[scponly] scponly 4.3 - sftp-server mysteriously exits

Ashley Gould agould at ucop.edu
Wed Jan 11 14:40:59 EST 2006 

I'm building scponly 4.3 on SuSE linux 9.1.
2.6.5-7.201-smp
glibc-2.3.3-97

I've gotten though the compile ok, but when I attempt to run chrooted sftp 
my session ends immediately after authentication.  I can see from
the logs that ssh auth completes, scponly chroots and chdirs successfully.
Then scponly execs sftp-server, which immediately exits without errors.
There is no complaint about "chroot dir writable by group/other".


Build params:
./configure  --enable-sftp-logging-compat --enable-scp-compat --enable-chrooted-binary

User config:
web6:~ # grep scponly /etc/passwd
scponly:x:3886:100::/home/scponly//incoming:/usr/local/sbin/scponlyc
web6:~ # ls -ld /home/scponly /home/scponly//incoming
drwxr-xr-x  8 root    root  192 Jan  6 17:58 /home/scponly
drwxr-xr-x  2 scponly users  48 Jan  5 15:46 /home/scponly//incoming


sftp connection:
agould at isis:~> sftp -v scponly at web6
Connecting to web6...
OpenSSH_3.8p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7d 17 Mar 2004
[cut]
debug1: Next authentication method: keyboard-interactive
Password:
debug1: Authentication succeeded (keyboard-interactive).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending subsystem: sftp
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.0 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 127
Connection closed


Server logs (echo "1" > /usr/local/etc/scponly/debuglevel):
web6:~ # tail -f /var/log/messages
Jan 11 11:12:01 web6 sshd[7607]: Accepted keyboard-interactive/pam for scponly from ::ffff:128.48.134.181 port 3687 ssh2
Jan 11 11:12:01 web6 sshd[7610]: subsystem request for sftp
Jan 11 11:12:01 web6 scponly[7611]: chrooted binary in place, will chroot()
Jan 11 11:12:01 web6 scponly[7611]: 3 arguments in total.
Jan 11 11:12:01 web6 scponly[7611]:     arg 0 is scponlyc
Jan 11 11:12:01 web6 scponly[7611]:     arg 1 is -c
Jan 11 11:12:01 web6 scponly[7611]:     arg 2 is /usr/lib/ssh/sftp-server
Jan 11 11:12:01 web6 scponly[7611]: opened log at LOG_AUTHPRIV, opts 0x00000009
Jan 11 11:12:01 web6 scponly[7611]: retrieved home directory of "/home/scponly//incoming" for user "scponly"
Jan 11 11:12:01 web6 scponly[7611]: chrooting to dir: "/home/scponly"
Jan 11 11:12:01 web6 scponly[7611]: chdiring to dir: "/incoming"
Jan 11 11:12:01 web6 scponly[7611]: setting uid to 3886
Jan 11 11:12:01 web6 scponly[7611]: processing request: "/usr/lib/ssh/sftp-server"
Jan 11 11:12:01 web6 scponly[7611]: Unable to find "LOG_SFTP" in the environment
Jan 11 11:12:01 web6 scponly[7611]: Found "USER" and setting it to "scponly"
Jan 11 11:12:01 web6 scponly[7611]: Unable to find "SFTP_UMASK" in the environment
Jan 11 11:12:01 web6 scponly[7611]: Unable to find "SFTP_PERMIT_CHMOD" in the environment
Jan 11 11:12:01 web6 scponly[7611]: Unable to find "SFTP_PERMIT_CHOWN" in the environment
Jan 11 11:12:01 web6 scponly[7611]: Unable to find "SFTP_LOG_LEVEL" in the environment
Jan 11 11:12:01 web6 scponly[7611]: Unable to find "SFTP_LOG_FACILITY" in the environment
Jan 11 11:12:01 web6 scponly[7611]: Environment contains "USER=scponly"
Jan 11 11:12:01 web6 scponly[7611]: running: /usr/lib/ssh/sftp-server (username: scponly(3886), IP/port: ::ffff:128.48.134.181 3687 22)




-- 

-ashley

Did you try poking at it with a stick?

More information about the scponly mailing list