[scponly] sftp works scp does not

Kaleb Pederson kpederson at mail.ewu.edu
Fri Feb 10 13:28:04 EST 2006 

Thanks!  I'll try to take a look soon so I can figure out what's going on.

--Kaleb

On Friday 10 February 2006 10:09 am, Pawel Mueller wrote:
> Hi,
>
> if it helps, I did the same on my gentoo box. Compiled with:
>
> ./configure --enable-winscp-compat --enable-sftp-logging-compat
> --enable-scp-compat --enable-rsync-compat --prefix=/usr/local/
> --enable-passwd-compat --disable-chroot-checkdir --disable-chrooted-binary
>
> the user on the windows box has problems to login via winscp. Message:
>
> Die Verbindung wurde unerwartet geschlossen. Der Server sendete den
> Befehlsbeendigungsstatus 0.
>
> means:
> the connection was unexpectly closed. The server send failure return code
> 0.
>
> Server log:
>
> Feb 10 18:59:31 [sshd(pam_unix)] authentication failure; logname= uid=0
> euid=0 tty=ssh ruser= rhost=dyn-3-9.rus.uni-stuttgart.de  user=scponlytest
> Feb 10 18:59:33 [sshd] error: PAM: Authentication failure for
> scponlytest from dyn-3-9.rus.uni-stuttgart.de
> Feb 10 18:59:38 [sshd] Accepted keyboard-interactive/pam for scponlytest
> from 129.69.3.249 port 4888 ssh2
> Feb 10 18:59:38 [sshd(pam_unix)] session opened for user scponlytest by
> (uid=0)
> Feb 10 18:59:40 [scponly] running: /bin/groups (username:
> scponlytest(1007), IP/port: 129.69.3.249 4888 22)
> Feb 10 18:59:40 [sshd(pam_unix)] session closed for user scponlytest
>
>
> so compiles with:
>
> ./configure --enable-winscp-compat --disable-sftp-logging-compat
> --enable-scp-compat --enable-rsync-compat --prefix=/usr/local/
> --enable-passwd-compat --disable-chroot-checkdir --disable-chrooted-binary
>
> user can login without problems
>
> server log:
>
> Feb 10 19:08:21 [sshd(pam_unix)] authentication failure; logname= uid=0
> euid=0 tty=ssh ruser= rhost=dyn-3-9.rus.uni-stuttgart.de  user=scponlytest
> Feb 10 19:08:23 [sshd] error: PAM: Authentication failure for
> scponlytest from dyn-3-9.rus.uni-stuttgart.de
> Feb 10 19:08:25 [sshd] Accepted keyboard-interactive/pam for scponlytest
> from 129.69.3.249 port 4893 ssh2
> Feb 10 19:08:25 [sshd(pam_unix)] session opened for user scponlytest by
> (uid=0)
> Feb 10 19:08:26 [scponly] running: /bin/groups (username:
> scponlytest(1007), IP/port: 129.69.3.249 4893 22)
> Feb 10 19:08:26 [scponly] running: /usr/bin/pwd (username:
> scponlytest(1007), IP/port: 129.69.3.249 4893 22)
> Feb 10 19:08:26 [scponly] running: /usr/bin/ls -la --full-time
> (username: scponlytest(1007), IP/port: 129.69.3.249 4893 22)
>
>
> hope this helps a little.
>
> bye
> Pawel
>
> Kaleb Pederson wrote:
> > Pawel,
> >
> > SFTP-Logging is a patch to OpenSSH's sftp-server that allows it to use
> > environment variables to log files the actions that users take while
> > logged into your sftp-server.  If you aren't using the sftp-logging
> > patches to OpenSSH, then you wouldn't need it.
> >
> > Gentoo, and possibly other systems, make these patches available to
> > users.
> >
> > However, this doesn't explain why it works if that's the only change that
> > you made.  The only thing that sftp-logging should do is create the
> > necessary environment variables for sftp-logging to work instead of
> > leaving an empty environment?
> >
> > What do you get as debug output now that it's working?
> >
> > Thanks and I hope that helps.
> >
> > --Kaleb
> >
