beachcracker
MIS
Hello all,
I'm new to this forum...hope someone can help with this.
I've recently installed Solaris 9 on a Sun Netra T1 105 with all patches and software companion sw. My goal is to set this server up as an SFTP server....that is all. I don't want users to be able to telnet/ftp, etc.
I've installed RSSH and followed the instructions to create a chrooted environment for my sftp users.
I believe I'm close in getting this to work, but no cigar.
As you can see below, sftp exits with the error:
"debug1: Exit status 1
Couldn't read packet: Bad file number"
And..I have no idea why. HELP?!
Here's where I'm at:
[@ccap77]:/export/home/ifrancd
# sftp -v sftptest@ccap77
Connecting to ccap77...
debug1: SSH args "ssh -oProtocol = 2 -s -oForwardAgent = no -oForwardX11 = no -l sftptest -v ccap77
sftp"
SSH Version Sun_SSH_1.0.1, protocol versions 1.5/2.0.
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: getuid 101 geteuid 101 anon 1
debug1: Connecting to ccap77 [10.60.9.77] port 22.
debug1: Connection established.
debug1: identity file /export/home/ifrancd/.ssh/id_rsa type 3
debug1: identity file /export/home/ifrancd/.ssh/id_dsa type 3
debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.0.1
debug1: match: Sun_SSH_1.0.1 pat ^Sun_SSH_1\.0
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.0.1
debug1: sent kexinit: diffie-hellman-group1-sha1
debug1: sent kexinit: ssh-rsa,ssh-dss
debug1: sent kexinit: aes128-cbc,blowfish-cbc,3des-cbc,rijndael128-cbc
debug1: sent kexinit: aes128-cbc,blowfish-cbc,3des-cbc,rijndael128-cbc
debug1: sent kexinit: hmac-sha1,hmac-md5
debug1: sent kexinit: hmac-sha1,hmac-md5
debug1: sent kexinit: none
debug1: sent kexinit: none
debug1: sent kexinit:
debug1: sent kexinit:
debug1: send KEXINIT
debug1: done
debug1: wait KEXINIT
debug1: got kexinit: diffie-hellman-group1-sha1
debug1: got kexinit: ssh-rsa,ssh-dss
debug1: got kexinit: aes128-cbc,blowfish-cbc,3des-cbc
debug1: got kexinit: aes128-cbc,blowfish-cbc,3des-cbc
debug1: got kexinit: hmac-sha1,hmac-md5
debug1: got kexinit: hmac-sha1,hmac-md5
debug1: got kexinit: none,zlib
debug1: got kexinit: none,zlib
debug1: got kexinit: C,geo,lcttab,iso_8859_15,iso_8859_1,en_CA,en_CA.ISO8859-1,en_US,en_US.ISO8859-1
,en_US.ISO8859-15,en_US.ISO8859-15@euro,es,es_MX,es_MX.ISO8859-1,fr,fr_CA,fr_CA.ISO8859-1
debug1: got kexinit: C,geo,lcttab,iso_8859_15,iso_8859_1,en_CA,en_CA.ISO8859-1,en_US,en_US.ISO8859-1
,en_US.ISO8859-15,en_US.ISO8859-15@euro,es,es_MX,es_MX.ISO8859-1,fr,fr_CA,fr_CA.ISO8859-1
debug1: first kex follow: 0
debug1: reserved: 0
debug1: done
debug1: kex: server->client unable to decide common locale
debug1: kex: server->client aes128-cbc hmac-sha1 none
debug1: kex: client->server unable to decide common locale
debug1: kex: client->server aes128-cbc hmac-sha1 none
debug1: Sending SSH2_MSG_KEXDH_INIT.
debug1: bits set: 520/1024
debug1: Wait SSH2_MSG_KEXDH_REPLY.
debug1: Got SSH2_MSG_KEXDH_REPLY.
debug1: Host 'ccap77' is known and matches the RSA host key.
