Thread: Re: problems with rssh
Brought to you by:
xystrus
Menu
▾
▴
rssh-discuss
|
From: Derek M. <co...@pi...> - 2003-07-22 16:38:52
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, Jul 22, 2003 at 08:57:31AM -0700, Mr. Mailing List wrote: > I'm trying to use winscp, which basically does > everything through scp. I also use sshfs from lufs. WinSCP does not work with rssh and scp. This is in the FAQ, which I recommend you read. Newer versions of WinSCP do support sftp, which should work, or so I am told... I have made no effort to verify that. To work with scp, WinSCP needs to be able to run a number of other commands, e.g. ls. However, rssh will not allow ls to be run, so WinSCP will not be able to get a list of files. Unless you use a recent version, which will require sftp. I don't know the details of making that work, nor do I care to... Check the documentation for WinSCP. > What I am wanting to do is to restrict user share to > /share, and possibly /share/html which symlinks to > /var/www/html(of which he is part of the group to > access both). You can not do this; it is impossible. The only way to "restrict" a user is to chroot that user's processes into some directory. When you chroot, the root of the file system becomes the directory you specify, for the chrooted process and all of its children. So if you chroot them to /share, then /share becomes /, and since /var/www/html is not under /share, it will be inaccessable, as if it did not exist at all. There is no way, via symlink or otherwise, to make it accessible, other than to actually move it somewhere under /share. Please read the documentation, specifically the file CHROOT in the source distribution (or /usr/share/doc/rssh-2.1.1/CHROOT if you installed from RPM), and also the manpage for chroot(2). > I did usermod and changed his shell to rssh, and I had > this in the config file? > # if you DO NOT want to chroot users, LEAVE THIS > COMMENTED OUT. > # Quotes not required unless path contains a space... > chrootpath="/share dir" You are chrooting all users to the directory "/share dir", which based on your description, does not exist. You want to change it to "/share", and make sure you've set up a proper chroot jail under that directory. However, based on what you've said, I don't think that's really what you want, and I don't think it's possible for you to get what you want. That is, unless you can be satisfied with limiting them to /share (and everything under it, of course) only. - -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0x81CFE75D -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE/HWh6djdlQoHP510RAtkhAKC262xbMTKp/kpdhYnw2iBfK+QiSACfXKd2 p3ofq/lFeqqx2oFjLZYurZU= =SfA5 -----END PGP SIGNATURE----- |
|
From: Mr. M. L. <mai...@ya...> - 2003-07-24 18:11:02
|
I have it to where it uses rssh as shell, and when i try to locally su user, it says you can only scp with this account. so with winscp, i tried both scp and sftp, but it still does not work. with scp protocol, it says... Connection has been unexpectedly closed. Server sent command exit status 0. with sftp protocol, it says... Connection has been unexpectedly closed. Server sent command exit status 0. and that it couldn't initialize sftp protocol. --- Derek Martin <co...@pi...> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Tue, Jul 22, 2003 at 08:57:31AM -0700, Mr. > Mailing List wrote: > > I'm trying to use winscp, which basically does > > everything through scp. I also use sshfs from > lufs. > > WinSCP does not work with rssh and scp. This is in > the FAQ, which I > recommend you read. Newer versions of WinSCP do > support sftp, which > should work, or so I am told... I have made no > effort to verify that. > To work with scp, WinSCP needs to be able to run a > number of other > commands, e.g. ls. However, rssh will not allow ls > to be run, so > WinSCP will not be able to get a list of files. > Unless you use a > recent version, which will require sftp. I don't > know the details of > making that work, nor do I care to... Check the > documentation for > WinSCP. > > > What I am wanting to do is to restrict user share > to > > /share, and possibly /share/html which symlinks to > > /var/www/html(of which he is part of the group to > > access both). > > You can not do this; it is impossible. The only way > to "restrict" a > user is to chroot that user's processes into some > directory. When you > chroot, the root of the file system becomes the > directory you specify, > for