[scponly] sftp works scp does not

Pawel Mueller pawel.mueller at rus.uni-stuttgart.de
Fri Feb 10 13:09:15 EST 2006 

Hi,

if it helps, I did the same on my gentoo box. Compiled with:

./configure --enable-winscp-compat --enable-sftp-logging-compat
--enable-scp-compat --enable-rsync-compat --prefix=/usr/local/
--enable-passwd-compat --disable-chroot-checkdir --disable-chrooted-binary

the user on the windows box has problems to login via winscp. Message:

Die Verbindung wurde unerwartet geschlossen. Der Server sendete den
Befehlsbeendigungsstatus 0.

means:
the connection was unexpectly closed. The server send failure return code 0.

Server log:

Feb 10 18:59:31 [sshd(pam_unix)] authentication failure; logname= uid=0
euid=0 tty=ssh ruser= rhost=dyn-3-9.rus.uni-stuttgart.de  user=scponlytest
Feb 10 18:59:33 [sshd] error: PAM: Authentication failure for
scponlytest from dyn-3-9.rus.uni-stuttgart.de
Feb 10 18:59:38 [sshd] Accepted keyboard-interactive/pam for scponlytest
from 129.69.3.249 port 4888 ssh2
Feb 10 18:59:38 [sshd(pam_unix)] session opened for user scponlytest by
(uid=0)
Feb 10 18:59:40 [scponly] running: /bin/groups (username:
scponlytest(1007), IP/port: 129.69.3.249 4888 22)
Feb 10 18:59:40 [sshd(pam_unix)] session closed for user scponlytest


so compiles with:

./configure --enable-winscp-compat --disable-sftp-logging-compat
--enable-scp-compat --enable-rsync-compat --prefix=/usr/local/
--enable-passwd-compat --disable-chroot-checkdir --disable-chrooted-binary

user can login without problems

server log:

Feb 10 19:08:21 [sshd(pam_unix)] authentication failure; logname= uid=0
euid=0 tty=ssh ruser= rhost=dyn-3-9.rus.uni-stuttgart.de  user=scponlytest
Feb 10 19:08:23 [sshd] error: PAM: Authentication failure for
scponlytest from dyn-3-9.rus.uni-stuttgart.de
Feb 10 19:08:25 [sshd] Accepted keyboard-interactive/pam for scponlytest
from 129.69.3.249 port 4893 ssh2
Feb 10 19:08:25 [sshd(pam_unix)] session opened for user scponlytest by
(uid=0)
Feb 10 19:08:26 [scponly] running: /bin/groups (username:
scponlytest(1007), IP/port: 129.69.3.249 4893 22)
Feb 10 19:08:26 [scponly] running: /usr/bin/pwd (username:
scponlytest(1007), IP/port: 129.69.3.249 4893 22)
Feb 10 19:08:26 [scponly] running: /usr/bin/ls -la --full-time
(username: scponlytest(1007), IP/port: 129.69.3.249 4893 22)


hope this helps a little.

