HPE Community
Operating System - HP-UX
1819682 Members
3776 Online
109605 Solutions
New Discussion юеВ

Re: sftp, chrooted, connection closed

 
Enrique Valencia
Occasional Advisor

тАО05-14-2008 08:51 AM

тАО05-14-2008 08:51 AM

sftp, chrooted, connection closed

Hi!. I have a user in /etc/passwd banco:*:500:200:chrooted user:/home/banco_d/./home/banco:/opt/ssh/etc/s
ftponly

The ftponly shell is:

#!/bin/sh
# The shell used here must be /bin/sh
# Shell arguments must be -c /opt/ssh/libexec/sftp-server
if [ "$1" != "-c" -o "$2" != "/opt/ssh/libexec/sftp-server" ]
then
echo "Error: sftpshell only runs the sftp-server program."
exit 1
fi

shift 2
/opt/ssh/libexec/sftp-server $*

When I tried to do a connection, it says "Connection Closed"
The sftponly is in the directories /home/banco/opt/ssh/etc and /home/bancomer/bin

What else can I do?
0 Kudos
6 REPLIES 6
Ivan Krastev
Honored Contributor

тАО05-14-2008 09:01 AM

тАО05-14-2008 09:01 AM

Re: sftp, chrooted, connection closed

Check syslog file on the server - /var/adm/syslog/syslog.log
Try to collect more info during logging: sftp -vvv ...


regards,
ivan
0 Kudos
Enrique Valencia
Occasional Advisor

тАО05-14-2008 09:11 AM

тАО05-14-2008 09:11 AM

Re: sftp, chrooted, connection closed

Hi, this is the syslog.
May 14 11:53:27 lfmxh49 sshd[29893]: Accepted keyboard-interactive/pam for banco
mer from 128.2.0.3 port 63704 ssh2

and the output is:

$ sftp -v banco@server
Connecting to server...
OpenSSH_4.4p1-hpn12v11, OpenSSL 0.9.7l 28 Sep 2006
HP-UX Secure Shell-A.04.40.006, HP-UX Secure Shell version
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug1: Connecting to server [170.X.X.X] port 22.
debug1: Connection established.
debug1: identity file /home/abatres/.ssh/id_rsa type -1
debug1: identity file /home/abatres/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.2p1-hpn
debug1: match: OpenSSH_4.2p1-hpn pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.4p1-hpn12v11
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'server' is known and matches the RSA host key.
debug1: Found key in /home/abatres/.ssh/known_hosts:5
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interacti
ve
debug1: Next authentication method: publickey
debug1: Trying private key: /home/abatres/.ssh/id_rsa
debug1: Offering public key: /home/abatres/.ssh/id_dsa
debug1: Authentications that can continue: publickey,password,keyboard-interacti
ve
debug1: Next authentication method: keyboard-interactive
Password:
debug1: Authentication succeeded (keyboard-interactive).
debug1: Final hpn_buffer_size = 131072
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending subsystem: sftp
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
debug1: fd 1 clearing O_NONBLOCK
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.0 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 141
Connection closed
0 Kudos
Enrique Valencia
Occasional Advisor

тАО05-14-2008 09:11 AM

тАО05-14-2008 09:11 AM

Re: sftp, chrooted, connection closed

Hi, this is the syslog.
May 14 11:53:27 lfmxh49 sshd[29893]: Accepted keyboard-interactive/pam for banco from 128.2.0.3 port 63704 ssh2

and the output is:

$ sftp -v banco@server
Connecting to server...
OpenSSH_4.4p1-hpn12v11, OpenSSL 0.9.7l 28 Sep 2006
HP-UX Secure Shell-A.04.40.006, HP-UX Secure Shell version
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug1: Connecting to server [170.X.X.X] port 22.
debug1: Connection established.
debug1: identity file /home/abatres/.ssh/id_rsa type -1
debug1: identity file /home/abatres/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.2p1-hpn
debug1: match: OpenSSH_4.2p1-hpn pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.4p1-hpn12v11
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'server' is known and matches the RSA host key.
debug1: Found key in /home/abatres/.ssh/known_hosts:5
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interacti
ve
debug1: Next authentication method: publickey
debug1: Trying private key: /home/abatres/.ssh/id_rsa
debug1: Offering public key: /home/abatres/.ssh/id_dsa
debug1: Authentications that can continue: publickey,password,keyboard-interacti
ve
debug1: Next authentication method: keyboard-interactive
Password:
debug1: Authentication succeeded (keyboard-interactive).
debug1: Final hpn_buffer_size = 131072
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending subsystem: sftp
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
debug1: fd 1 clearing O_NONBLOCK
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.0 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 141
Connection closed
0 Kudos
Enrique Valencia
Occasional Advisor

тАО05-14-2008 09:11 AM

тАО05-14-2008 09:11 AM

Re: sftp, chrooted, connection closed

Hi, this is the syslog.
May 14 11:53:27 server sshd[29893]: Accepted keyboard-interactive/pam for banco from 128.2.0.3 port 63704 ssh2

and the output is:

$ sftp -v banco@server
Connecting to server...
OpenSSH_4.4p1-hpn12v11, OpenSSL 0.9.7l 28 Sep 2006
HP-UX Secure Shell-A.04.40.006, HP-UX Secure Shell version
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug1: Connecting to server [170.X.X.X] port 22.
debug1: Connection established.
debug1: identity file /home/abatres/.ssh/id_rsa type -1
debug1: identity file /home/abatres/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.2p1-hpn
debug1: match: OpenSSH_4.2p1-hpn pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.4p1-hpn12v11
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'server' is known and matches the RSA host key.
debug1: Found key in /home/abatres/.ssh/known_hosts:5
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interacti
ve
debug1: Next authentication method: publickey
debug1: Trying private key: /home/abatres/.ssh/id_rsa
debug1: Offering public key: /home/abatres/.ssh/id_dsa
debug1: Authentications that can continue: publickey,password,keyboard-interacti
ve
debug1: Next authentication method: keyboard-interactive
Password:
debug1: Authentication succeeded (keyboard-interactive).
debug1: Final hpn_buffer_size = 131072
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending subsystem: sftp
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
debug1: fd 1 clearing O_NONBLOCK
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.0 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 141
Connection closed
0 Kudos
Enrique Valencia
Occasional Advisor

тАО05-14-2008 01:04 PM

тАО05-14-2008 01:04 PM

Re: sftp, chrooted, connection closed

I'll open again
0 Kudos
Ivan Krastev
Honored Contributor

тАО05-14-2008 10:54 PM

тАО05-14-2008 10:54 PM

Re: sftp, chrooted, connection closed

Upgrade your ssh version.
See the release notes:

Defect Fixed in HP-UX Secure Shell A.04.50.009, A.04.50.010, and
A.04.50.011
HP-UX Secure Shell versions A.04.50.009, A.04.50.010, and A.04.50.011 include the
following defect fix:
JAGag41959 When the ssh_chroot_setup.sh script is run and a user attempts
to sftp to the server, the following error message is displayed:
SSH -vvv:
...
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.4
seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 141
Connection closed

regards,
ivan
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.