the chrooted process and all of its children. > So if you chroot > them to /share, then /share becomes /, and since > /var/www/html is not > under /share, it will be inaccessable, as if it did > not exist at all. > There is no way, via symlink or otherwise, to make > it accessible, > other than to actually move it somewhere under > /share. > > Please read the documentation, specifically the file > CHROOT in the > source distribution (or > /usr/share/doc/rssh-2.1.1/CHROOT if you > installed from RPM), and also the manpage for > chroot(2). > > > I did usermod and changed his shell to rssh, and I > had > > this in the config file? > > > # if you DO NOT want to chroot users, LEAVE THIS > > COMMENTED OUT. > > # Quotes not required unless path contains a > space... > > chrootpath="/share dir" > > You are chrooting all users to the directory "/share > dir", which based > on your description, does not exist. You want to > change it to > "/share", and make sure you've set up a proper > chroot jail under that > directory. > > However, based on what you've said, I don't think > that's really what > you want, and I don't think it's possible for you to > get what you > want. That is, unless you can be satisfied with > limiting them to > /share (and everything under it, of course) only. > > - -- > Derek D. Martin > http://www.pizzashack.org/ > GPG Key ID: 0xDFBEAD02 > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.1 (GNU/Linux) > > iD8DBQE/HWcadjdlQoHP510RAtEeAKCR/3lscyGvT5lNGTgBIsi31ukEeACdFGNV > +s4J+V/YtWUOQyCAcgtW5BA= > =NDLa > -----END PGP SIGNATURE----- > > > ------------------------------------------------------- > This SF.net email is sponsored by: VM Ware > With VMware you can run multiple operating systems > on a single machine. > WITHOUT REBOOTING! Mix Linux / Windows / Novell > virtual machines at the > same time. Free trial click here: > http://www.vmware.com/wl/offer/345/0 > _______________________________________________ > rssh-discuss mailing list > rss...@li... > https://lists.sourceforge.net/lists/listinfo/rssh-discuss __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com |
|
From: Mr. M. L. <mai...@ya...> - 2003-07-26 17:44:58
|
wow, calm down, i edited rssh.conf and enabled sftp, which i'll try when i get back to work monday. as far as telling me anything twice, that was my first post you responded to. --- Derek Martin <co...@pi...> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Thu, Jul 24, 2003 at 11:11:01AM -0700, Mr. > Mailing List wrote: > > I have it to where it uses rssh as shell, and when > i > > try to locally su user, it says you can only scp > with > > this account. > > Right, because you've only allowed scp. > > > so with winscp, i tried both scp and sftp, but it > > still does not work. > > As I said, winscp will not work with rssh and scp. > You might be able > to get it to work with sftp, but you'll have to > allow the user to use > sftp... > > > with scp protocol, it says... > > Connection has been unexpectedly closed. Server > sent > > command exit status 0. > > It should be clear why this is happening, as I've > explained it twice > now. > > > with sftp protocol, it says... > > > > Connection has been unexpectedly closed. Server > sent > > command exit status 0. > > And this is because you're not allowing sftp. > Either you have still > not read the documentation, or you have failed to > understand it. I > can't explain it any clearer here, than I did there. > > I can't provide any more help with this. As I have > said, using rssh > with WinSCP IS UNSUPPORTED. Look at the faq for > alternatives. > > - -- > Derek D. Martin > http://www.pizzashack.org/ > GPG Key ID: 0xDFBEAD02 > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.1 (GNU/Linux) > > iD8DBQE/ICRXdjdlQoHP510RAqxuAJ4660OJn11sWQp2Asa02iicDvl33QCfRieH > QnVyUb3OfUqU8iBQSJjHQcc= > =HAdR > -----END PGP SIGNATURE----- > > > ------------------------------------------------------- > This SF.Net email sponsored by: Free pre-built > ASP.NET sites including > Data Reports, E-commerce, Portals, and Forums are > available now. > Download today and enter to win an XBOX or Visual > Studio .NET. > http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 > _______________________________________________ > rssh-discuss mailing list > rss...@li... > https://lists.sourceforge.net/lists/listinfo/rssh-discuss __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com |
|
From: Derek M. <co...@pi...> - 2003-07-26 18:02:17
