[scponly] unable to use scponlyc
Roland Lammel
roland.lammel at kapsch.net
Mon Sep 15 09:52:47 EDT 2003
Have you created a chrooted environment for the user in question?
From the error, the sftp-server cannot be found which either meens it isn't there, has wrong permissions, or missing
libs (which should give a slightly different message).
For info on how to setup read the docs that come with scponly or read thorough the mailing list.
(Basically you have to "make jail" for the user in question.)
Cheers
+rl
Colin Harford wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> So, I am having problems with scponly (scponly3.8 from ports tree) and
> FreeBSD 5.1-RELEASE
>
> Using scponly it works, however, when I use scponlyc it prompts for a
> password, and then goes: "Connection closed"
>
>
> The error in /var/log/auth.log is (IP# have been changed):
>
> Sep 13 20:13:05 kishar [13827]: running: /usr/local/bin/sftp-server
> (username: charford(1002), IP/port: 192.168.2.2 55132 22)
> Sep 13 20:13:05 kishar [13827]: failed: /usr/local/bin/sftp-server with
> error No such file or directory(2) (username: charford(1002), IP/port:
> 192.168.2.2 55132 22)
>
>
> So, I ran sshd and sftp in debugging and below is its output (not ran
> at the same time) .
>
> Any ideas?
>
>
> CH
>
>
> # /usr/sbin/sshd -ddd
> debug2: read_server_config: filename /etc/ssh/sshd_config
> debug1: sshd version OpenSSH_3.6.1p1 FreeBSD-20030423
> debug1: private host key: #0 type 0 RSA1
> debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
> debug1: read PEM private key done: type DSA
> debug1: private host key: #1 type 2 DSA
> debug1: Bind to port 22 on 192.168.2.1.
> Server listening on 192.168.2.1 port 22.
> Generating 768 bit RSA key.
> RSA key generation complete.
> debug1: Server will not fork when running in debugging mode.
> debug1: res_init()
> Connection from 192.168.2.2 port 55132
> debug1: Client protocol version 2.0; client software version OpenSSH_3.4p1
> debug1: match: OpenSSH_3.4p1 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-1.99-OpenSSH_3.6.1p1 FreeBSD-20030423
> debug2: Network child is on pid 13820
> debug3: preauth child monitor started
> debug3: mm_request_receive entering
> debug3: privsep user:group 22:22
> debug1: permanently_set_uid: 22/22
> debug1: list_hostkey_types: ssh-dss
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug2: kex_parse_kexinit:
> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit: ssh-dss
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-
> cbc,rijndael-cbc at lysator.liu.se
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-
> cbc,rijndael-cbc at lysator.liu.se
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-
> 96,hmac-md5-96
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-
> 96,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: kex_parse_kexinit:
> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-
> cbc,rijndael-cbc at lysator.liu.se
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-
> cbc,rijndael-cbc at lysator.liu.se
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-
> 96,hmac-md5-96
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-
> 96,hmac-md5-96
> debug2: kex_parse_kexinit: none
> debug2: kex_parse_kexinit: none
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: mac_init: found hmac-md5
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug2: mac_init: found hmac-md5
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
> debug3: mm_request_send entering: type 0
> debug3: monitor_read: checking request 0
> debug3: mm_answer_moduli: got parameters: 1024 2048 8192
> debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI
> debug3: mm_request_receive_expect entering: type 1
> debug3: mm_request_receive entering
> debug3: mm_request_send entering: type 1
> debug3: mm_choose_dh: remaining 0
> debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
> debug2: monitor_read: 0 used once, disabling now
> debug3: mm_request_receive entering
> debug2: dh_gen_key: priv key bits set: 125/256
> debug2: bits set: 1551/3191
> debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
> debug2: bits set: 1606/3191
> debug3: mm_key_sign entering
> debug3: mm_request_send entering: type 4
> debug3: monitor_read: checking request 4
> debug3: mm_answer_sign
> debug3: mm_answer_sign: signature 0x8078240(55)
> debug3: mm_request_send entering: type 5
> debug2: monitor_read: 4 used once, disabling now
> debug3: mm_request_receive entering
> debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN
> debug3: mm_request_receive_expect entering: type 5
> debug3: mm_request_receive entering
> debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
> debug2: kex_derive_keys
