[scponly] sftp not working, but scp does
Paul Hyder
Paul.Hyder at noaa.gov
Tue Nov 28 15:14:20 EST 2006
This appears to be an incomplete jail configuration. Generally means there
is a library that needs to be added for the sftp-server.
1. Verify the sftp-server permissions (/raid/chroot/www/test/usr/lib/misc/sftp-server)
2. Run ldd on the sftp-server binary and make sure all of the listed libraries
are installed in the correct location for the jail. If they are all present
run ldd on the libraries and make sure they don't need a missing library.
Server OS and configure options?
Paul Hyder
Brian Davis wrote:
> Here is the detailed debug, for scponly and sshd. Looks like I still
> need to turn on more debugging somewhere. As a point of reference, SFTP
> does work for non scponly users.
>
> Nov 28 14:30:29 flagg sshd[3510]: debug1: subsystem: exec()
> /usr/lib/misc/sftp-server
> Nov 28 14:30:29 flagg scponly[3511]: chrooted binary in place, will chroot()
> Nov 28 14:30:29 flagg scponly[3511]: 3 arguments in total.
> Nov 28 14:30:29 flagg scponly[3511]: arg 0 is scponlyc
> Nov 28 14:30:29 flagg scponly[3511]: arg 1 is -c
> Nov 28 14:30:29 flagg scponly[3511]: arg 2 is /usr/lib/misc/sftp-server
> Nov 28 14:30:29 flagg scponly[3511]: opened log at LOG_AUTHPRIV, opts
> 0x00000009
> Nov 28 14:30:29 flagg scponly[3511]: retrieved home directory of
> "/raid/chroot/www/test//incoming" for user "test"
> Nov 28 14:30:29 flagg scponly[3511]: chrooting to dir:
> "/raid/chroot/www/test"
> Nov 28 14:30:29 flagg scponly[3511]: chdiring to dir: "/incoming"
> Nov 28 19:30:29 flagg scponly[3511]: setting uid to 1003
> Nov 28 19:30:29 flagg scponly[3511]: processing request:
> "/usr/lib/misc/sftp-server"
> Nov 28 19:30:29 flagg scponly[3511]: running: /usr/lib/misc/sftp-server
> (username: test(1003), IP/port: 16.4.18.22 3059 8364)
> Nov 28 14:30:29 flagg sshd[3510]: debug1: Received SIGCHLD.
> Nov 28 14:30:29 flagg sshd[3510]: debug1: session_by_pid: pid 3511
> Nov 28 14:30:29 flagg sshd[3510]: debug1: session_exit_message: session
> 0 channel 0 pid 3511
> Nov 28 14:30:29 flagg sshd[3510]: debug1: session_exit_message: release
> channel 0
> Nov 28 14:30:29 flagg sshd[3510]: debug1: session_by_channel: session 0
> channel 0
> Nov 28 14:30:29 flagg sshd[3510]: debug1: session_close_by_channel:
> channel 0 child 0
> Nov 28 14:30:29 flagg sshd[3510]: debug1: session_close: session 0 pid 0
> Nov 28 14:30:29 flagg sshd[3510]: debug1: channel 0: free:
> server-session, nchannels 1
> Nov 28 14:30:29 flagg sshd[3510]: Connection closed by 16.4.18.22
> Nov 28 14:30:29 flagg sshd[3510]: debug1: do_cleanup
> Nov 28 14:30:29 flagg sshd[3510]: debug1: PAM: cleanup
> Nov 28 14:30:29 flagg sshd(pam_unix)[3510]: session closed for user test
> Nov 28 14:30:29 flagg sshd[3510]: Closing connection to 16.4.18.22
> Nov 28 14:30:29 flagg sshd[3510]: debug1: PAM: cleanup
>
> Thanks,
> Brian
>
>
> Paul Hyder wrote:
>> Sounds like the selected sftp server exits.
>>
>> Have you tried setting the debuglevel to 1? (default install puts this
>> file in /usr/local/etc/scponly, change it from 0 to 1) The extended
>> diagnostics should be useful.
>>
>> Would also help to know what options you used with configure and the
>> server's operating system.
>> Paul Hyder
>> NOAA Earth System Research Laboratory, Global Systems Division
>> Boulder, CO
>>
>>
>> Brian Davis wrote:
>>
>>> Hi,
>>>
>>> I'm using WinSCP 3.8.2. The session default of "SFTP (allow SCP
>>> fallback) is checked. When WinSCP tries to connect, if gives the
>>> following error and immediately disconnects:
>>>
>>> "Cannot initalize SFTP protocol. Is the host running a SFTP server?
>>> Connection has been unexpectedly closed. Server sent command exit status
>>> 255."
>>>
>>> However, selecting SCP for the session seems to work fine. Here is my
>>> auth.log when trying sftp:
>>>
>>> Nov 26 22:14:41 flagg sshd[20279]: Accepted keyboard-interactive/pam for
>>> test from 192.168.1.103 port 3530 ssh2
>>> Nov 26 22:14:41 flagg sshd(pam_unix)[13368]: session opened for user
>>> test by (uid=0)
>>> Nov 26 22:14:41 flagg sshd[13368]: subsystem request for sftp
>>> Nov 27 03:14:41 flagg scponly[12982]: running: /usr/lib/misc/sftp-server
>>> (username: test(1003), IP/port: 192.168.1.103 3530 7777)
>>> Nov 26 22:14:41 flagg sshd(pam_unix)[13368]: session closed for user test
>>>
>>> Any ideas?
>>>
>>> Also, can the logging for scponly be configured to use local time rather
>>> than GMT?
>>>
>>> Thanks!
>>>
>>>
>>>
>>> _______________________________________________
>>> scponly mailing list
>>> scponly at lists.ccs.neu.edu
>>> https://lists.ccs.neu.edu/bin/listinfo/scponly
>>>
>>
>>
>
> _______________________________________________
> scponly mailing list
> scponly at lists.ccs.neu.edu
> https://lists.ccs.neu.edu/bin/listinfo/scponly
More information about the scponly
mailing list