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, Jul 26, 2003 at 10:44:58AM -0700, Mr. Mailing List wrote: > wow, calm down, i edited rssh.conf and enabled sftp, > which i'll try when i get back to work monday. If it doesn't work, I can't help you. I hope that's abundantly clear by now. > as far as telling me anything twice, that was my first > post you responded to. No it wasn't. See the archives, specifically here: http://sourceforge.net/mailarchive/forum.php?thread_id=2816504&forum_id=33294 In fact, I posted this message twice, because the first time I had x-no-archive set, so it did not make it to the archives. > --- Derek Martin <co...@pi...> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > On Thu, Jul 24, 2003 at 11:11:01AM -0700, Mr. > > Mailing List wrote: > > > I have it to where it uses rssh as shell, and when > > i > > > try to locally su user, it says you can only scp > > with > > > this account. > > > > Right, because you've only allowed scp. > > > > > so with winscp, i tried both scp and sftp, but it > > > still does not work. > > > > As I said, winscp will not work with rssh and scp. > > You might be able > > to get it to work with sftp, but you'll have to > > allow the user to use > > sftp... > > > > > with scp protocol, it says... > > > Connection has been unexpectedly closed. Server > > sent > > > command exit status 0. > > > > It should be clear why this is happening, as I've > > explained it twice > > now. > > > > > with sftp protocol, it says... > > > > > > Connection has been unexpectedly closed. Server > > sent > > > command exit status 0. > > > > And this is because you're not allowing sftp. > > Either you have still > > not read the documentation, or you have failed to > > understand it. I > > can't explain it any clearer here, than I did there. > > > > I can't provide any more help with this. As I have > > said, using rssh > > with WinSCP IS UNSUPPORTED. Look at the faq for > > alternatives. - -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE/IsIHdjdlQoHP510RAtHmAJ4pvswoAh5/sC2A3wyxFCCJJ1UTlwCfYcS9 AOBQd7sPU2m2vK+AN3z2iZo= =2k4y -----END PGP SIGNATURE----- |
|
From: Mr. M. L. <mai...@ya...> - 2003-07-27 17:47:20
|
then that means you responded to a single post twice. you really should stop being so rude to users. using lufs, i'm having similar problems, despite enablig sftp and scp here is fstab entry. none /share lufs noauto,user,nosuid,fs=sshfs,host=myhost,username=share,fmode=444.dmode=555 mount /share/ could not mount filesystem! this works if shell is bash, but not rssh. i'm making this abundently clear, i'm not using winscp in this case. that was only on another machine, and rssh is still giving me problems. so please stop the condescending attitude. --- Derek Martin <co...@pi...> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Sat, Jul 26, 2003 at 10:44:58AM -0700, Mr. > Mailing List wrote: > > wow, calm down, i edited rssh.conf and enabled > sftp, > > which i'll try when i get back to work monday. > > If it doesn't work, I can't help you. I hope that's > abundantly clear > by now. > > > as far as telling me anything twice, that was my > first > > post you responded to. > > No it wasn't. See the archives, specifically here: > > > http://sourceforge.net/mailarchive/forum.php?thread_id=2816504&forum_id=33294 > > In fact, I posted this message twice, because the > first time I had > x-no-archive set, so it did not make it to the > archives. > > > --- Derek Martin <co...@pi...> wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: SHA1 > > > > > > On Thu, Jul 24, 2003 at 11:11:01AM -0700, Mr. > > > Mailing List wrote: > > > > I have it to where it uses rssh as shell, and > when > > > i > > > > try to locally su user, it says you can only > scp > > > with > > > > this account. > > > > > > Right, because you've only allowed scp. > > > > > > > so with winscp, i tried both scp and sftp, but > it > > > > still does not work. > > > > > > As I said, winscp will not work with rssh and > scp. > > > You might be able > > > to get it to work with sftp, but you'll have to > > > allow the user to use > > > sftp... > > > > > > > with scp protocol, it says... > > > > Connection has been unexpectedly closed. > Server > > > sent > > > > command exit status 0. > > > > > > It should be clear why this is happening, as > I've > > > explained it twice > > > now. > > > > > > > with sftp protocol, it says... > > > > > > > > Connection has been unexpectedly closed. > Server > > > sent > > > > command