> debug2: set_newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug2: set_newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: KEX done
> debug3: Trying to reverse map address 192.168.2.2
> debug1: userauth-request for user charford service ssh-connection
> method none
> debug1: attempt 0 failures 0
> debug3: mm_getpwnamallow entering
> debug3: mm_request_send entering: type 6
> debug3: monitor_read: checking request 6
> debug3: mm_answer_pwnamallow
> debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
> debug3: mm_request_send entering: type 7
> debug2: monitor_read: 6 used once, disabling now
> debug3: mm_request_receive entering
> debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM
> debug3: mm_request_receive_expect entering: type 7
> debug3: mm_request_receive entering
> debug2: input_userauth_request: setting up authctxt for charford
> debug3: mm_start_pam entering
> debug3: mm_request_send entering: type 41
> debug3: monitor_read: checking request 41
> debug1: PAM: initializing for "charford"
> debug3: Trying to reverse map address 192.168.2.2
> debug3: mm_inform_authserv entering
> debug3: mm_request_send entering: type 3
> debug2: input_userauth_request: try method none
> debug3: mm_auth2_read_banner entering
> debug3: mm_request_send entering: type 8
> debug3: mm_request_receive_expect entering: type 9
> debug3: mm_request_receive entering
> debug1: PAM: setting PAM_RHOST to "my.domain.com"
> debug2: monitor_read: 41 used once, disabling now
> debug3: mm_request_receive entering
> debug3: monitor_read: checking request 3
> debug3: mm_answer_authserv: service=ssh-connection, style=
> debug2: monitor_read: 3 used once, disabling now
> debug3: mm_request_receive entering
> debug3: monitor_read: checking request 8
> debug3: mm_request_send entering: type 9
> debug1: userauth_banner: sent
> debug3: mm_auth_password entering
> debug3: mm_request_send entering: type 10
> debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD
> debug3: mm_request_receive_expect entering: type 11
> debug3: mm_request_receive entering
> debug2: monitor_read: 8 used once, disabling now
> debug3: mm_request_receive entering
> debug3: monitor_read: checking request 10
> debug3: mm_answer_authpassword: sending result 0
> debug3: mm_request_send entering: type 11
> debug3: mm_auth_password: user not authenticated
> Failed none for charford from 192.168.2.2 port 55132 ssh2
> Failed none for charford from 192.168.2.2 port 55132 ssh2
> debug3: mm_request_receive entering
> debug1: userauth-request for user charford service ssh-connection
> method keyboard-interactive
> debug1: attempt 1 failures 1
> debug2: input_userauth_request: try method keyboard-interactive
> debug1: keyboard-interactive devs
> debug1: auth2_challenge: user=charford devs=
> debug1: kbdint_alloc: devices 'pam'
> debug2: auth2_challenge_start: devices pam
> debug2: kbdint_next_device: devices <empty>
> debug1: auth2_challenge_start: trying authentication method 'pam'
> debug3: mm_pam_init_ctx
> debug3: mm_request_send entering: type 42
> debug3: monitor_read: checking request 42
> debug3: mm_answer_pam_init_ctx
> debug3: mm_request_send entering: type 43
> debug3: mm_request_receive entering
> debug3: ssh_msg_send: type 1
> debug3: ssh_msg_recv entering
> debug3: mm_pam_init_ctx: waiting for MONITOR_ANS_PAM_INIT_CTX
> debug3: mm_request_receive_expect entering: type 43
> debug3: mm_request_receive entering
> debug3: mm_pam_query
> debug3: mm_request_send entering: type 44
> debug3: monitor_read: checking request 44
> debug3: mm_answer_pam_query
> debug3: ssh_msg_recv entering
> debug3: mm_request_send entering: type 45
> debug3: mm_request_receive entering
> debug3: mm_pam_query: waiting for MONITOR_ANS_PAM_QUERY
> debug3: mm_request_receive_expect entering: type 45
> debug3: mm_request_receive entering
> debug3: mm_pam_query: pam_query returned 0
> Postponed keyboard-interactive for charford from 192.168.2.2 port 55132
> ssh2
> debug3: mm_pam_respond
> debug3: mm_request_send entering: type 46
> debug3: monitor_read: checking request 46
> debug3: mm_answer_pam_respond
> debug2: PAM: pam_respond
> debug3: ssh_msg_send: type 6
> debug3: mm_pam_respond: waiting for MONITOR_ANS_PAM_RESPOND
> debug3: mm_request_receive_expect entering: type 47
> debug3: mm_request_receive entering
> debug3: mm_request_send entering: type 47
> debug3: mm_pam_respond: pam_respond returned 1
> debug3: mm_pam_query
> debug3: mm_request_send entering: type 44
> debug3: mm_pam_query: waiting for MONITOR_ANS_PAM_QUERY
> debug3: mm_request_receive_expect entering: type 45
> debug3: mm_request_receive entering
> debug3: mm_request_receive entering
> debug3: monitor_read: checking request 44
> debug3: mm_answer_pam_query
> debug3: ssh_msg_recv entering
> debug3: ssh_msg_send: type 0
> debug3: mm_request_send entering: type 45
