directory structure as describt in Any experience with chroot jail for SFTP with unslung6?.

The new scponly package 4.6-2 contains a script mkscproot which setup a complete chrooted account for scp/sftp. Just run:

  mkscproot -u user

This script is developed and tested for unslung 6.8 with openssh.

Report bugs

Please report to the nslu2-general@yahoogroups.com mailing list if "mkscproot -u user" doesn't work as expected. Because in that case there is a bug which should be solved. Running commands after the installation isn't a solution but a work around which shouldn't be necessary.

Please report the following details:

  • Which firmware do you run (e.g. unslung 6.8)
  • Which version of ssh do you use (e.g. openssh 4.5p1-1)
  • Which version of scponly do you use (e.g. scponly 4.6-3)
  • How did you create the chroot environment (e.g. mkscproot -u scponly)

Solved bugs

  • 4.6-6: Solved the problem with the build in path to sftp-server.

Possible bug?

Nearly all necessary files will be copied by the mkscproot script, but you have to set the file permissions manually and also copy the sftp-server file to /usr/lib.

I.e.: Create a chrooted environment for new user public:

mkscproot -u public
cd /home/public_root
chmod 755 ./bin/* ./lib/* ./usr/bin/scp ./usr/libexec/openssh/sftp-server
chmod 644 ./etc/* ./usr/lib/libcrypto.so.0.9.7 ./usr/lib/libz.so.1.2.3
chmod 755 ./bin ./etc
cp -p ./usr/libexec/openssh/sftp-server ./usr/lib

NOTE: Could somebody confirm this problem! I am not able to reproduce this problem.

 - Confirmed the above - mkscproot did most of it but had to copy the sftp-server for the new user

 - must confirm the above too. but still doest'n work after the workaround:
                  -openssh - 4.7p1-2
                  -unslung 6.10
                  -scponly - 4.6-5
                  -created environement simply as discribed with mkscproot -u username
view · edit · print · history · Last edited by marceln.
Based on work by marceln, slugzen, benp, Harald Biehl, fcarolo, Michael Edholm, and jsilence.
Originally by jsilence.
Page last modified on March 19, 2008, at 04:21 PM