LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 01-05-2012, 09:41 AM   #1
td3201
Member
 
Registered: Jan 2002
Location: Omaha, NE US
Distribution: Red Hat/CentOS
Posts: 224

Rep: Reputation: 30
Question sftp issue - logs attached


Hello,

I am having some challenges getting SFTP to work on RHEL 6 server. I am trying from the localhost. The session disconnects with no information. I increased debug level on both client and server, logs below, but nothing stands out to me.

1. user's shell is set to /bin/false
2. user is part of sftp local group
3. pam_access has this configuration:

+:anotherlocalgroup:10.
+:sftp:ALL
+:ALL:cron crond
-:ALL:ALL

4. No special changes to sshd_config from the default shipped with RHEL 6.
5. I tried removing .bashrc and .bash_profile files for this account
6. I tried removing the pam_access.so from SSH completely


Here's the logs from the server side:
Jan 5 09:11:30 server01 sshd[7402]: debug1: Forked child 7507.
Jan 5 09:11:30 server01 sshd[7507]: debug1: rexec start in 5 out 5 newsock 5 pipe 8 sock 9
Jan 5 09:11:30 server01 sshd[7507]: debug1: inetd sockets after dupping: 3, 3
Jan 5 09:11:30 server01 sshd[7507]: Connection from 1.2.3.4 port 14896
Jan 5 09:11:30 server01 sshd[7507]: debug1: Client protocol version 2.0; client software version OpenSSH_5.6
Jan 5 09:11:30 server01 sshd[7507]: debug1: match: OpenSSH_5.6 pat OpenSSH*
Jan 5 09:11:30 server01 sshd[7507]: debug1: Enabling compatibility mode for protocol 2.0
Jan 5 09:11:30 server01 sshd[7507]: debug1: Local version string SSH-2.0-OpenSSH_5.3
Jan 5 09:11:30 server01 sshd[7508]: debug1: permanently_set_uid: 74/74
Jan 5 09:11:30 server01 sshd[7508]: debug1: list_hostkey_types: ssh-rsa,ssh-dss
Jan 5 09:11:30 server01 sshd[7508]: debug1: SSH2_MSG_KEXINIT sent
Jan 5 09:11:30 server01 sshd[7508]: debug1: SSH2_MSG_KEXINIT received
Jan 5 09:11:30 server01 sshd[7508]: debug1: kex: client->server aes128-ctr hmac-md5 none
Jan 5 09:11:30 server01 sshd[7508]: debug1: kex: server->client aes128-ctr hmac-md5 none
Jan 5 09:11:30 server01 sshd[7508]: debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
Jan 5 09:11:30 server01 sshd[7508]: debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
Jan 5 09:11:30 server01 sshd[7508]: debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
Jan 5 09:11:30 server01 sshd[7508]: debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
Jan 5 09:11:30 server01 sshd[7508]: debug1: SSH2_MSG_NEWKEYS sent
Jan 5 09:11:30 server01 sshd[7508]: debug1: expecting SSH2_MSG_NEWKEYS
Jan 5 09:11:30 server01 sshd[7508]: debug1: SSH2_MSG_NEWKEYS received
Jan 5 09:11:30 server01 sshd[7508]: debug1: KEX done
Jan 5 09:11:30 server01 sshd[7508]: debug1: userauth-request for user jdoe service ssh-connection method none
Jan 5 09:11:30 server01 sshd[7508]: debug1: attempt 0 failures 0
Jan 5 09:11:30 server01 sshd[7507]: debug1: PAM: initializing for "jdoe"
Jan 5 09:11:30 server01 sshd[7507]: debug1: PAM: setting PAM_RHOST to "wsip-98-188-202-245.om.om.cox.net"
Jan 5 09:11:30 server01 sshd[7507]: debug1: PAM: setting PAM_TTY to "ssh"
Jan 5 09:11:30 server01 sshd[7508]: debug1: userauth-request for user jdoe service ssh-connection method keyboard-interactive
Jan 5 09:11:30 server01 sshd[7508]: debug1: attempt 1 failures 0
Jan 5 09:11:30 server01 sshd[7508]: debug1: keyboard-interactive devs
Jan 5 09:11:30 server01 sshd[7508]: debug1: auth2_challenge: user=jdoe devs=
Jan 5 09:11:30 server01 sshd[7508]: debug1: kbdint_alloc: devices 'pam'
Jan 5 09:11:30 server01 sshd[7508]: debug1: auth2_challenge_start: trying authentication method 'pam'
Jan 5 09:11:30 server01 sshd[7508]: Postponed keyboard-interactive for jdoe from 1.2.3.4 port 14896 ssh2
Jan 5 09:11:32 server01 sshd[7509]: debug1: do_pam_account: called
Jan 5 09:11:37 server01 sshd[7507]: debug1: PAM: num PAM env strings 0
