Re: Trouble getting sftp working.
Brought to you by:
xystrus
From: Derek M. <co...@pi...> - 2003-09-01 13:59:41
|
On Mon, Sep 01, 2003 at 11:06:18PM +1000, Ben Birnbaum wrote: > Hi, > > My final goal is to have a chrooted sftp system setup but currently > I can't even get the sftp to work in a non-chrooted environment.... Ok, I see the problem: > checking for sftp-server... /usr/lib/sftp-server [SNIP] > logfacility = LOG_USER # you can use comments at end of line > #allowscp > allowsftp > umask = 022 > #chrootpath="/usr/local/chroot dir" > user=sftptest:011:10 Note that you don't NEED a per-user config line if all your users will be set up with the same restrictions... The defaults should be configured (by the sysadmin) to allow the most common case to do what they need to do. In most cases, you shouldn't need a per-user config line, and I advocate not using it unless you do. > Sep 1 22:34:56 unreal rssh[21732]: allowing sftp to user sftptest > Sep 1 22:34:56 unreal rssh[21732]: user sftptest attempted to execute forbidden commands > Sep 1 22:34:56 unreal rssh[21732]: command: sftp-server This is because rssh is expecting the sftp client to pass it the full path to the sftp-server. What are you using on the client side? If you're using the OpenSSH sftp client, it SHOULD do that. But I guess there's no guarantee... I have run into this problem with certain clients, and I have fixed this in 2.1.2, which I haven't released yet. I believe it's ready for release, but the reason I haven't released it yet is because I added code to allow cvs, rsync, and rdist, which I have not had time to test. If you want to try it out, I could e-mail you a tarball. But I won't be able to do it until at least Friday, because I'm right in the middle of moving to another country, and I won't have access to e-mail again until at least then. :) FWIW, if you actually ran this command: $ ssh remotehost /usr/lib/sftp-server it should allow you to connect. I'm not positive it will work beyond that, but I think it will. Obviously, that's not a permanent solution, but it should at least let you test things... -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0x81CFE75D |