[scponly] sftp failing/Solaris 10

Steve Kehlet stevek at webreachinc.com
Mon Jun 25 12:42:11 EDT 2007 

can you truss -f -p <sshd_pid> the sshd process on the server side?

or maybe copy a few more binaries into your jail area (just for  
testing), including bash and ldd (and any additional libraries they  
need), then

chroot /your/jail/area /bin/bash

and do ldd's once inside your jail?  just to double check everything  
needed is there, e.g. ldd /usr/libexec/openssh/sftp-server





On Jun 21, 2007, at 9:07 AM, Hargis, Mandy wrote:

> Good afternoon,
>
>
>
> I’m trying to get scponly4.6 to work on a Solaris 10 server running  
> openssh 4.6.1 and openssl 0.9.7m  (I only need sftp functionality,  
> in a chroot’d environment).  I have gotten this to work  
> successfully in the past many times, as recently as a month ago  
> (only difference/then it was scponly4.6, Solaris 10 default os  
> including default ssh pkgs)
>
>
>
> On this particular server I’m running…
>
>
>
> ./configure --enable-chrooted-binary
>
> make
>
> make install
>
>
>
> and set my debug level=2
>
>
>
> I manually setup my jail.
>
>
>
> I run an ldd on the sftp-server and copy all the required libraries  
> into my altroot location into the appropriate qualified pathnames.   
> I run an ldd against each and every library associated with sftp- 
> server and copy any of those into my altroot location as well.  (As  
> I mentioned I have set this up successfully so many times in the  
> past so I actually have other servers to compare this with).
>
>
>
> When I attempt to connect via sftp I’m getting the following log  
> entries:
>
>
>
> Jun 21 11:46:57 si-erpcd1 sshd[25836]: [ID 800047 auth.info]  
> Accepted password for amh from 172.24.1.168 port 1788 ssh2
>
> Jun 21 11:46:57 si-erpcd1 sshd[25838]: [ID 800047 auth.info]  
> subsystem request for sftp
>
> Jun 21 11:46:57 si-erpcd1 scponly[25839]: [ID 485826 auth.info]  
> chrooted binary in place, will chroot()
>
> Jun 21 11:46:57 si-erpcd1 scponly[25839]: [ID 667827 auth.debug] 3  
> arguments in total.
>
> Jun 21 11:46:57 si-erpcd1 scponly[25839]: [ID 445495  
> auth.debug]        arg 0 is scponlyc
>
> Jun 21 11:46:57 si-erpcd1 scponly[25839]: [ID 445495  
> auth.debug]        arg 1 is -c
>
> Jun 21 11:46:57 si-erpcd1 scponly[25839]: [ID 445495  
> auth.debug]        arg 2 is /usr/local/libexec/sftp-server
>
> Jun 21 11:46:57 si-erpcd1 scponly[25839]: [ID 652719 auth.debug]  
> opened log at LOG_AUTH, opts 0x00000009
>
> Jun 21 11:46:57 si-erpcd1 scponly[25839]: [ID 805961 auth.debug]  
> retrieved home directory of "/export/home/amh" for user "amh"
>
> Jun 21 11:46:57 si-erpcd1 scponly[25839]: [ID 263513 auth.debug]  
> chrooting to dir: "/export/home/amh"
>
> Jun 21 11:46:57 si-erpcd1 scponly[25839]: [ID 282054 auth.debug]  
> chdiring to dir: "/"
>
> Jun 21 11:46:57 si-erpcd1 scponly[25839]: [ID 663861 auth.debug]  
> setting uid to 555
>
> Jun 21 11:46:57 si-erpcd1 scponly[25839]: [ID 290257 auth.debug]  
> processing request: "/usr/local/libexec/sftp-server"
>
> Jun 21 11:46:57 si-erpcd1 scponly[25839]: [ID 699181 auth.info]  
> running: /usr/local/libexec/sftp-server (username: amh(555), IP/ 
> port: 172.24.1.168 1788 22)
>
>
>
>
>
>
>
> I instantly get disconnected, and if using sftp thru winscp, I get  
> the generic error that says:
>
> “Cannot initialize SFTP protocol.  Is the host running an SFTP  
> server?”
>
> “Connection has unexpectedly closed.  Server sent comman exit  
> status 1”
>
>
>
> If I truss a command line sftp connection I get prompted for my  
> password and then immediately disconnected and dropped back to my cli.
>
>
>
> Any ideas would be greatly appreciated.
>
>
>
> Thanks,
>
> Mandy
>
> _______________________________________________
> scponly mailing list
> scponly at lists.ccs.neu.edu
> https://lists.ccs.neu.edu/bin/listinfo/scponly

-------------- next part --------------
HTML attachment scrubbed and removed

More information about the scponly mailing list