Hi Jimmy,
Got it working! For your own peace of mind
, here's the information you were looking for:
First, the verbose output of an sftp attempt.
Code:
user@ubuntubox:~$ sftp -v -v sft@localhost
Connecting to localhost...
OpenSSH_4.1p1 Debian-7ubuntu4.1, OpenSSL 0.9.7g 11 Apr 2005
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.1p1 Debia n-7ubuntu4.1
debug1: match: OpenSSH_4.1p1 Debian-7ubuntu4.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.1p1 Debian-7ubuntu4.1
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-gro up14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-c tr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-c tr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-gro up14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-c tr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-c tr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 137/256
debug2: bits set: 483/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:8
debug2: bits set: 475/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/user/.ssh/id_rsa ((nil))
debug2: key: /home/user/.ssh/id_dsa ((nil))
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/user/.ssh/id_rsa
debug1: Trying private key: /home/user/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
sft@localhost's password:
debug2: we sent a password packet, wait for reply
debug1: Authentication succeeded (password).
debug2: fd 4 setting O_NONBLOCK
debug1: channel 0: new [client-session]
debug2: channel 0: send open
debug1: Entering interactive session.
debug2: callback start
debug2: client_session2_setup: id 0
debug1: Sending environment.
debug1: Sending env LANG = en_GB.UTF-8
debug2: channel 0: request env confirm 0
debug1: Sending subsystem: sftp
debug2: channel 0: request subsystem confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel 0: rcvd adjust 131072
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug2: channel 0: rcvd close
debug2: channel 0: close_read
debug2: channel 0: input open -> closed
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.3 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 1
Connection closed
Second, the syslog entries for the sftp attempt.
Code:
user@ubuntubox:~$ sudo cat /var/log/syslog | tail -8
Apr 16 23:34:16 localhost rssh[26642]: setting log facility to LOG_USER
Apr 16 23:34:16 localhost rssh[26642]: allowing sftp to all users
Apr 16 23:34:16 localhost rssh[26642]: setting umask to 022
Apr 16 23:34:16 localhost rssh[26642]: chrooting all users to /home/chroot
Apr 16 23:34:16 localhost rssh[26642]: chroot cmd line: /usr/lib/rssh/rssh_chroot_helper "/home/chroot" 2 "/home/sft" /usr/lib/sftp-server
Apr 16 23:34:17 localhost rssh_chroot_helper[26642]: new session for sft, UID=1004
Apr 16 23:34:17 localhost rssh_chroot_helper[26642]: could not cd to user's home dir: /home/sft
Apr 16 23:34:17 localhost rssh_chroot_helper[26642]: execv() failed, /usr/lib/sftp-server: No such file or directory
Alright, I first noticed that chrooted /home/sft (i.e. /home/chroot/home/sft) could not be cd'd to, so I created a directory like that but I didn't think that would have much of an effect... and right I was. Another failure to sftp. The syslog entries for this attempt:
Code:
user@ubuntubox:~$ sudo cat /var/log/syslog | tail -7
Apr 16 23:45:29 localhost rssh[26982]: setting log facility to LOG_USER
Apr 16 23:45:29 localhost rssh[26982]: allowing sftp to all users
Apr 16 23:45:29 localhost rssh[26982]: setting umask to 022
Apr 16 23:45:29 localhost rssh[26982]: chrooting all users to /home/chroot
Apr 16 23:45:29 localhost rssh[26982]: chroot cmd line: /usr/lib/rssh/rssh_chroot_helper "/home/chroot" 2 "/home/sft" /usr/lib/sftp-server
Apr 16 23:45:29 localhost rssh_chroot_helper[26982]: new session for sft, UID=1004
Apr 16 23:45:29 localhost rssh_chroot_helper[26982]: execv() failed, /usr/lib/sftp-server: No such file or directory
Okaaaay... now it's looking for /usr/lib/sftp-server (i.e. /home/chroot/usr/lib/sftp-server). Why is it looking for that? I thought it would be looking for /lib/sftp-server (i.e. /home/chroot/lib/sftp-server). Let's have a look at the entire contents of /home/chroot
Code:
user@ubuntubox:/home/chroot$ ls -lR
.:
total 20
drwxr-xr-x 2 root root 4096 2006-04-16 07:40 dev
drwxr-xr-x 2 root root 4096 2006-04-16 23:41 etc
drwxr-xr-x 3 root root 4096 2006-04-16 23:41 home
drwxr-xr-x 3 root root 4096 2006-04-16 23:45 lib
drwxr-xr-x 4 root root 4096 2006-04-14 20:44 usr
./dev:
total 0
srw-rw-rw- 1 root root 0 2006-04-16 07:40 log
./etc:
total 76
-rw-r--r-- 1 root root 56431 2006-04-14 20:44 ld.so.cache
-rw-r--r-- 1 root root 63 2006-04-14 20:44 ld.so.hwcappkgs
-rw-r--r-- 1 root root 465 2006-04-14 20:44 nsswitch.conf
-rw-r--r-- 1 root root 64 2006-04-16 23:41 passwd
-rw-r--r-- 1 root root 76 2006-04-16 23:33 passwd~
./home:
total 4
drwxr-xr-x 2 root root 4096 2006-04-16 23:41 sft
./home/sft:
total 0
./lib:
total 260
-rwxr-xr-x 1 root root 88168 2006-04-14 20:47 ld-linux.so.2
-rw-r--r-- 1 root root 26332 2006-04-14 20:49 libnss_compat.so.2
-rw-r--r-- 1 root root 34268 2006-03-24 14:34 libnss_files-2.3.5.so
lrwxrwxrwx 1 root root 21 2006-04-14 20:44 libnss_files.so.2 -> libnss_files-2.3.5.so
-rw-r--r-- 1 root root 68084 2006-04-14 20:44 libselinux.so.1
-rwxr-xr-x 2 root root 27184 2006-04-14 20:44 sftp-server
drwxr-xr-x 3 root root 4096 2006-04-14 20:44 tls
./lib/tls:
total 4
drwxr-xr-x 3 root root 4096 2006-04-14 20:44 i686
./lib/tls/i686:
total 4
drwxr-xr-x 2 root root 4096 2006-04-14 20:44 cmov
./lib/tls/i686/cmov:
total 1408
-rw-r--r-- 1 root root 21864 2006-04-14 20:44 libcrypt.so.1
-rw-r--r-- 1 root root 1229936 2006-04-14 20:44 libc.so.6
-rw-r--r-- 1 root root 9580 2006-04-14 20:44 libdl.so.2
-rw-r--r-- 1 root root 76760 2006-04-14 20:44 libnsl.so.1
-rw-r--r-- 1 root root 67364 2006-04-14 20:44 libresolv.so.2
-rw-r--r-- 1 root root 9656 2006-04-14 20:44 libutil.so.1
./usr:
total 8
drwxr-xr-x 2 root root 4096 2006-04-14 20:44 bin
drwxr-xr-x 5 root root 4096 2006-04-14 20:44 lib
./usr/bin:
total 56
-rwxr-xr-x 1 root root 18960 2006-04-14 20:44 rssh
-rwxr-xr-x 1 root root 34884 2006-04-14 20:44 scp
./usr/lib:
total 92
drwxr-xr-x 3 root root 4096 2006-04-14 20:44 i686
-rw-r--r-- 1 root root 77208 2006-04-14 20:44 libz.so.1
drwxr-xr-x 2 root root 4096 2006-04-14 20:44 openssh
drwxr-xr-x 2 root root 4096 2006-04-14 20:44 rssh
./usr/lib/i686:
total 4
drwxr-xr-x 2 root root 4096 2006-04-14 20:44 cmov
./usr/lib/i686/cmov:
total 1004
-rw-r--r-- 1 root root 1022224 2006-04-14 20:44 libcrypto.so.0.9.7
./usr/lib/openssh:
total 28
-rwxr-xr-x 2 root root 27184 2006-04-14 20:44 sftp-server
./usr/lib/rssh:
total 8
-rwsr-xr-x 1 root root 6680 2006-04-14 20:44 rssh_chroot_helper
Right, sftp-server is present in /home/chroot/usr/lib/openssh and /home/chroot/lib/. Now, let's make a link in /home/chroot/usr/lib...
Code:
user@ubuntubox:/home/chroot$ sudo ln /home/chroot/usr/lib/openssh/sftp-server /home/chroot/usr/lib/
And try to sftp in...
Code:
user@ubuntubox:~$ sftp sft@localhost
Connecting to localhost...
sft@localhost's password:
sftp> pwd
Remote working directory: /home/sft
sftp> ls
test.txt
sftp> get test.txt
Fetching /home/sft/test.txt to test.txt
/home/sft/test.txt 100% 6 0.0KB/s 00:00
sftp> bye
user@ubuntubox:~$ cat ./test.txt
Successful sftp test!
Ta-daa! I am honestly not sure what went wrong during setup - was it because my /etc/sshd_config points at /usr/lib/sftp-server as the location of sftp-server?
Code:
user@ubuntubox:~$ cat /etc/ssh/sshd_config | grep sftp
Subsystem sftp /usr/lib/sftp-server
Anyway, I'm just glad to get it working. Thanks for your help, Jimmy!
// Dave
Bookmarks