scp chroot

Goal was to produce a read only password secured, ssh based repository for arbitrary files. As the amount of users was large it was obvious to not use individual unix uids. Also using scponly was not an option as it would need a full populated chroot. From the scponly documentation i found that ssh actually runs the scp binary with shell -c scp and scponly wraps around the scp binary. I didnt want to have to populate the chroot so my solution would have to be to chroot after the final binary which led to the need to modify the scp itself.

For this i extracted the debian openssh 3.8.1p1 package and applied this patch and finally build scp with make scp. The patch comments out all functionality for copying files TO the server. It is only possible to retrieve files. Unix permission will still be honored.

Copy the scp binary somewhere makeing it suid like this:

chown root.root chrootscp chmod 4777 chrootscp

Now create the appropriate users. The final uid does not really matter. I created 4 users with the same uid but different homedirs and passwords:

passwd

s001:x:5000:1000:s001,,,:/home/s/s001:/usr/local/sbin/chrootscp s002:x:5000:1000:s002,,,:/home/s/s002:/usr/local/sbin/chrootscp s003:x:5000:1000:s003,,,:/home/s/s003:/usr/local/sbin/chrootscp s004:x:5000:1000:s004,,,:/home/s/s004:/usr/local/sbin/chrootscp

shadow

s001:TUvJjQwh11HOg:12944:0:99999:7::: s002:TUvJjQwh11HOg:12944:0:99999:7::: s003:TUvJjQwh11HOg:12944:0:99999:7::: s004:TUvJjQwh11HOg:12944:0:99999:7:::

Thoughts

Another option might be to run a script instead of really reading a file. This would lead one to be able to distribute config/stats etc by scp without the need to actually put files into the filesystem.

More logging to syslog would be good. We want to know which user fetched which file.