Re: Chrooted sftp setup accessible with psftp, but not sftp

Alex Jurkiewicz wrote:
Hi all,

I'm having problems with a chrooted sftp set up. I can connect with
the psftp program from the Putty toolkit, but not with the standard
sftp utility.
OpenSSH is the same on the client and server:
OpenSSH_5.1p1Debian-5ubuntu1, OpenSSL 0.9.8g 19 Oct 2007

My server configuration is as follows:

sshd_config contains (among other things):

Those "other things" could well be the source of the problem, since Match works first-match per config directive.

[...]
Connecting with psftp works, here is the sshd log:
http://www.bluebottle.net.au/putty-sshd.txt
And the client log:
http://www.bluebottle.net.au/putty-psftp.txt

No, it has the same problem with sftp but falls back to using a shell, which works:

Opened channel for session
Primary command failed; attempting fallback
Started a shell/command

However, connecting with sftp(1) doesn't, see the two logs here:
http://www.bluebottle.net.au/sftp-sshd.txt
http://www.bluebottle.net.au/sftp-sftp.txt

I'm not quite sure why this isn't working, is sftp failing to send a
needed command?

No, your server config is probably broken:

subsystem request for sftp
subsystem: cannot stat /usr/lib/openssh/sftp-server: No such file or directory

however since you've trimmed the server logs you've removed the parts that would have shown what Match did, so I have no idea what happened.

Please either post your entire config (or reduce your config to a subset that you are willing to post), repeat the test with that config (use sshd -f reduced_config if you don't use your real config) and show the entire log.

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Relevant Pages

  • Re: sftp without being prompted for a password.
    ... >I am trying to use sftp to a server from my server. ... you're using, or which "authorization file" you put the public key in, or ... Good judgement comes with experience. ...
    (comp.security.ssh)
  • Re: Chrooted sftp setup accessible with psftp, but not sftp
    ... how is this shell created? ... subsystem request for sftp ... Please either post your entire config (or reduce your config to a subset ... Now that I know psftp is doing special stuff to get a 'sftp' session ...
    (SSH)
  • Re: Multihomed Configuration
    ... i can able to listen ssh/ sftp request from both IP ... e69001# grep "ListenAddress" sshd_config ... It's a shame to have to hard-configure both IP addresses in this config ... wonder if there is a different way to enable sshd on both NICs without ...
    (SSH)
  • Re: scp from openssh to f-secure problem
    ... > both system is running solaris 8, ... > server. ... Use sftp or install an "scp1" onto System B. ... Good judgement comes with experience. ...
    (SSH)
  • Re: ftp in Linux...
    ... > what needs to be in place in order to get sftp to work, ... Port 22. ... It's a config item (see tail end of sshd_config) plus a ...
    (comp.os.linux.networking)