topic Re: sftp with chroot in Operating System - HP-UX

sftp with chroot

SUSSERE_1 — Fri, 11 Feb 2005 10:30:44 GMT

i tried use sftp on 11.00 and this the reponse from host
Connection closed

in fact, this is my command
host1[/]sftp alan@IP
Connecting to IP...
Password:
Connection closed
could you help me?
ps:
i used script to configure chrooted user (supplied from HP Secure ssh):
ssh_chroot_setup.sh

Re: sftp with chroot

David Child_1 — Fri, 11 Feb 2005 10:45:37 GMT

Sussere,

First, does ssh work from the host you are running sftp from? Try;

[alan]$ ssh IP ls

Password will depend on how you have ssh set up. If that doesn't work you can try;

[alan]$ ssh -vvv IP ls

This should provide more details.

If ssh is working fine then just ignore my reply.

David

Re: sftp with chroot

Steven E. Protter — Fri, 11 Feb 2005 10:54:50 GMT

On the target server:

ps -ef | grep sshd

Make sure the sshd daemon is actually running.

SEP

Re: sftp with chroot

Sergejs Svitnevs — Fri, 11 Feb 2005 11:06:06 GMT

Please check that the rules in the file /etc/hosts.allow on the server host allow connection to the SSH daemon from your workstation.

Regards,
Sergejs

Re: sftp with chroot

SUSSERE_1 — Mon, 14 Feb 2005 04:30:30 GMT

Hello,

I am no problem whith ssh, tcp_wrapper is not installed, /var/adm/inetd.sec doesn't exist, there are details of connection:
# sftp -v alan@IP
Connecting to localhost...
OpenSSH_3.8, OpenSSL 0.9.7d 17 Mar 2004
HP-UX_Secure_Shell-A.03.81.002, HP_UX Secure Shell version
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug1: Connecting to IP
port 22.
debug1: Connection established.
debug1: identity file /.ssh/id_rsa type -1
debug1: identity file /.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.8
debug1: match: OpenSSH_3.8 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.8
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /.ssh/id_rsa
debug1: Trying private key: /.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
alan@localhost's password:
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending subsystem: sftp
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
debug1: fd 1 clearing O_NONBLOCK
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.2 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 134
Connection closed

I don't understand, may be there are some incorrect parameters in /opt/ssh/etc/???

help.

Re: sftp with chroot

SUSSERE_1 — Fri, 18 Feb 2005 04:25:54 GMT

i uploaded the last version
T1471AA A.03.91.002 HP-UX Secure Shell

and now it works very fine!

Re: sftp with chroot

Rob Prewitt — Tue, 12 Apr 2005 10:30:08 GMT

There could be a problem with the ssh_chroot_setup.sh script in HP-UX Secure Shell A.03.81.002.

I was receiving the similar results that you were seeing. I then removed the version A.03.81.002 and installed A.03.91.002. I compared the directories created under the user's jailed directory and found that under /newroot/usr/lib/ there were some missing libraries and the gss directory.

To correct the problem for version A.03.81.002, I performed the following steps:
cp -rp /usr/lib/gss /newroot/usr/lib/
cp -p /usr/lib/libpthread.1 /newroot/usr/lib
cp -p /usr/lib/libxcurses.1 /newroot/usr/lib

After copying these libraries and the directory, I had a jailed sftp user account.

Re: sftp with chroot

ITSD-ACCS — Fri, 29 Jul 2005 21:42:54 GMT

I am using HP-UX Secure_Shell A.03.81.004 and I have run the ssh_chroot_setup.sh but I still can't jail the user "MEG", Please see below :

sftp MEG@0
Connecting to 0...
Password:
sftp> ls
. ..
sftp> cd ..
sftp> ls
. .. MEG
sftp> cd ..
sftp> ls
. .. bin dev etc home opt sbin usr var

I even tried to copy the lib files : gss, libpthread.1 and libxcurses.1 as told, but still I can netvigate anywhere I wanted to. Does any one know why ?