[scponly] Re: Unable to launch sftp-server from chroot: request denied

Ralf Durkee rd at rd1.net
Wed Nov 23 19:07:57 EST 2005 

Older Solaris systems are a bit of bugger to get working. Solaris 9 and 
10 are a snap. One useful trick is to run sshd in the foreground with 
debugging enabled. There's a directory list below of a system done years 
ago on Solaris 6.  Most likely you're missing a shared library.

-- Ralf Durkee, CISSP, GSEC, GCIH
Principal Security Consultant
http://rd1.net


John Barton wrote:
> All,
> I am trying to get scponly version 4.1 running on Solaris 8 sparc, and I 
> am having trouble that seems to be specific to sftp-server.
> 
> If I try to use WinSCP in "scp" mode, I can connect without any trouble, 
> and I am properly chrooted into my home directory.
> 
> If I try to use WinSCP in "sftp" mode, it fails with the following 
> error: "Connection has been unexpectedly closed. Server sent command 
> exit status 1". On the server side, in the messages log, it just says 
> "denied request: /opt/xxx/bin/sftp-server (resolved to sftp-server ..."
> 
> The path to sftp-server is correct, and that path also exists inside my 
> chroot directory.
> 
> If I try to sftp into the server using an account with a normal shell, 
> it logs in fine.
> 
> Any pointers on where the problem might be?
> Regards,
> -JB
> 


# ls -lR
.:
total 16
drwx------   2 root     nogroup      512 Mar  7 11:21 bin
drwxr-xr-x   2 root     nogroup      512 Mar 10 10:37 dev
drwxr-xr-x   2 root     nogroup      512 Mar 14 13:02 etc
drwx------   3 inacct   nogroup      512 Mar 18 10:38 incoming
drwxr-x---   2 root     nogroup      512 Mar  7 11:11 lib
dr-x------   2 inacct   nogroup      512 Mar 12 15:46 outgoing
drwxr-xr-x   7 root     nogroup      512 Mar  7 11:11 usr
drwxr-xr-x   3 root     nogroup      512 Mar 10 10:34 var

./bin:
total 200
-rwxr-xr-x   1 root     other       9936 Mar  7 11:21 chmod
-rwxr-xr-x   1 root     other       6692 Mar  7 11:21 chown
-rwxr-xr-x   1 root     other      17908 Mar  7 11:20 ln
-rwxr-xr-x   1 root     other      17440 Mar  7 11:20 ls
-rwxr-xr-x   1 root     other      10588 Mar  7 11:21 mkdir
-rwxr-xr-x   1 root     other      17908 Mar  7 11:20 mv
-rwxr-xr-x   1 root     other      11196 Mar  7 11:20 rm
-rwxr-xr-x   1 root     other       6856 Mar  7 11:21 rmdir

./dev:
total 0
crw-r--r--   1 root     sys       21,  0 Mar 10 10:36 conslog
crw-r--r--   1 root     other     21,  5 Mar 10 10:36 log
crw-r--r--   1 root     sys       13,  2 Mar 10 10:37 null
crw--w----   1 root     tty        0,  0 Mar 10 10:37 syscon
crw-rw-rw-   1 root     sys       11, 42 Mar 10 10:37 tcp
crw-rw-rw-   1 root     sys       11, 41 Mar 10 10:37 udp
crw-r--r--   1 root     sys       13, 12 Mar 10 10:37 zero

./etc:
total 10
-r--r--r--   1 root     other        107 Mar 14 12:04 passwd
-r--------   1 root     other         35 Mar  7 17:08 shadow
-r--r--r--   1 root     other         86 Mar  7 11:24 shells
-rw-r--r--   1 root     sys         1037 Nov  8 10:04 syslog.conf

./incoming:
total 0


./lib:
total 0

./outgoing:
total 0

./usr:
total 10
drwxr-xr-x   2 root     other        512 Mar  7 11:11 bin
drwxr-xr-x   2 root     other        512 Mar  7 12:17 lib
drwxr-xr-x   3 root     other        512 Mar  7 11:11 libexec
drwxr-xr-x   7 root     other        512 Mar 10 10:22 local
drwxr-xr-x   2 root     other        512 Mar  7 11:11 sbin

./usr/bin:
total 0

./usr/lib:
total 4122
-rwxr-xr-x   1 root     other     205880 Mar  7 12:17 ld.so.1
-rwxr-xr-x   1 root     other    1025560 Mar  7 12:17 libc.so.1
-rwxr-xr-x   1 root     other       4664 Mar  7 12:17 libdl.so.1
-rwxr-xr-x   1 root     other      19304 Mar  7 12:17 libmp.so.2
-rwxr-xr-x   1 root     other     756856 Mar  7 12:17 libnsl.so.1
-rwxr-xr-x   1 root     other      53656 Mar  7 12:17 libsocket.so.1

./usr/libexec:
total 2
drwxr-xr-x   2 root     other        512 Mar  7 11:11 openssh

./usr/libexec/openssh:
total 0

./usr/local:
total 10
drwxr-xr-x   2 root     other        512 Mar  7 17:14 bin
drwxr-xr-x   2 root     other        512 Mar 10 10:28 etc
drwxr-xr-x   2 root     other        512 Mar  7 17:00 lib
drwxr-xr-x   2 root     other        512 Mar  7 11:20 libexec
drwxr-xr-x   3 root     other        512 Mar  7 12:16 ssl

./usr/local/bin:
total 274
-rwxr-xr-x   1 bin      bin        31736 Aug  5  2002 scp
-rwxr-xr-x   1 root     root       44636 Mar  7 10:54 scponly
-rwxr-xr-x   1 bin      bin        53576 Aug  5  2002 sftp

./usr/local/etc:
total 24
-rw-r--r--   1 bin      bin         1114 Aug  5  2002 ssh_config
-rw-------   1 root     other        668 Oct  1 17:15 ssh_host_dsa_key
-rw-r--r--   1 root     other        599 Oct  1 17:15 ssh_host_dsa_key.pub
-rw-------   1 root     other        524 Oct  1 16:26 ssh_host_key
-rw-r--r--   1 root     other        328 Oct  1 16:26 ssh_host_key.pub
-rw-------   1 root     other        883 Oct  1 17:12 ssh_host_rsa_key
-rw-r--r--   1 root     other        219 Oct  1 17:12 ssh_host_rsa_key.pub
-rw-r--r--   1 bin      bin         2451 Mar  7 17:11 sshd_config

./usr/local/lib:
total 1852
-rw-r--r--   1 bin      bin       800564 Aug 29  2002 libgcc_s.so.1
-rwxr-xr-x   1 root     other      67632 Mar  7 12:17 libz.so
-rwxr-xr-x   1 bin      bin        67632 Jun 20  2002 libz.so.1.1.4

./usr/local/libexec:
total 56
-rwxr-xr-x   1 bin      bin        28332 Aug  5  2002 sftp-server

./usr/local/ssl:
total 2
drwxr-xr-x   2 root     other        512 Mar  7 12:17 lib

./usr/local/ssl/lib:
total 3456
-r-xr-xr-x   1 bin      bin      1755172 Aug 31  2002 libcrypto.so.0.9.6

./usr/sbin:
total 0

./var:
total 2
drwxr-xr-x   3 root     other        512 Mar 10 10:34 adm

./var/adm:
total 2
drwxr-xr-x   2 root     other        512 Mar 10 10:34 log
-rw-r--r--   1 root     other          0 Mar 10 10:34 messages

./var/adm/log:
total 0

More information about the scponly mailing list