scponly, the Alanis Morissette of FreeBSD ports.

scponly is ironic

iMarc has abandoned the insecure FTP, in favor of SFTP. On our FreeBSD systems, we implement a port called scponly for users to transfer files over SFTP in a chroot'ed environment, without giving them SSH or terminal access.

Even though the port is called scponly, is also supports SFTP. In fact, I've only tested it using SFTP, not scp. Normally, it's very easy to set up.

However, on a new FreeBSD 6.2 server, we ran into some problems. We had one working scponly server (running FreeBSD 5.x) and a broken scponly installation running on the 6.2 server. The broken installation would allow scponly connections, but immediately drop them before transfer. To test, we turned error reporting up to eleven and manually pushed a file to each server using scp.

On both servers this errored out, closing the connection immediately. Using SFTP worked fine on the working server, but scp didn't work on either server. Odd...

After some investigation, Will found out that scponly does NOT support scp by default.

From scponly's wiki:

The new release of scponly-4.2 has:
no support for scp by default...

Excellent! In fact, reading this inspired me to write a program called calculatoronly that does not support numeric calculations by default.

The Fix

Back to our original problem... if you're running FreeBSD 6.2 and setting up scponly chroot'ed users, the port doesn't create all files that the new FreeBSD scp binary requires. I'm sure they'll fix this soon, but in the mean time you can create these files manually:

But, since scponly only supports sftp, don't use it to scp files. Obviously.