Solaris 10 Openssh v5.3p1 sftp chroot works but denied permission
807559Sep 8 2010 — edited Sep 9 2010Hi all, I have been working for 3 days to make chroot work on Solaris 10 with openssh v5.3p1 usring http://www.minstrel.org.uk/papers/sftp/builtin/ methods. All looks great, I can open a sftp session but when I try to write I get permissin denied messages. I just can find what I am doing wrong. I have totally removed Sun ssh from the box and compiled openssh. I followed minstrel to the letter. I have tried winscp and other sftp client all with the same error permission denier from server.
Following is a openssh debug output that may help. The best I can read it it appears that all is working.
Sorry I had to delete some of the debug due to the 7500- character rule.
Thanks for any help anyone can provide.
Tom
bash-3.00# /usr/local/sbin/sshd -p 22 -D -ddd -e
debug2: load_server_config: filename /usr/local/etc/sshd_config
debug2: load_server_config: done config len = 249
debug2: parse_server_config: config /usr/local/etc/sshd_config len 249
debug3: /usr/local/etc/sshd_config:113 setting Subsystem sftp internal-sftp
debug3: checking syntax for 'Match Group sftponly'
deleted
debug1: rexec_argv[0]='/usr/local/sbin/sshd'
debug1: rexec_argv[1]='-p'
debug1: rexec_argv[2]='22'
debug1: rexec_argv[3]='-D'
debug1: rexec_argv[4]='-ddd'
debug1: rexec_argv[5]='-e'
debug2: fd 4 setting O_NONBLOCK
debug2: parse_server_config: config rexec len 249
debug3: rexec:113 setting Subsystem sftp internal-sftp
debug3: checking syntax for 'Match Group sftponly'
debug1: sshd version sshp1
debug1: Local version string SSH-2.0-ssh
debug2: fd 4 setting O_NONBLOCK
debug2: Network child is on pid 13650
debug3: Trying to reverse map address 172.31.81.200.
debug2: parse_server_config: config reprocess config len 249
debug3: checking match for 'Group sftponly' user lefler host x4500e0 addr 172.31.81.200
debug1: user lefler matched group list sftponly at line 122
debug3: match found
debug3: reprocess config:123 setting ChrootDirectory %h
debug3: reprocess config:124 setting ForceCommand internal-sftp
debug3: reprocess config:125 setting AllowTcpForwarding no
debug3: auth_shadow_acctexpired: today 14860 sp_expire -1 days left -14861
debug3: account expiration disabled
Accepted password for lefler from 172.31.81.200 port 35932 ssh2
debug3: mm_auth_password: user authenticated
debug1: monitor_child_preauth: lefler has been authenticated by privileged process
debug3: mm_get_keystate: Waiting for new keys
debug3: mm_request_receive_expect entering: type 24
debug3: mm_request_receive entering
debug3: mm_send_keystate: Sending new keys: 80ce730 80ce668
debug3: mm_newkeys_to_blob: converting 80ce730
debug3: mm_newkeys_to_blob: converting 80ce668
debug3: mm_send_keystate: New keys have been sent
debug3: mm_send_keystate: Sending compression state
debug3: mm_request_send entering: type 24
debug3: mm_send_keystate: Finished sending state
debug3: mm_newkeys_from_blob: 80ce110(118)
debug2: mac_setup: found hmac-md5
debug3: mm_get_keystate: Waiting for second key
debug3: mm_newkeys_from_blob: 80ce110(118)
debug2: mac_setup: found hmac-md5
debug3: mm_get_keystate: Getting compression state
debug3: mm_get_keystate: Getting Network I/O buffers
debug3: mm_share_sync: Share sync
debug3: mm_share_sync: Share sync end
User child is on pid 13651
debug3: mm_request_receive entering
debug3: safely_chroot: checking '/'
debug3: safely_chroot: checking '/export/'
debug3: safely_chroot: checking '/export/home/'
debug3: safely_chroot: checking '/export/home/lefler/'
debug3: safely_chroot: checking '/export/home/lefler/./'
debug3: safely_chroot: checking '/export/home/lefler/./'
Changed root directory to "/export/home/lefler/./"
debug1: permanently_set_uid: 1015/3001
debug2: set_newkeys: mode 0
debug2: set_newkeys: mode 1
debug1: Entering interactive session for SSH2.
debug2: fd 5 setting O_NONBLOCK
debug2: fd 6 setting O_NONBLOCK
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 0 win 2097152 max 32768
debug1: input_session_request
debug1: channel 0: new [server-session]
debug2: session_new: allocate (allocated 0 max 10)
debug3: session_unused: session id 0 unused
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_channel_req: channel 0 request subsystem reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req subsystem
subsystem request for sftp
debug1: subsystem: internal-sftp
debug1: Forced command (config) 'internal-sftp'
debug2: fd 4 setting TCP_NODELAY
debug2: fd 10 setting O_NONBLOCK
debug2: fd 9 setting O_NONBLOCK
debug1: do_cleanup