"Fossies" - the Fresh Open Source Software Archive

Member "scponly-20110526/INSTALL" (20 Dec 2005, 6304 Bytes) of package /linux/privat/old/scponly-20110526.tgz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 scponly Installation Instructions:
    2 
    3 http://sublimation.org/scponly
    4 joe@sublimation.org
    5 
    6 Installing scponly is not difficult.  It is not trivial either so I
    7 advise reading the instructions carefully.  Keep in mind, you CAN
    8 use scponly as a setuid binary, which should warrant caution.
    9 
   10 
   11 Step 1.  Decide if you want to use chroot() functionality.  
   12 
   13 	If you dont know what this step means, consult "man chroot".  
   14 	If you still dont understand this question, you should not
   15 	use chroot() functionality.  Go to step 2.  
   16 
   17 	Otherwise, consider the following:
   18   - If you do use chroot(), your binary will need to be setuid. This
   19 	should make any security conscious administrator wary.
   20   - Also consider that scponly will only execute AFTER sshd has
   21 	authenticated the remote user.  Given this, you should be
   22 	able to rest a little easier knowing that utilizing scponly
   23 	will not open you up to impersonal vulnerability subnet scans.
   24   - If you are still unsure, read the code.  There is a seteuid
   25 	that ensures that the execution of any commands is
   26 	never done with an effective uid of 0.
   27   - scponly will check the permissions of the directory it is 
   28     about to chroot into unless --disable-chroot-checkdir is used
   29     at confiuration time.  This is to prevent chroot-ing into a
   30     user writable directory.
   31   - Lastly, I make no guarantees that this code is unexploitable.  
   32 	Any system administrator utilizing scponly bears the full
   33 	responsibility for maintaining a secure system. (see 18/08/02
   34 	CHANGELOG!)
   35   - Without chroot() functionality, scponly still functions just
   36 	fine.  However, most all files on any root filesystem for any
   37 	default installation are globally readable.
   38   - installing scponly with chroot could incur some pretty hairy
   39 	troubleshooting.  The binaries and libraries must be set
   40 	up properly in the chroot subdirectories properly.
   41 	
   42 
   43 Step 2.  Configure your installation.
   44 
   45 	There are only a handful of options to configure scponly.
   46 	Some to note:
   47 
   48 	--enable-chrooted-binary
   49 
   50 	This option configures additional compile and install parameters
   51 	that will set your scponly installation to handle chrooted scponly
   52 	users.  By default, chrooted scponly binaries are not built.
   53 
   54 	--disable-wildcards
   55 
   56 	The wildcard processing is new and although I know of no
   57 	vulnerabilities, the especially paranoid may wish to disable
   58 	this feature.  Also note, it only relates to "scp" transfers,
   59 	and not "sftp", which handles its own wildcards.  By default,
   60 	wildcards are enabled.
   61 
   62 	--disable-scp-compat
   63 	--disable-sftp
   64 	--disable-winscp-compat
   65 
   66 	"scp" or "sftp" can be excluded altogether at compile time
   67 	if you know you will not be using one or the other at all.
   68 
   69 	If you do not wish to support WinSCP 2.0 compatibility, you
   70 	can specify the disable option, which will exclude that
   71 	functionality.  This is for especially paranoid folks that
   72 	do not like the interactive nature of a WinSCP session.
   73 	By default, WinSCP 2.0 compatibility is compiled in.
   74 
   75 	--disable-restrictive-names
   76 
   77 	Turning off filename checks will disable checking of the 
   78 	scp arguments.  Historically, these arguments were checked for
   79 	shell metacharacters, but these checks are no longer
   80 	required.  (However, I leave to option to disable turned off
   81 	by default until a later release.)
   82 
   83 	Other options can be seen using "./configure --help"
   84 
   85 
   86 Step 3.  Build the binaries.
   87 
   88 	This is the easy part, type "make".
   89 	
   90 Step 4.  Install the components.
   91 
   92 	Type "make install".
   93 	
   94 	This will install your manpage and scponly binary.  
   95 
   96 Step 5. Edit /etc/shells
   97 
   98 	If you have not already done so, add "scponly" to your /etc/shells
   99 	file, including the full pathname.  If you are using a chrooted
  100 	scponly install, you should add "scponlyc", also including full 
  101 	pathname.
  102 	
  103 Step 6. Create/Edit a user intended for scponly use.  
  104 
  105 	Use your system's "adduser" command to create the user.
  106 
  107 	Set the default shell to the full pathname of your scponly
  108 	binary.  If you want chroot functionality, the name of the
  109 	shell is "scponlyc", otherwise it is "scponly".
  110 
  111 	This could look like:
  112 
  113 		adduser -d /pub -s /usr/local/bin/scponly scpdemo
  114 
  115 	or for chrooted:
  116 
  117 		adduser -d /pub -s /usr/local/sbin/scponlyc scpdemo
  118 
  119 	Where the home directory is "/pub" and the username is "scpdemo".
  120 
  121 	It is very important that the user's home directory be unwritable
  122 	by the user, as a writable homedir will make it possible for users
  123 	to subvert scponly by modifying ssh configuration files.
  124 
  125 	If users complain about being unable to write into their homedir,
  126 	there is a provision to specify both the chroot directory and a 
  127 	subdirectory of the chroot to chdir into:
  128 
  129 	/home/userchroot//writable/subdir
  130 
  131 	Everything before the // is the directory to chroot into and everything
  132 	after the // is the subdir to chdir into after chrooting.
  133 
  134 	Naturally, set the password for this user.
  135 
  136 ADDITIONAL STEPS FOR CHROOT-ENABLED INSTALLATIONS ONLY:
  137 
  138 Step 7. You will need to install some directories, passwd files,
  139 	libraries and binaries in your chroot path so that scponly has
  140 	something to invoke when it comes time to execute the remote
  141 	request.
  142 
  143 	I have added the script that performs most setup for chroot:
  144 	You can run it with:
  145 
  146 		make jail
  147 
  148 	Please be aware that chroot installation varies WIDELY from 
  149 	system to system.  check in the build_extras directory if
  150 	make jail has failed you.
  151 
  152 	Also see the BUILDING_JAILS.TXT document in this source package
  153 	for additional help.  Good luck!
  154 
  155 	
  156 That's it, you're done!
  157 
  158 
  159 Additional Installation notes:
  160 
  161 	- Some operating systems (notably redhat 9), use a shell script for
  162 the "groups" command.  Though "groups" is an allowable command, the 
  163 "#!/bin/sh" interpreter specification at the beginning of this script 
  164 will attempt to load /bin/sh, which is not available in the chrooted
  165 jail.  This is only a problem when you are also using WinSCP compatibiliy,
  166 because WinSCP will attempt to run "groups" upon connection initialization.
  167 
  168 You have three choices:
  169  - you can either put /bin/sh in your jail, which is a security problem 
  170  - you can deselect "lookup user groups" in the WinSCP configuration
  171  - you can "make groups" using the provided groups.c and move the fake
  172 	groups program into your chroot.
  173 
  174 - There are additional notes and scripts in the "build_extras" directory
  175 	for specific platforms 
  176