Re: Chrooted sftp setup accessible with psftp, but not sftp

2009/7/22 Darren Tucker <dtucker@xxxxxxxxxx>:
Connecting with psftp works, here is the sshd log:
http://www.bluebottle.net.au/putty-sshd.txt
And the client log:
http://www.bluebottle.net.au/putty-psftp.txt

No, it has the same problem with sftp but falls back to using a shell, which
works:

Opened channel for session
Primary command failed; attempting fallback
Started a shell/command

Out of interest, how is this shell created? The default shell is
/bin/false, and sending a command through with ssh (eg `ssh
user@server ls -l .`) does nothing.

[...]
No, your server config is probably broken:

subsystem request for sftp
subsystem: cannot stat /usr/lib/openssh/sftp-server: No such file or
directory

however since you've trimmed the server logs you've removed the parts that
would have shown what Match did, so I have no idea what happened.

Please either post your entire config (or reduce your config to a subset
that you are willing to post), repeat the test with that config (use sshd -f
reduced_config if you don't use your real config) and show the entire log.

Sure,
http://www.bluebottle.net.au/sshd_config.txt
http://www.bluebottle.net.au/sftp-sshd-full.txt
http://www.bluebottle.net.au/sftp-sftp-full.txt

Now that I know psftp is doing special stuff to get a 'sftp' session
working, is the issue something relating to sftp-server not being in
the chroot? The sshd_config manpage entry for ChrootDirectory seems to
state this isn't neccessary, but I could be misreading.

AJ

Relevant Pages

  • Re: [kde-linux] lost part of shell screen
    ... I have figured out that the GUI and the shell are ... knowledge based on that more or less standard config just went right out ... Duncan - List replies preferred. ... I tried to drag it to the menubar, ...
    (KDE)
  • SUMMARY: Non-interactive sftp
    ... whilst not allowing an interactive shell for this use. ... I had neglected to consider that sftp is simply an ssh subsystem - ... All of my research has led me to believe this is a permissions ... permissions on the mount-point where the destination filesystem ...
    (SunManagers)
  • Re: [kde-linux] lost part of shell screen
    ... in my Konqueror. ... This shell thing very possibly may take advantage of KDE's "kiosk ... knowledge based on that more or less standard config just went right out ...
    (KDE)
  • Re: SSH
    ... SFTP and SCP all go to port 22 by default? ... Don't you just love that unix command line uniformity? ... No, but if you must play with Unix, you must either live with the shell ...
    (comp.os.vms)
  • [HPADM] SUMMARY Restricted SFTP without user being able to SSH into server
    ... they suggestions did not fit the desired security level. ... Setup a chroot environment for sftp. ... this script as the shell for the account. ... When I do an sftp to that server, I get a message "illegal user XYZ from ...
    (HP-UX-Admin)