Hi,
To make a long story short, here's how it goes :
I have created a chrooted environement for a user 'webmaster' in my server. I have generated a ssh key and am able to connect via ssh or sftp with this key to the user account when user shell is /bin/bash. Now, I would like to restrict the access to sftp, so I changed /etc/passwd line from
webmaster:x:1001:100::/home/webmaster/./home/webmaster/:/bin/bash
to
webmaster:x:1001:100::/home/webmaster/./home/webmaster/:/usr/bin/rssh
And in rssh.conf, I uncommented the desired lines :
allowscp
allowsftp
#allowcvs
#allowrdist
#allowrsync
Well, what was working previously doesn't any longer. And I can't figure out why...
Here's sftp -vvvv output (beginning truncated) :
Enter passphrase for key 'id_dsa':
debug1: read PEM private key done: type DSA
debug1: Authentication succeeded (publickey).
debug2: fd 4 setting O_NONBLOCK
debug3: fd 5 is O_NONBLOCK
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Entering interactive session.
debug2: callback start
debug2: client_session2_setup: id 0
debug1: Sending subsystem: sftp
debug2: channel 0: request subsystem confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel 0: rcvd adjust 131072
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug2: channel 0: rcvd close
debug2: channel 0: close_read
debug2: channel 0: input open -> closed
debug3: channel 0: will not send data after close
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
#0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cfd -1)
debug3: channel 0: close_fds r -1 w -1 e 6 c -1
debug1: fd 0 clearing O_NONBLOCK
debug3: fd 1 is not O_NONBLOCK
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.3 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 1
Connection closed
The password is accepted but the connection is closed as soon as it is opened.
Do you understand why from these lines ?
I do not