> > On Friday 10 February 2006 9:35 am, Pawel Mueller wrote:
> >>Hi Folks,
> >>
> >>I found it out. It was the option
> >>--enable-sftp-logging-compat
> >>
> >>after I found out, that I can set the debuglevel variable in
> >>../etc/scponly/debuglevel I saw that:
> >>
> >>Feb 10 18:33:15 zsdweb1 scponly[31203]: processing request: "pwd"
> >>Feb 10 18:33:15 zsdweb1 scponly[31203]: Unable to find "LOG_SFTP" in the
> >>environment
> >>Feb 10 18:33:15 zsdweb1 scponly[31203]: Found "USER" and setting it to
> >>"scponlytest"
> >>Feb 10 18:33:15 zsdweb1 scponly[31203]: Unable to find "SFTP_UMASK" in
> >>the environment
> >>Feb 10 18:33:15 zsdweb1 scponly[31203]: Unable to find
> >>"SFTP_PERMIT_CHMOD" in the environment
> >>Feb 10 18:33:15 zsdweb1 scponly[31203]: Unable to find
> >>"SFTP_PERMIT_CHOWN" in the environment
> >>Feb 10 18:33:15 zsdweb1 scponly[31203]: Unable to find "SFTP_LOG_LEVEL"
> >>in the environment
> >>Feb 10 18:33:15 zsdweb1 scponly[31203]: Unable to find
> >>"SFTP_LOG_FACILITY" in the environment
> >>Feb 10 18:33:15 zsdweb1 scponly[31203]: running: /bin/pwd (username:
> >>scponlytest(1004), IP/port: 129.69.3.249 4873 22)
> >>
> >>so I just disabled sftp-loggin-compat and users can login without
> >>problems. Strange that... can anybody explain please.
> >>What exactly it sftp-logging? And how I can enable it anyway?
> >>
> >>thx a lot
> >>Pawel
> >>
> >>Pawel Mueller wrote:
> >>>Hi,
> >>>
> >>>I have a problem here and can't find a solution. It's the following:
> >>>There are many users who should be able to login to my server via
> >>>scponly. Most of them are using WINscp. Since winscp now supports sftp
> >>>logins, too, there is only a problem with the pure scp login. If I try
> >>>that there are some error messages I can't interpret:
> >>>
> >>>Befehl 'groups'
> >>>fehlgeschlagen mit Beendigungscode 0 und Fehlernachricht
> >>>*** glibc detected *** free(): invalid pointer: 0x0000000000504c20 ***.
> >>>
> >>>means:
> >>>command 'groups'
> >>>failed with returncode 0 and failuremessage
> >>>*** glibc detected *** free(): invalid pointer: 0x0000000000504c20 ***.
> >>>
> >>>after ignoring the same appears with 'pwd' instead of 'group'. This a
> >>>have to ignore very often, then I am loged in, but in a empty directory
> >>>and when try to do anything, a have to ignore the 'pwd' failures again,
> >>>but with no effekt.
> >>>
> >>>I'm using SuSE Enterprise Distro
> >>>I compiled scponly-4.6 with:
> >>>./configure --enable-winscp-compat --enable-sftp-logging-compat
> >>>--enable-scp-compat --enable-rsync-compat --prefix=/usr/local/
> >>>--with-sftp-server
> >>>
> >>>I had to hack the configure script in the line where as_dummy variable
> >>>is defined, because my sftp-server ist in /usr/lib64/ssh/ and the
> >>>--with-sftp-server flag simply ignored the path a gave it :-/
> >>>
> >>>so it would be great If sombody have an idea of what went wrong and how
> >>>I can fix it.
> >>>
> >>>many thanks
> >>>Pawel
> >>>
> >>>
> >>>------------------------------------------------------------------------
> >>>
> >>>_______________________________________________
> >>>scponly mailing list
> >>>scponly at lists.ccs.neu.edu
> >>>https://lists.ccs.neu.edu/bin/listinfo/scponly
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : https://lists.ccs.neu.edu/pipermail/scponly/attachments/20060210/83a8b47a/attachment.bin

More information about the scponly mailing list