> debug3: mm_pam_query: pam_query returned 0
> Postponed keyboard-interactive/pam for charford from 192.168.2.2 port
> 55132 ssh2
> debug3: mm_request_receive entering
> debug3: mm_pam_respond
> debug3: mm_request_send entering: type 46
> debug3: monitor_read: checking request 46
> debug3: mm_answer_pam_respond
> debug2: PAM: pam_respond
> debug3: mm_request_send entering: type 47
> debug3: mm_request_receive entering
> debug3: mm_pam_respond: waiting for MONITOR_ANS_PAM_RESPOND
> debug3: mm_request_receive_expect entering: type 47
> debug3: mm_request_receive entering
> debug3: mm_pam_respond: pam_respond returned 0
> debug3: mm_pam_free_ctx
> debug3: mm_request_send entering: type 48
> debug3: monitor_read: checking request 48
> debug3: mm_answer_pam_free_ctx
> debug3: mm_pam_free_ctx: waiting for MONITOR_ANS_PAM_FREE_CTX
> debug3: mm_request_receive_expect entering: type 49
> debug3: mm_request_receive entering
> debug3: mm_request_send entering: type 49
> Accepted keyboard-interactive/pam for charford from 192.168.2.2 port
> 55132 ssh2
> debug3: mm_send_keystate: Sending new keys: 0x8078280 0x8078240
> debug3: mm_newkeys_to_blob: converting 0x8078280
> debug3: mm_newkeys_to_blob: converting 0x8078240
> debug3: mm_send_keystate: New keys have been sent
> debug3: mm_send_keystate: Sending compression state
> debug3: mm_request_send entering: type 24
> debug3: mm_send_keystate: Finished sending state
> debug2: monitor_read: 48 used once, disabling now
> Accepted keyboard-interactive/pam for charford from 192.168.2.2 port
> 55132 ssh2
> debug1: monitor_child_preauth: charford has been authenticated by
> privileged process
> debug3: mm_get_keystate: Waiting for new keys
> debug3: mm_request_receive_expect entering: type 24
> debug3: mm_request_receive entering
> debug3: mm_newkeys_from_blob: 0x8076780(118)
> debug2: mac_init: found hmac-md5
> debug3: mm_get_keystate: Waiting for second key
> debug3: mm_newkeys_from_blob: 0x8076780(118)
> debug2: mac_init: found hmac-md5
> debug3: mm_get_keystate: Getting compression state
> debug3: mm_get_keystate: Getting Network I/O buffers
> debug3: mm_share_sync: Share sync
> debug3: mm_share_sync: Share sync end
> debug2: User child is on pid 13826
> debug3: mm_request_receive entering
> debug2: set_newkeys: mode 0
> debug2: set_newkeys: mode 1
> debug1: Entering interactive session for SSH2.
> debug1: fd 7 setting O_NONBLOCK
> debug1: fd 8 setting O_NONBLOCK
> debug1: server_init_dispatch_20
> debug1: server_input_channel_open: ctype session rchan 0 win 131072 max
> 32768
> debug1: input_session_request
> debug1: channel 0: new [server-session]
> debug1: session_new: init
> debug1: session_new: session 0
> debug1: session_open: channel 0
> debug1: session_open: session 0: link with channel 0
> debug1: server_input_channel_open: confirm session
> debug1: server_input_channel_req: channel 0 request subsystem reply 1
> debug1: session_by_channel: session 0 channel 0
> debug1: session_input_channel_req: session 0 req subsystem
> subsystem request for sftp
> debug1: subsystem: exec() /usr/libexec/sftp-server
> debug1: PAM: setting PAM_TTY to "(null)"
> debug1: PAM: establishing credentials
> debug1: fd 10 setting O_NONBLOCK
> debug2: fd 10 is O_NONBLOCK
> debug1: Received SIGCHLD.
> debug1: session_by_pid: pid 13827
> debug1: session_exit_message: session 0 channel 0 pid 13827
> debug1: channel 0: request exit-status
> debug1: session_exit_message: release channel 0
> debug1: channel 0: write failed
> debug1: channel 0: close_write
> debug1: channel 0: output open -> closed
> debug1: session_close: session 0 pid 13827
> debug2: notify_done: reading
> debug1: channel 0: read<=0 rfd 10 len 0
> debug1: channel 0: read failed
> debug1: channel 0: close_read
> debug1: channel 0: input open -> drain
> debug1: channel 0: ibuf empty
> debug1: channel 0: send eof
> debug1: channel 0: input drain -> closed
> debug1: channel 0: send close
> debug3: channel 0: will not send data after close
> debug3: channel 0: will not send data after close
> debug1: channel 0: rcvd close
> debug3: channel 0: will not send data after close
> debug1: channel 0: is dead
> debug1: channel 0: garbage collecting
> debug1: channel_free: channel 0: server-session, nchannels 1
> debug3: channel_free: status: The following connections are open:\015
> #0 server-session (t4 r0 i3/0 o3/0 fd 10/10)\015
>
> debug3: channel_close_fds: channel 0: r 10 w 10 e -1
> Connection closed by 24.86.190.4
> debug1: krb5_cleanup_proc called
> Closing connection to 24.86.190.4
> debug1: PAM: cleanup
> debug3: mm_request_send entering: type 50
> debug3: monitor_read: checking request 50
> debug3: mm_answer_term: tearing down sessions
>
>
>
>
> $ sftp -v charford at kishar
> Connecting to kishar...
> OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090609f
> debug1: Reading configuration data /etc/ssh_config
> debug1: Rhosts Authentication disabled, originating port will not be
> trusted.
> debug1: ssh_connect: needpriv 0
> debug1: Connecting to kishar [192.168.1.1] port 22.
> debug1: Connection established.
> debug1: identity file /Volumes/charford/.ssh/id_rsa type -1
> debug1: identity file /Volumes/charford/.ssh/id_dsa type -1
> debug1: Remote protocol version 1.99, remote software version
> OpenSSH_3.6.1p1 FreeBSD-20030423
> debug1: match: OpenSSH_3.6.1p1 FreeBSD-20030423 pat OpenSSH*
> Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_3.4p1
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: dh_gen_key: priv key bits set: 130/256
> debug1: bits set: 1588/3191
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug1: Host 'kishar' is known and matches the DSA host key.
> debug1: Found key in /Volumes/charford/.ssh/known_hosts:5
> debug1: bits set: 1575/3191
> debug1: ssh_dss_verify: signature correct
> debug1: kex_derive_keys
> debug1: newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: waiting for SSH2_MSG_NEWKEYS
> debug1: newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: done: ssh_kex2.
> debug1: send SSH2_MSG_SERVICE_REQUEST
> debug1: service_accept: ssh-userauth
> debug1: got SSH2_MSG_SERVICE_ACCEPT
> ------unauthorized access is prohibited---------
>
> For site security purposes and to ensure that this service remains
> available to all users, this computer system employs software
> programs to monitor network traffic to identify unauthorized attempts to
> upload or change information, or otherwise cause damage. Anyone using this
> system expressly consents to such monitoring and is advised that if such
> monitoring reveals evidence of possible abuse or criminal activity, such
> evidence may be provided to appropriate law enforcement officials.
> Unauthorized attempts to upload or change information on this server are
> strictly prohibited and may be punishable by law.
> debug1: authentications that can continue:
> publickey,password,keyboard-interactive
> debug1: next auth method to try is publickey
> debug1: try privkey: /Volumes/charford/.ssh/id_rsa
> debug1: try privkey: /Volumes/charford/.ssh/id_dsa
> debug1: next auth method to try is keyboard-interactive
> Password:
> debug1: authentications that can continue:
> publickey,password,keyboard-interactive
> Password:
> debug1: ssh-userauth2 successful: method keyboard-interactive
> debug1: fd 4 setting O_NONBLOCK
> debug1: channel 0: new [client-session]
> debug1: send channel open 0
> debug1: Entering interactive session.
> debug1: ssh_session2_setup: id 0
> debug1: Sending subsystem: sftp
> debug1: channel request 0: subsystem
> debug1: channel 0: open confirm rwindow 0 rmax 32768
> debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
> debug1: channel 0: rcvd eof
> debug1: channel 0: output open -> drain
> debug1: channel 0: obuf empty
> debug1: channel 0: close_write
> debug1: channel 0: output drain -> closed
> debug1: channel 0: rcvd close
> debug1: channel 0: close_read
> debug1: channel 0: input open -> closed
> debug1: channel 0: almost dead
> debug1: channel 0: gc: notify user
> debug1: channel 0: gc: user detached
> debug1: channel 0: send close
> debug1: channel 0: is dead
> debug1: channel 0: garbage collecting
> debug1: channel_free: channel 0: client-session, nchannels 1
> debug1: fd 0 clearing O_NONBLOCK
> debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.6 seconds
> debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
> debug1: Exit status 2
> Connection closed
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (Darwin)
>
> iD8DBQE/Y37Qtf2vknGZ+KoRAmaxAKCCFdZQXmslU44j18YvlLUUh2wViACfej4q
> 28QyKkgRsc6maeEpA47l1Qw=
> =aO31
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> scponly mailing list
> scponly at lists.ccs.neu.edu
> https://lists.ccs.neu.edu/bin/listinfo/scponly
--
Ing. Roland Lammel | Technical Assistance Services
Kapsch CarrierCom AG | Am Europlatz 5 | 1120 Vienna | Austria
Phone +43 (0)50811 3456 | Mobile +43 664 628 3456 | Fax +43 (0)50811 3405
mailto:roland.lammel at kapsch.net | http://www.kapsch.net
More information about the scponly
mailing list