bye
Pawel



Kaleb Pederson wrote:
> Pawel,
> 
> SFTP-Logging is a patch to OpenSSH's sftp-server that allows it to use 
> environment variables to log files the actions that users take while logged 
> into your sftp-server.  If you aren't using the sftp-logging patches to 
> OpenSSH, then you wouldn't need it.
> 
> Gentoo, and possibly other systems, make these patches available to users.
> 
> However, this doesn't explain why it works if that's the only change that you 
> made.  The only thing that sftp-logging should do is create the necessary 
> environment variables for sftp-logging to work instead of leaving an empty 
> environment?
> 
> What do you get as debug output now that it's working?
> 
> Thanks and I hope that helps.
> 
> --Kaleb
> 
> 
> On Friday 10 February 2006 9:35 am, Pawel Mueller wrote:
> 
>>Hi Folks,
>>
>>I found it out. It was the option
>>--enable-sftp-logging-compat
>>
>>after I found out, that I can set the debuglevel variable in
>>../etc/scponly/debuglevel I saw that:
>>
>>Feb 10 18:33:15 zsdweb1 scponly[31203]: processing request: "pwd"
>>Feb 10 18:33:15 zsdweb1 scponly[31203]: Unable to find "LOG_SFTP" in the
>>environment
>>Feb 10 18:33:15 zsdweb1 scponly[31203]: Found "USER" and setting it to
>>"scponlytest"
>>Feb 10 18:33:15 zsdweb1 scponly[31203]: Unable to find "SFTP_UMASK" in
>>the environment
>>Feb 10 18:33:15 zsdweb1 scponly[31203]: Unable to find
>>"SFTP_PERMIT_CHMOD" in the environment
>>Feb 10 18:33:15 zsdweb1 scponly[31203]: Unable to find
>>"SFTP_PERMIT_CHOWN" in the environment
>>Feb 10 18:33:15 zsdweb1 scponly[31203]: Unable to find "SFTP_LOG_LEVEL"
>>in the environment
>>Feb 10 18:33:15 zsdweb1 scponly[31203]: Unable to find
>>"SFTP_LOG_FACILITY" in the environment
>>Feb 10 18:33:15 zsdweb1 scponly[31203]: running: /bin/pwd (username:
>>scponlytest(1004), IP/port: 129.69.3.249 4873 22)
>>
>>so I just disabled sftp-loggin-compat and users can login without
>>problems. Strange that... can anybody explain please.
>>What exactly it sftp-logging? And how I can enable it anyway?
>>
>>thx a lot
>>Pawel
>>
>>Pawel Mueller wrote:
>>
>>>Hi,
>>>
>>>I have a problem here and can't find a solution. It's the following:
>>>There are many users who should be able to login to my server via
>>>scponly. Most of them are using WINscp. Since winscp now supports sftp
>>>logins, too, there is only a problem with the pure scp login. If I try
>>>that there are some error messages I can't interpret:
>>>
>>>Befehl 'groups'
>>>fehlgeschlagen mit Beendigungscode 0 und Fehlernachricht
>>>*** glibc detected *** free(): invalid pointer: 0x0000000000504c20 ***.
>>>
>>>means:
>>>command 'groups'
>>>failed with returncode 0 and failuremessage
>>>*** glibc detected *** free(): invalid pointer: 0x0000000000504c20 ***.
>>>
>>>after ignoring the same appears with 'pwd' instead of 'group'. This a
>>>have to ignore very often, then I am loged in, but in a empty directory
>>>and when try to do anything, a have to ignore the 'pwd' failures again,
>>>but with no effekt.
>>>
>>>I'm using SuSE Enterprise Distro
>>>I compiled scponly-4.6 with:
>>>./configure --enable-winscp-compat --enable-sftp-logging-compat
>>>--enable-scp-compat --enable-rsync-compat --prefix=/usr/local/
>>>--with-sftp-server
>>>
>>>I had to hack the configure script in the line where as_dummy variable
>>>is defined, because my sftp-server ist in /usr/lib64/ssh/ and the
>>>--with-sftp-server flag simply ignored the path a gave it :-/
>>>
>>>so it would be great If sombody have an idea of what went wrong and how
>>>I can fix it.
>>>
>>>many thanks
>>>Pawel
>>>
>>>
>>>------------------------------------------------------------------------
>>>
>>>_______________________________________________
>>>scponly mailing list
>>>scponly at lists.ccs.neu.edu
>>>https://lists.ccs.neu.edu/bin/listinfo/scponly

-- 
Pawel Müller (Hiwi)                Information & Medien
                                   und Verwaltung
Rechenzentrum
Universitaet Stuttgart
Allmandring 30
70550 Stuttgart                   http://www.rus.uni-stuttgart.de

More information about the scponly mailing list