exit status 0. > > > > > > And this is because you're not allowing sftp. > > > Either you have still > > > not read the documentation, or you have failed > to > > > understand it. I > > > can't explain it any clearer here, than I did > there. > > > > > > I can't provide any more help with this. As I > have > > > said, using rssh > > > with WinSCP IS UNSUPPORTED. Look at the faq for > > > alternatives. > > - -- > Derek D. Martin > http://www.pizzashack.org/ > GPG Key ID: 0xDFBEAD02 > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.1 (GNU/Linux) > > iD8DBQE/IsIHdjdlQoHP510RAtHmAJ4pvswoAh5/sC2A3wyxFCCJJ1UTlwCfYcS9 > AOBQd7sPU2m2vK+AN3z2iZo= > =2k4y > -----END PGP SIGNATURE----- > > > ------------------------------------------------------- > This SF.Net email sponsored by: Free pre-built > ASP.NET sites including > Data Reports, E-commerce, Portals, and Forums are > available now. > Download today and enter to win an XBOX or Visual > Studio .NET. > http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 > _______________________________________________ > rssh-discuss mailing list > rss...@li... > https://lists.sourceforge.net/lists/listinfo/rssh-discuss __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com |
|
From: Mr. M. L. <mai...@ya...> - 2003-07-27 20:55:56
|
Someone got a little too many swirlies when he was in junior high, huh? --- Derek Martin <co...@pi...> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Sun, Jul 27, 2003 at 10:47:18AM -0700, Mr. > Mailing List wrote: > > then that means you responded to a single post > twice. > > Apparently, you can't count either. This is now the > fourth post I've > replied to. Where I said, "I've now explained it > twice" was in my > second post -- the firt time I explained it was in > the first post, and > the second time I explained it was earlier in that > same (second) post. > > > you really should stop being so rude to users. > > I started out civil, as I always do. And on the > whole, despite not > making any attempt to hide my irritation, I would > still not categorize > my manner as rude, up to this point. I lose > patience with people who > a) don't read documentation and b) can't understand > written English, > when clearly it is their primary language. You seem > to fall into at > least one of those categories, though I will not > hazzard a guess as to > which one(s). I lose patience VERY quickly with > people who keep > asking the same questions, which I have already > answered, as you have > done. I make no appologies for that. > > But since you're still asking the same question, > I'll explain it one > more time as clearly as I possibly can, before I > start ignoring your > messages entirely: > > > using lufs, i'm having similar problems, despite > enablig sftp and > > scp > > This is because (as I have determined after looking > at the LUFS > website for 30 seconds) just like winscp, lufs uses > ssh to do what it > does, and needs to be able to run commands through > ssh on the remote > host (no doubt to get file details, etc.). The > precise and entire > point of rssh is to prevent exactly that, with > exactly two possible > exceptions: scp and sftp-server. These are the only > two commands > which can possibly work, and then only if you > configure rssh to let > them. > > It does not work with LUFS for precisely the same > reasons winscp does > not work. Therefore, it will not work, and will > NEVER work. It will > not work with WinSCP, nor with LUFS, nor with any > other software that > uses ssh to run commands on the remote host. Not > now, not ever. So > please go away now. > > - -- > Derek D. Martin > http://www.pizzashack.org/ > GPG Key ID: 0xDFBEAD02 > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.1 (GNU/Linux) > > iD8DBQE/JBymdjdlQoHP510RAgPLAJ4m56OiQojZPebG0W2FWjvfr7RokQCgrMHG > YjMOHaQRD+lvOxWPbbkm8O8= > =oAe3 > -----END PGP SIGNATURE----- > > > ------------------------------------------------------- > This SF.Net email sponsored by: Free pre-built > ASP.NET sites including > Data Reports, E-commerce, Portals, and Forums are > available now. > Download today and enter to win an XBOX or Visual > Studio .NET. > http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 > _______________________________________________ > rssh-discuss mailing list > rss...@li... > https://lists.sourceforge.net/lists/listinfo/rssh-discuss __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com |
Thanks for helping keep SourceForge clean.
X