Re: SFTP HP-UX Secure Shell A.03.81

CITEC HP TEAM · ‎12-21-2004

Hi,

Set up chrooted user as per HP-UX Secure Shell A.03.81 http://docs.hp.com/en/T1471-90011/index.html

When trying to sftp get error after entering password:

debug1: Exit status 134
Connection closed

Does anyone know what error code 134 refers to?

Tks,
Belinda

Michael Selvesteen_2 · ‎12-21-2004

Hello,

Check the following:

1. Run the server and client in debug mode to trace out possible error.

2.Check whether you have copied all the libraries specified in document to the new root ( try /opt/ssh/ssh_chroot_setup.sh)

3. Set Usepam no in sshd_config and restart the server and test the connection.

4. Refer your syslog for any clues about the failure.

5.Did ssh works? if then check whether you have copied sftp-subsystem to chroot user.

6. Check the following sshd_config directive

# override default of no subsystems
Subsystem sftp /opt/ssh/libexec/sftp-server

This should be uncommented and the subsytem should reside in

/newroot/opt/ssh/libexec/sftp-server

8. Try HP Secure Shell (A.03.91) which is newer version.

Still problem exists post your server and client debug messages

Hope this helps

--
M

CITEC HP TEAM · ‎12-21-2004

Hi Michael,

Tks for your quick reply:

1. Run the server and client in debug mode to trace out possible error.

Done - only get error
debug1: Exit status 134
Connection closed
on client side

2.Check whether you have copied all the libraries specified in document to the new root ( try /opt/ssh/ssh_chroot_setup.sh)

Created user via this script for ssh & sftp

3. Set Usepam no in sshd_config and restart the server and test the connection.

Set PAM to no & restarted sshd

4. Refer your syslog for any clues about the failure.

Dec 22 16:44:11 host sshd[13475]: Accepted keyboard-interactive/pam for sftpuser from 165.240.0.204 port 57562 ssh2
Dec 22 16:44:11 host sshd[13489]: subsystem request for sftp

5.Did ssh works? if then check whether you have copied sftp-subsystem to chroot user.

Yes ssh works

6. Check the following sshd_config directive

# override default of no subsystems
Subsystem sftp /opt/ssh/libexec/sftp-server

/home/chroot # cat /opt/ssh/etc/sshd_config | grep sftp
Subsystem sftp /opt/ssh/libexec/sftp-server

This should be uncommented and the subsytem should reside in

/newroot/opt/ssh/libexec/sftp-server

yes copy is here in chroot dir

8. Try HP Secure Shell (A.03.91) which is newer version.

Yet to try

Still problem exists post your server and client debug messages

Still getting Error exit status 134

CITEC HP TEAM · ‎12-21-2004

debug info posted.

Tks,
Belinda

Michael Selvesteen_2 · ‎12-21-2004

Hi,

Check the permissons of sftp subsystem

it should be simillar to

-rwxr-xr-x 1 bin bin 314532 Dec 9 12:55 /newroot/opt/ssh/libexec/sftp-server

check the following block in server debug messages:

subsystem request for sftp
debug1: subsystem: exec() /opt/ssh/libexec/sftp-server
debug2: fd 14 setting O_NONBLOCK
debug2: fd 13 setting O_NONBLOCK

Post the detailed Server debug message.

--
M

Ermin Borovac · ‎12-22-2004

Have a look in ${chroot_dir}/usr/lib. If you see the following

lrwxr-xr-x 1 root sys 21 Dec 22 23:40 libcom_err.sl -> /usr/lib/libcom_err.1
lrwxr-xr-x 1 root sys 22 Dec 22 23:40 libk5crypto.sl -> /usr/lib/libk5crypto.1
lrwxr-xr-x 1 root sys 18 Dec 22 23:40 libkrb5.sl -> /usr/lib/libkrb5.1
lrwxr-xr-x 1 root sys 23 Dec 22 23:40 libgssapi_krb5.sl -> ./gss/libgssapi_krb5.sl

delete symbolic links and copy the libraries from /usr/lib.

Also you may find that libpthread.1 is missing in the chrooted directory, so copy it to ${chroot_dir}/usr/lib.

CITEC HP TEAM · ‎12-22-2004

Michael,

Server debug bolock attached.

Permissions 755 on sftp-server

/home/chroot/opt/ssh/libexec # ll
total 336
-rwxr-xr-x 1 bin bin 172032 Jul 3 00:52 sftp-server

Tks,
Belinda

CITEC HP TEAM · ‎12-22-2004

Ermin,

removed links and copied files from /usr/lib as suggested. Also copied libpthread.1. Still getting error 134.

Belinda

Steven E. Protter · ‎12-22-2004

Suggestion: Temporarily remove the chroot configuration for the user and re-test.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Ermin Borovac · ‎12-22-2004

Could you please try the following and see if it returns any errors?

# /usr/sbin/chroot /home/chroot /opt/ssh/libexec/sftp-server

CITEC HP TEAM · ‎12-22-2004

Hi Steven,

Yes when I remove the chroot env then sftp works fine.

/home/chroot/./home/sftpuser -> /home/chroot/home/sftpuser

debug1: Sending subsystem: sftp
debug2: channel 0: request subsystem
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel 0: rcvd adjust 131072
debug2: Remote version: 3
debug3: Sent message fd 6 T:16 I:1
debug3: SSH_FXP_REALPATH . -> /home/chroot/home/sftpuser
sftp>

I though it may be a permission problem, but I have set everything up as per the HP instructions.

Belinda

CITEC HP TEAM · ‎12-22-2004

Guys we have success! I think it may be due to the library links.

Off to award some points. Appreciate all your input.

Cheers,

Belinda

CITEC HP TEAM · ‎12-22-2004

See above.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: SFTP HP-UX Secure Shell A.03.81

SFTP HP-UX Secure Shell A.03.81