Jan 5 09:11:37 server01 sshd[7508]: Postponed keyboard-interactive/pam for jdoe from 1.2.3.4 port 14896 ssh2
Jan 5 09:11:38 server01 sshd[7507]: debug1: do_pam_account: called
Jan 5 09:11:38 server01 sshd[7507]: Accepted keyboard-interactive/pam for jdoe from 1.2.3.4 port 14896 ssh2
Jan 5 09:11:38 server01 sshd[7507]: debug1: monitor_child_preauth: jdoe has been authenticated by privileged process
Jan 5 09:11:38 server01 sshd[7507]: debug1: temporarily_use_uid: 1502/1502 (e=0/0)
Jan 5 09:11:38 server01 sshd[7507]: debug1: ssh_gssapi_storecreds: Not a GSSAPI mechanism
Jan 5 09:11:38 server01 sshd[7507]: debug1: restore_uid: 0/0
Jan 5 09:11:38 server01 sshd[7507]: debug1: SELinux support disabled
Jan 5 09:11:38 server01 sshd[7507]: debug1: PAM: establishing credentials
Jan 5 09:11:38 server01 sshd[7507]: pam_unix(sshd:session): session opened for user jdoe by (uid=0)
Jan 5 09:11:38 server01 sshd[7507]: User child is on pid 7512
Jan 5 09:11:38 server01 sshd[7512]: debug1: PAM: establishing credentials
Jan 5 09:11:38 server01 sshd[7512]: debug1: permanently_set_uid: 1502/1502
Jan 5 09:11:38 server01 sshd[7512]: debug1: Entering interactive session for SSH2.
Jan 5 09:11:38 server01 sshd[7512]: debug1: server_init_dispatch_20
Jan 5 09:11:38 server01 sshd[7512]: debug1: server_input_channel_open: ctype session rchan 0 win 2097152 max 32768
Jan 5 09:11:38 server01 sshd[7512]: debug1: input_session_request
Jan 5 09:11:38 server01 sshd[7512]: debug1: channel 0: new [server-session]
Jan 5 09:11:38 server01 sshd[7512]: debug1: session_new: session 0
Jan 5 09:11:38 server01 sshd[7512]: debug1: session_open: channel 0
Jan 5 09:11:38 server01 sshd[7512]: debug1: session_open: session 0: link with channel 0
Jan 5 09:11:38 server01 sshd[7512]: debug1: server_input_channel_open: confirm session
Jan 5 09:11:38 server01 sshd[7512]: debug1: server_input_global_request: rtype no-more-sessions@openssh.com want_reply 0
Jan 5 09:11:38 server01 sshd[7512]: debug1: server_input_channel_req: channel 0 request env reply 0
Jan 5 09:11:38 server01 sshd[7512]: debug1: session_by_channel: session 0 channel 0
Jan 5 09:11:38 server01 sshd[7512]: debug1: session_input_channel_req: session 0 req env
Jan 5 09:11:38 server01 sshd[7512]: debug1: server_input_channel_req: channel 0 request subsystem reply 1
Jan 5 09:11:38 server01 sshd[7512]: debug1: session_by_channel: session 0 channel 0
Jan 5 09:11:38 server01 sshd[7512]: debug1: session_input_channel_req: session 0 req subsystem
Jan 5 09:11:38 server01 sshd[7512]: subsystem request for sftp
Jan 5 09:11:38 server01 sshd[7512]: debug1: subsystem: exec() /usr/libexec/openssh/sftp-server
Jan 5 09:11:38 server01 sshd[7507]: debug1: session_new: session 0
Jan 5 09:11:38 server01 sshd[7512]: debug1: Received SIGCHLD.
Jan 5 09:11:38 server01 sshd[7512]: debug1: session_by_pid: pid 7513
Jan 5 09:11:38 server01 sshd[7512]: debug1: session_exit_message: session 0 channel 0 pid 7513
Jan 5 09:11:38 server01 sshd[7512]: debug1: session_exit_message: release channel 0
Jan 5 09:11:38 server01 sshd[7512]: debug1: session_by_channel: session 0 channel 0
Jan 5 09:11:38 server01 sshd[7512]: debug1: session_close_by_channel: channel 0 child 0
Jan 5 09:11:38 server01 sshd[7512]: debug1: session_close: session 0 pid 0
Jan 5 09:11:38 server01 sshd[7512]: debug1: channel 0: free: server-session, nchannels 1
Jan 5 09:11:38 server01 sshd[7512]: Received disconnect from 1.2.3.4: 11: disconnected by user
Jan 5 09:11:38 server01 sshd[7512]: debug1: do_cleanup
Jan 5 09:11:38 server01 sshd[7507]: debug1: do_cleanup
Jan 5 09:11:38 server01 sshd[7507]: debug1: PAM: cleanup
Jan 5 09:11:38 server01 sshd[7507]: debug1: PAM: closing session
Jan 5 09:11:38 server01 sshd[7507]: pam_unix(sshd:session): session closed for user jdoe
Jan 5 09:11:38 server01 sshd[7507]: debug1: PAM: deleting credentials

