[scponly] chroot-ed sftp-server problems

Vincent van Scherpenseel mailinglists at vanscherpenseel.nl
Fri Mar 12 15:03:54 EST 2004 

Hello list,

I just installed scponly on one of my machines, and my first expressions about 
the project were very good. I was able to create a user, give her sftp 
access, but no login access, and all was good. Then, I decided I wanted my 
users to stay inside their own homedir using a chroot'ed environment, and 
then things went wrong.

To create the chroot'ed environment I executed 'make jail', and created the 
default user (named 'scponly', for testing purposes only). But now when I 
WinSCP to the machine with the chroot'ed user, WinSCP exits with this error: 
"Connection has been unexpectedly closed. Server sent command exit status 8." 
I included the full WinSCP log at the end of this message.

In my /var/log/authlog file at the host machine I see the following lines:
"Mar 12 19:50:36 kingston [1145]: running: /usr/libexec/sftp-server (username: 
scponly(1007), IP/port: 192.168.1.5 4691 22)"
"Mar 12 19:50:36 kingston [1145]: failed: /usr/libexec/sftp-server with error 
Exec format error(8) (username: scponly(1007), IP/port: 192.168.1.5 4691 22)"

Some information about my setup:
I'm running NetBSD-1.6.2, scponly 3.9, OpenSSH 3.7 with the latest patches.

/etc/shells contains (among other) shells:
/usr/local/bin/scponly
/usr/local/sbin/scponlyc

User 'scponly' has shell: /usr/local/sbin/scponlyc
/usr/local/sbin/scponlyc has setuid permissions

All binaries installed by scponly in the chroot'ed environment are working, 
and using 'ldd' I was able to track their dependancies, which were all 
available inside the chroot'ed environment as well.

Normal ssh logins (to non-scponly users) are functioning perfectly, and also 
sftp access to scponly (non chroot'ed) users is working without a problem. 
The problems start when I want to sftp to the maching using a chroot'ed user.

What am I doing wrong, please help me out here. Thank you very much in 
advance.

Yours Sincerely
Vincent van Scherpenseel


. --------------------------------------------------------------------------
. WinSCP Version 3.5.6 (Build 213)
. Login time: vrijdag 12 maart 2004 20:50:24
. --------------------------------------------------------------------------
. Session name: scponly at 192.168.1.28
. Host name: 192.168.1.28 (Port: 22)
. User name: scponly (Password: Yes, Key file: No)
. Transfer Protocol: SFTP
. SSH protocol version: 2; Compression: No
. Agent forwarding: No; TIS/CryptoCard: No; KI: Yes
. Ciphers: aes,blowfish,3des,WARN,des; Ssh2DES: No
. Ping type: -, Ping interval: 30 sec; Timeout: 15 sec
. SSH Bugs: 
. Proxy: none
. Return code variable: Autodetect; Lookup user groups: Yes
. Shell: default, EOL: 0
. Local directory: default, Remote directory: home, Update: No, Cache: Yes
. Cache directory changes: Yes, Permanent: Yes
. Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes
. Alias LS: No, Ign LS warn: Yes, Scp1 Comp: No
. --------------------------------------------------------------------------
. Looking up host "192.168.1.28"
. Connecting to 192.168.1.28 port 22
. Server version: SSH-2.0-OpenSSH
. We claim version: SSH-2.0-WinSCP-release-3.5.6
. Using SSH protocol version 2
. Doing Diffie-Hellman group exchange
. Doing Diffie-Hellman key exchange
. Host key fingerprint is:
. ssh-rsa 2048 bd:a6:23:80:37:46:b2:85:99:9c:09:aa:16:ad:c5:9f
. Initialised AES-256 client->server encryption
. Initialised AES-256 server->client encryption
! Using username "scponly".
. Keyboard-interactive authentication refused
. Session password prompt (scponly at 192.168.1.28's password: )
. Using stored password.
. Sent password
. Access granted
. Opened channel for session
. Started a shell/command
. --------------------------------------------------------------------------
. Using SFTP protocol.
. Doing startup conversation with host.
> Type: SSH_FXP_INIT, Size: 5, Number: -1
. Server sent command exit status 8
. All channels closed. Disconnecting
* (ESshFatal) Cannot initialize SFTP protocol. Is the host running a SFTP 
server?
* Connection has been unexpectedly closed. Server sent command exit status 8.

More information about the scponly mailing list