[scponly] sftp failing/Solaris 10

Mon Jun 25 13:34:58 EDT 2007

Thank you so much for your response.  While waiting for a list response,
just for the heck of it I copied a sftp-server binary from another
solaris 10 server and that fixed my problem.  I really appreciate your
response and suggestions.

________________________________

From: Steve Kehlet [mailto:stevek at webreachinc.com] 
Sent: Monday, June 25, 2007 12:42 PM
To: Hargis, Mandy
Cc: scponly at lists.ccs.neu.edu
Subject: Re: [scponly] sftp failing/Solaris 10

can you truss -f -p <sshd_pid> the sshd process on the server side?  

or maybe copy a few more binaries into your jail area (just for
testing), including bash and ldd (and any additional libraries they
need), then 

chroot /your/jail/area /bin/bash

and do ldd's once inside your jail?  just to double check everything
needed is there, e.g. ldd /usr/libexec/openssh/sftp-server

On Jun 21, 2007, at 9:07 AM, Hargis, Mandy wrote:

Good afternoon,

I'm trying to get scponly4.6 to work on a Solaris 10 server running
openssh 4.6.1 and openssl 0.9.7m  (I only need sftp functionality, in a
chroot'd environment).  I have gotten this to work successfully in the
past many times, as recently as a month ago (only difference/then it was
scponly4.6, Solaris 10 default os including default ssh pkgs) 

On this particular server I'm running...

./configure --enable-chrooted-binary 

make

make install

and set my debug level=2

I manually setup my jail.  

I run an ldd on the sftp-server and copy all the required libraries into
my altroot location into the appropriate qualified pathnames.  I run an
ldd against each and every library associated with sftp-server and copy
any of those into my altroot location as well.  (As I mentioned I have
set this up successfully so many times in the past so I actually have
other servers to compare this with).

When I attempt to connect via sftp I'm getting the following log
entries:

Jun 21 11:46:57 si-erpcd1 sshd[25836]: [ID 800047 auth.info] Accepted
password for amh from 172.24.1.168 port 1788 ssh2

Jun 21 11:46:57 si-erpcd1 sshd[25838]: [ID 800047 auth.info] subsystem
request for sftp

Jun 21 11:46:57 si-erpcd1 scponly[25839]: [ID 485826 auth.info] chrooted
binary in place, will chroot()

Jun 21 11:46:57 si-erpcd1 scponly[25839]: [ID 667827 auth.debug] 3
arguments in total.

Jun 21 11:46:57 si-erpcd1 scponly[25839]: [ID 445495 auth.debug]
arg 0 is scponlyc

Jun 21 11:46:57 si-erpcd1 scponly[25839]: [ID 445495 auth.debug]
arg 1 is -c

Jun 21 11:46:57 si-erpcd1 scponly[25839]: [ID 445495 auth.debug]
arg 2 is /usr/local/libexec/sftp-server

Jun 21 11:46:57 si-erpcd1 scponly[25839]: [ID 652719 auth.debug] opened
log at LOG_AUTH, opts 0x00000009

Jun 21 11:46:57 si-erpcd1 scponly[25839]: [ID 805961 auth.debug]
retrieved home directory of "/export/home/amh" for user "amh"

Jun 21 11:46:57 si-erpcd1 scponly[25839]: [ID 263513 auth.debug]
chrooting to dir: "/export/home/amh"

Jun 21 11:46:57 si-erpcd1 scponly[25839]: [ID 282054 auth.debug]
chdiring to dir: "/"

Jun 21 11:46:57 si-erpcd1 scponly[25839]: [ID 663861 auth.debug] setting
uid to 555

Jun 21 11:46:57 si-erpcd1 scponly[25839]: [ID 290257 auth.debug]
processing request: "/usr/local/libexec/sftp-server"

Jun 21 11:46:57 si-erpcd1 scponly[25839]: [ID 699181 auth.info] running:
/usr/local/libexec/sftp-server (username: amh(555), IP/port:
172.24.1.168 1788 22)

I instantly get disconnected, and if using sftp thru winscp, I get the
generic error that says:

"Cannot initialize SFTP protocol.  Is the host running an SFTP server?"

"Connection has unexpectedly closed.  Server sent comman exit status 1"

If I truss a command line sftp connection I get prompted for my password
and then immediately disconnected and dropped back to my cli.

Any ideas would be greatly appreciated.

Thanks,

Mandy

_______________________________________________

scponly mailing list

scponly at lists.ccs.neu.edu

https://lists.ccs.neu.edu/bin/listinfo/scponly

-------------- next part --------------
HTML attachment scrubbed and removed