And here are the client logs:
[root@server01 jdoe]# sftp -v jdoe@localhost
Connecting to localhost...
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to localhost [::1] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_0' not found

debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_0' not found

debug1: Unspecified GSS failure. Minor code may provide more information


debug1: Unspecified GSS failure. Minor code may provide more information


debug1: Next authentication method: publickey
debug1: Offering public key: /root/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:
debug1: Authentication succeeded (keyboard-interactive).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: Sending subsystem: sftp
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
Transferred: sent 1904, received 2184 bytes, in 0.0 seconds
Bytes per second: sent 45594.9, received 52300.1
debug1: Exit status 1
Connection closed
[root@server01 jdoe]#

Last edited by td3201; 01-05-2012 at 09:46 AM.
 
Old 01-05-2012, 01:59 PM   #2
lithos
Senior Member
 
Registered: Jan 2010
Location: SI : 45.9531, 15.4894
Distribution: CentOS, OpenNA/Trustix, testing desktop openSuse 12.1 /Cinnamon/KDE4.8
Posts: 1,144

Rep: Reputation: 217Reputation: 217Reputation: 217
This is way too much text in the post, use [[code]] tags for pasting the outputs, like:
Code:
Jan 5 09:11:30 server01 sshd[7402]: debug1: Forked child 7507.
Jan 5 09:11:30 server01 sshd[7507]: debug1: rexec start in 5 out 5 newsock 5 pipe 8 sock 9
Jan 5 09:11:30 server01 sshd[7507]: debug1: inetd sockets after dupping: 3, 3
Jan 5 09:11:30 server01 sshd[7507]: Connection from 1.2.3.4 port 14896
Jan 5 09:11:30 server01 sshd[7507]: debug1: Client protocol version 2.0; client software version OpenSSH_5.6
Jan 5 09:11:30 server01 sshd[7507]: debug1: match: OpenSSH_5.6 pat OpenSSH*
Jan 5 09:11:30 server01 sshd[7507]: debug1: Enabling compatibility mode for protocol 2.0
Jan 5 09:11:30 server01 sshd[7507]: debug1: Local version string SSH-2.0-OpenSSH_5.3
Jan 5 09:11:30 server01 sshd[7508]: debug1: permanently_set_uid: 74/74
Jan 5 09:11:30 server01 sshd[7508]: debug1: list_hostkey_types: ssh-rsa,ssh-dss
Jan 5 09:11:30 server01 sshd[7508]: debug1: SSH2_MSG_KEXINIT sent
Jan 5 09:11:30 server01 sshd[7508]: debug1: SSH2_MSG_KEXINIT received
Jan 5 09:11:30 server01 sshd[7508]: debug1: kex: client->server aes128-ctr hmac-md5 none
Jan 5 09:11:30 server01 sshd[7508]: debug1: kex: server->client aes128-ctr hmac-md5 none
Jan 5 09:11:30 server01 sshd[7508]: debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
Jan 5 09:11:30 server01 sshd[7508]: debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
Jan 5 09:11:30 server01 sshd[7508]: debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