debug1: Found key in /export/home/ifrancd/.ssh/known_hosts:2
debug1: bits set: 523/1024
debug1: ssh_rsa_verify: signature correct
debug1: Wait SSH2_MSG_NEWKEYS.
debug1: GOT SSH2_MSG_NEWKEYS.
debug1: send SSH2_MSG_NEWKEYS.
debug1: done: send SSH2_MSG_NEWKEYS.
debug1: done: KEX2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
Welcome to CCAP77. This system is for authorized users only. Unauthorized access is prohibited and p
unishable by law.
debug1: authentications that can continue: publickey,password
debug1: next auth method to try is publickey
debug1: key does not exist: /export/home/ifrancd/.ssh/id_rsa
debug1: key does not exist: /export/home/ifrancd/.ssh/id_dsa
debug1: next auth method to try is password
sftptest@ccap77's password:
debug1: ssh-userauth2 successfull: method password
debug1: fd 6 setting O_NONBLOCK
debug1: fd 7 IS O_NONBLOCK
debug1: channel 0: new [client-session]
debug1: send channel open 0
debug1: Entering interactive session.
debug1: client_init id 0 arg 0
debug1: Sending subsystem: sftp
debug1: channel 0: open confirm rwindow 0 rmax 16384
debug1: channel_input_channel_request: channel: 0 rcvd request for exit-status reply 0
debug1: cb_fn 2b77c cb_event 91
debug1: channel 0: rcvd eof
debug1: channel 0: output open->drain
debug1: channel 0: obuf empty
debug1: channel 0: output drain->closed
debug1: channel 0: close_write
debug1: channel 0: rcvd close
debug1: channel 0: input open->closed
debug1: channel 0: close_read
debug1: channel 0: send close
debug1: channel 0: full closed2
debug1: channel_free: channel 0: status: The following connections are open:
#0 client-session (t4 r0 i8/0 o128/0 fd -1/-1)
debug1: channel_free: channel 0: dettaching channel user
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.0 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 1
Couldn't read packet: Bad file number
[@ccap77]:/export/home/ifrancd
#
Any help would be most appreciated.
Thanks in advance,
Dave
I'm new to this forum...hope someone can help with this.
I've recently installed Solaris 9 on a Sun Netra T1 105 with all patches and software companion sw. My goal is to set this server up as an SFTP server....that is all. I don't want users to be able to telnet/ftp, etc.
I've installed RSSH and followed the instructions to create a chrooted environment for my sftp users.
I believe I'm close in getting this to work, but no cigar.
As you can see below, sftp exits with the error:
"debug1: Exit status 1
Couldn't read packet: Bad file number"
And..I have no idea why. HELP?!
Here's where I'm at:
[@ccap77]:/export/home/ifrancd
# sftp -v sftptest@ccap77
Connecting to ccap77...
debug1: SSH args "ssh -oProtocol = 2 -s -oForwardAgent = no -oForwardX11 = no -l sftptest -v ccap77
sftp"
SSH Version Sun_SSH_1.0.1, protocol versions 1.5/2.0.
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: getuid 101 geteuid 101 anon 1
debug1: Connecting to ccap77 [10.60.9.77] port 22.
debug1: Connection established.
debug1: identity file /export/home/ifrancd/.ssh/id_rsa type 3
debug1: identity file /export/home/ifrancd/.ssh/id_dsa type 3
debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.0.1
debug1: match: Sun_SSH_1.0.1 pat ^Sun_SSH_1\.0
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.0.1
debug1: sent kexinit: diffie-hellman-group1-sha1
debug1: sent kexinit: ssh-rsa,ssh-dss
debug1: sent kexinit: aes128-cbc,blowfish-cbc,3des-cbc,rijndael128-cbc
debug1: sent kexinit: aes128-cbc,blowfish-cbc,3des-cbc,rijndael128-cbc
debug1: sent kexinit: hmac-sha1,hmac-md5
debug1: sent kexinit: hmac-sha1,hmac-md5
debug1: sent kexinit: none
debug1: sent kexinit: none
debug1: sent kexinit:
debug1: sent kexinit:
debug1: send KEXINIT
debug1: done
debug1: wait KEXINIT
debug1: got kexinit: diffie-hellman-group1-sha1
debug1: got kexinit: ssh-rsa,ssh-dss
debug1: got kexinit: aes128-cbc,blowfish-cbc,3des-cbc
debug1: got kexinit: aes128-cbc,blowfish-cbc,3des-cbc
debug1: got kexinit: hmac-sha1,hmac-md5
debug1: got kexinit: hmac-sha1,hmac-md5
debug1: got kexinit: none,zlib
debug1: got kexinit: none,zlib
debug1: got kexinit: C,geo,lcttab,iso_8859_15,iso_8859_1,en_CA,en_CA.ISO8859-1,en_US,en_US.ISO8859-1
,en_US.ISO8859-15,en_US.ISO8859-15@euro,es,es_MX,es_MX.ISO8859-1,fr,fr_CA,fr_CA.ISO8859-1
debug1: got kexinit: C,geo,lcttab,iso_8859_15,iso_8859_1,en_CA,en_CA.ISO8859-1,en_US,en_US.ISO8859-1
,en_US.ISO8859-15,en_US.ISO8859-15@euro,es,es_MX,es_MX.ISO8859-1,fr,fr_CA,fr_CA.ISO8859-1
debug1: first kex follow: 0
debug1: reserved: 0
debug1: done
debug1: kex: server->client unable to decide common locale
debug1: kex: server->client aes128-cbc hmac-sha1 none
debug1: kex: client->server unable to decide common locale
debug1: kex: client->server aes128-cbc hmac-sha1 none
debug1: Sending SSH2_MSG_KEXDH_INIT.
debug1: bits set: 520/1024
debug1: Wait SSH2_MSG_KEXDH_REPLY.
debug1: Got SSH2_MSG_KEXDH_REPLY.
debug1: Host 'ccap77' is known and matches the RSA host key.
debug1: Found key in /export/home/ifrancd/.ssh/known_hosts:2
debug1: bits set: 523/1024
debug1: ssh_rsa_verify: signature correct
debug1: Wait SSH2_MSG_NEWKEYS.
debug1: GOT SSH2_MSG_NEWKEYS.
debug1: send SSH2_MSG_NEWKEYS.
debug1: done: send SSH2_MSG_NEWKEYS.
debug1: done: KEX2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
Welcome to CCAP77. This system is for authorized users only. Unauthorized access is prohibited and p
unishable by law.
debug1: authentications that can continue: publickey,password
debug1: next auth method to try is publickey
debug1: key does not exist: /export/home/ifrancd/.ssh/id_rsa
debug1: key does not exist: /export/home/ifrancd/.ssh/id_dsa
debug1: next auth method to try is password
sftptest@ccap77's password:
debug1: ssh-userauth2 successfull: method password
debug1: fd 6 setting O_NONBLOCK
debug1: fd 7 IS O_NONBLOCK
debug1: channel 0: new [client-session]
debug1: send channel open 0
debug1: Entering interactive session.
debug1: client_init id 0 arg 0
debug1: Sending subsystem: sftp
debug1: channel 0: open confirm rwindow 0 rmax 16384
debug1: channel_input_channel_request: channel: 0 rcvd request for exit-status reply 0
debug1: cb_fn 2b77c cb_event 91
debug1: channel 0: rcvd eof
debug1: channel 0: output open->drain
debug1: channel 0: obuf empty
debug1: channel 0: output drain->closed
debug1: channel 0: close_write
debug1: channel 0: rcvd close
debug1: channel 0: input open->closed
debug1: channel 0: close_read
debug1: channel 0: send close
debug1: channel 0: full closed2
debug1: channel_free: channel 0: status: The following connections are open:
#0 client-session (t4 r0 i8/0 o128/0 fd -1/-1)
debug1: channel_free: channel 0: dettaching channel user
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.0 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 1
Couldn't read packet: Bad file number
[@ccap77]:/export/home/ifrancd
#
Any help would be most appreciated.
Thanks in advance,
Dave