Jan 5 09:11:30 server01 sshd[7508]: debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
Jan 5 09:11:30 server01 sshd[7508]: debug1: SSH2_MSG_NEWKEYS sent
Jan 5 09:11:30 server01 sshd[7508]: debug1: expecting SSH2_MSG_NEWKEYS
Jan 5 09:11:30 server01 sshd[7508]: debug1: SSH2_MSG_NEWKEYS received
Jan 5 09:11:30 server01 sshd[7508]: debug1: KEX done
Jan 5 09:11:30 server01 sshd[7508]: debug1: userauth-request for user jdoe service ssh-connection method none
Jan 5 09:11:30 server01 sshd[7508]: debug1: attempt 0 failures 0
Jan 5 09:11:30 server01 sshd[7507]: debug1: PAM: initializing for "jdoe"
Jan 5 09:11:30 server01 sshd[7507]: debug1: PAM: setting PAM_RHOST to "wsip-98-188-202-245.om.om.cox.net"
Jan 5 09:11:30 server01 sshd[7507]: debug1: PAM: setting PAM_TTY to "ssh"
Jan 5 09:11:30 server01 sshd[7508]: debug1: userauth-request for user jdoe service ssh-connection method keyboard-interactive
Jan 5 09:11:30 server01 sshd[7508]: debug1: attempt 1 failures 0
Jan 5 09:11:30 server01 sshd[7508]: debug1: keyboard-interactive devs
Jan 5 09:11:30 server01 sshd[7508]: debug1: auth2_challenge: user=jdoe devs=
Jan 5 09:11:30 server01 sshd[7508]: debug1: kbdint_alloc: devices 'pam'
Jan 5 09:11:30 server01 sshd[7508]: debug1: auth2_challenge_start: trying authentication method 'pam'
Jan 5 09:11:30 server01 sshd[7508]: Postponed keyboard-interactive for jdoe from 1.2.3.4 port 14896 ssh2
Jan 5 09:11:32 server01 sshd[7509]: debug1: do_pam_account: called
Jan 5 09:11:37 server01 sshd[7507]: debug1: PAM: num PAM env strings 0
Jan 5 09:11:37 server01 sshd[7508]: Postponed keyboard-interactive/pam for jdoe from 1.2.3.4 port 14896 ssh2
Jan 5 09:11:38 server01 sshd[7507]: debug1: do_pam_account: called
Jan 5 09:11:38 server01 sshd[7507]: Accepted keyboard-interactive/pam for jdoe from 1.2.3.4 port 14896 ssh2
Jan 5 09:11:38 server01 sshd[7507]: debug1: monitor_child_preauth: jdoe has been authenticated by privileged process
Jan 5 09:11:38 server01 sshd[7507]: debug1: temporarily_use_uid: 1502/1502 (e=0/0)
Jan 5 09:11:38 server01 sshd[7507]: debug1: ssh_gssapi_storecreds: Not a GSSAPI mechanism
Jan 5 09:11:38 server01 sshd[7507]: debug1: restore_uid: 0/0
Jan 5 09:11:38 server01 sshd[7507]: debug1: SELinux support disabled
Jan 5 09:11:38 server01 sshd[7507]: debug1: PAM: establishing credentials
Jan 5 09:11:38 server01 sshd[7507]: pam_unix(sshd:session): session opened for user jdoe by (uid=0)
Jan 5 09:11:38 server01 sshd[7507]: User child is on pid 7512
Jan 5 09:11:38 server01 sshd[7512]: debug1: PAM: establishing credentials
Jan 5 09:11:38 server01 sshd[7512]: debug1: permanently_set_uid: 1502/1502
Jan 5 09:11:38 server01 sshd[7512]: debug1: Entering interactive session for SSH2.
Jan 5 09:11:38 server01 sshd[7512]: debug1: server_init_dispatch_20
Jan 5 09:11:38 server01 sshd[7512]: debug1: server_input_channel_open: ctype session rchan 0 win 2097152 max 32768
Jan 5 09:11:38 server01 sshd[7512]: debug1: input_session_request
Jan 5 09:11:38 server01 sshd[7512]: debug1: channel 0: new [server-session]
Jan 5 09:11:38 server01 sshd[7512]: debug1: session_new: session 0
Jan 5 09:11:38 server01 sshd[7512]: debug1: session_open: channel 0
Jan 5 09:11:38 server01 sshd[7512]: debug1: session_open: session 0: link with channel 0
Jan 5 09:11:38 server01 sshd[7512]: debug1: server_input_channel_open: confirm session
Jan 5 09:11:38 server01 sshd[7512]: debug1: server_input_global_request: rtype no-more-sessions@openssh.com want_reply 0
Jan 5 09:11:38 server01 sshd[7512]: debug1: server_input_channel_req: channel 0 request env reply 0
Jan 5 09:11:38 server01 sshd[7512]: debug1: session_by_channel: session 0 channel 0
Jan 5 09:11:38 server01 sshd[7512]: debug1: session_input_channel_req: session 0 req env
Jan 5 09:11:38 server01 sshd[7512]: debug1: server_input_channel_req: channel 0 request subsystem reply 1
Jan 5 09:11:38 server01 sshd[7512]: debug1: session_by_channel: session 0 channel 0
Jan 5 09:11:38 server01 sshd[7512]: debug1: session_input_channel_req: session 0 req subsystem
Jan 5 09:11:38 server01 sshd[7512]: subsystem request for sftp
Jan 5 09:11:38 server01 sshd[7512]: debug1: subsystem: exec() /usr/libexec/openssh/sftp-server
Jan 5 09:11:38 server01 sshd[7507]: debug1: session_new: session 0
Jan 5 09:11:38 server01 sshd[7512]: debug1: Received SIGCHLD.
Jan 5 09:11:38 server01 sshd[7512]: debug1: session_by_pid: pid 7513
Jan 5 09:11:38 server01 sshd[7512]: debug1: session_exit_message: session 0 channel 0 pid 7513
Jan 5 09:11:38 server01 sshd[7512]: debug1: session_exit_message: release channel 0
Jan 5 09:11:38 server01 sshd[7512]: debug1: session_by_channel: session 0 channel 0
Jan 5 09:11:38 server01 sshd[7512]: debug1: session_close_by_channel: channel 0 child 0
Jan 5 09:11:38 server01 sshd[7512]: debug1: session_close: session 0 pid 0
Jan 5 09:11:38 server01 sshd[7512]: debug1: channel 0: free: server-session, nchannels 1
Jan 5 09:11:38 server01 sshd[7512]: Received disconnect from 1.2.3.4: 11: disconnected by user
Jan 5 09:11:38 server01 sshd[7512]: debug1: do_cleanup
Jan 5 09:11:38 server01 sshd[7507]: debug1: do_cleanup
Jan 5 09:11:38 server01 sshd[7507]: debug1: PAM: cleanup
Jan 5 09:11:38 server01 sshd[7507]: debug1: PAM: closing session
Jan 5 09:11:38 server01 sshd[7507]: pam_unix(sshd:session): session closed for user jdoe
Jan 5 09:11:38 server01 sshd[7507]: debug1: PAM: deleting credentials
And here are the client logs:
Code:
[root@server01 jdoe]# sftp -v jdoe@localhost
Connecting to localhost...
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to localhost [::1] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_0' not found

debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_0' not found

debug1: Unspecified GSS failure. Minor code may provide more information


debug1: Unspecified GSS failure. Minor code may provide more information


debug1: Next authentication method: publickey
debug1: Offering public key: /root/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:
debug1: Authentication succeeded (keyboard-interactive).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: Sending subsystem: sftp
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
Transferred: sent 1904, received 2184 bytes, in 0.0 seconds
Bytes per second: sent 45594.9, received 52300.1
debug1: Exit status 1
Connection closed
[root@server01 jdoe]#
and then:

1. user's shell is set to /bin/false

Are you seriously trying with no shell to do the login ?
Perhaps it would be better if you set it to:
Code:
/bin/bash
and then try to connect first only SSH and login, then SFTP
 
Old 01-05-2012, 02:28 PM   #3
td3201
Member
 
Registered: Jan 2002
Location: Omaha, NE US
Distribution: Red Hat/CentOS
Posts: 224

Original Poster
Rep: Reputation: 30
Good tip on code, thanks.

Perhaps I assumed (incorrectly) that you don't have to have a shell to SFTP. I changed it to bash and I am able to sftp fine.

The root problem here I am trying to solve here is allowing some users to SFTP in but not be able to SSH in with a shell.
 
Old 01-05-2012, 05:24 PM   #4
lithos
Senior Member
 
Registered: Jan 2010
Location: SI : 45.9531, 15.4894
Distribution: CentOS, OpenNA/Trustix, testing desktop openSuse 12.1 /Cinnamon/KDE4.8
Posts: 1,144

Rep: Reputation: 217Reputation: 217Reputation: 217
well,
it seems that it's not possible without restricting the shell for user (without actual shell)

so modified shells are out there
- LQ allowing-sftp-without-giving-a-shell -> post #6
- rssh-shell
- sftp chroot

I hope something will help you

good luck
 
Old 01-05-2012, 05:26 PM   #5
td3201
Member
 
Registered: Jan 2002
Location: Omaha, NE US
Distribution: Red Hat/CentOS
Posts: 224

Original Poster
Rep: Reputation: 30
Thanks. I ended up going with rssh. It works pretty well. The chrooting is a disaster so I am forcing SCP for now. We'll see how far I can take that.
 
Old 01-05-2012, 07:28 PM   #6
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,287

Rep: Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034
Actually, Openssh offers an sftp-only option; see section 7 onwards here http://adamsworld.name/chrootjailv5.php
 
  


Reply

Tags
sftp, ssh


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Getting SFTP logs from a chroot jail beairstos Linux - Server 1 10-01-2009 08:20 AM
Secured FTP sftp logs maneesh.shetty Linux - General 1 08-09-2009 02:08 AM
Iptables (with masq) troubleshooting, very simple script attached script and logs. xinu Linux - Networking 13 11-01-2007 04:19 AM
Logs fot SFTP Koven Linux - Security 1 06-22-2005 10:14 PM
Internet connection too slow!I have attached the logs for your assistance ignacius_n Fedora 3 08-27-2004 12:59 PM


All times are GMT -5. The time now is 11:59 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration