2 Replies Latest reply: Aug 6, 2010 1:55 PM by 807559 RSS

    Solaris 9 SFTP/SSH/RSSH Trouble

    807559
      Hello all,

      I'm new to this forum...hope someone can help with this.
      I've recently installed Solaris 9 on a Sun Netra T1 105 with all patches and software companion sw. My goal is to set this server up as an SFTP server....that is all. I don't want users to be able to telnet/ftp, etc.
      I've installed RSSH and followed the instructions to create a chrooted environment for my sftp users.
      I believe I'm close in getting this to work, but no cigar.
      As you can see below, sftp exits with the error:

      "debug1: Exit status 1
      Couldn't read packet: Bad file number"

      And..I have no idea why. HELP?!


      Here's where I'm at:

      [@ccap77]:/export/home/ifrancd
      # sftp -v sftptest@ccap77
      Connecting to ccap77...
      debug1: SSH args "ssh -oProtocol = 2 -s -oForwardAgent = no -oForwardX11 = no -l sftptest -v ccap77
      sftp"
      SSH Version Sun_SSH_1.0.1, protocol versions 1.5/2.0.
      debug1: Reading configuration data /etc/ssh/ssh_config
      debug1: Rhosts Authentication disabled, originating port will not be trusted.
      debug1: ssh_connect: getuid 101 geteuid 101 anon 1
      debug1: Connecting to ccap77 [10.60.9.77] port 22.
      debug1: Connection established.
      debug1: identity file /export/home/ifrancd/.ssh/id_rsa type 3
      debug1: identity file /export/home/ifrancd/.ssh/id_dsa type 3
      debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.0.1
      debug1: match: Sun_SSH_1.0.1 pat ^Sun_SSH_1\.0
      Enabling compatibility mode for protocol 2.0
      debug1: Local version string SSH-2.0-Sun_SSH_1.0.1
      debug1: sent kexinit: diffie-hellman-group1-sha1
      debug1: sent kexinit: ssh-rsa,ssh-dss
      debug1: sent kexinit: aes128-cbc,blowfish-cbc,3des-cbc,rijndael128-cbc
      debug1: sent kexinit: aes128-cbc,blowfish-cbc,3des-cbc,rijndael128-cbc
      debug1: sent kexinit: hmac-sha1,hmac-md5
      debug1: sent kexinit: hmac-sha1,hmac-md5
      debug1: sent kexinit: none
      debug1: sent kexinit: none
      debug1: sent kexinit:
      debug1: sent kexinit:
      debug1: send KEXINIT
      debug1: done
      debug1: wait KEXINIT
      debug1: got kexinit: diffie-hellman-group1-sha1
      debug1: got kexinit: ssh-rsa,ssh-dss
      debug1: got kexinit: aes128-cbc,blowfish-cbc,3des-cbc
      debug1: got kexinit: aes128-cbc,blowfish-cbc,3des-cbc
      debug1: got kexinit: hmac-sha1,hmac-md5
      debug1: got kexinit: hmac-sha1,hmac-md5
      debug1: got kexinit: none,zlib
      debug1: got kexinit: none,zlib
      debug1: got kexinit: C,geo,lcttab,iso_8859_15,iso_8859_1,en_CA,en_CA.ISO8859-1,en_US,en_US.ISO8859-1
      ,en_US.ISO8859-15,en_US.ISO8859-15@euro,es,es_MX,es_MX.ISO8859-1,fr,fr_CA,fr_CA.ISO8859-1
      debug1: got kexinit: C,geo,lcttab,iso_8859_15,iso_8859_1,en_CA,en_CA.ISO8859-1,en_US,en_US.ISO8859-1
      ,en_US.ISO8859-15,en_US.ISO8859-15@euro,es,es_MX,es_MX.ISO8859-1,fr,fr_CA,fr_CA.ISO8859-1
      debug1: first kex follow: 0
      debug1: reserved: 0
      debug1: done
      debug1: kex: server->client unable to decide common locale
      debug1: kex: server->client aes128-cbc hmac-sha1 none
      debug1: kex: client->server unable to decide common locale
      debug1: kex: client->server aes128-cbc hmac-sha1 none
      debug1: Sending SSH2_MSG_KEXDH_INIT.
      debug1: bits set: 520/1024
      debug1: Wait SSH2_MSG_KEXDH_REPLY.
      debug1: Got SSH2_MSG_KEXDH_REPLY.
      debug1: Host 'ccap77' is known and matches the RSA host key.
      debug1: Found key in /export/home/ifrancd/.ssh/known_hosts:2
      debug1: bits set: 523/1024
      debug1: ssh_rsa_verify: signature correct
      debug1: Wait SSH2_MSG_NEWKEYS.
      debug1: GOT SSH2_MSG_NEWKEYS.
      debug1: send SSH2_MSG_NEWKEYS.
      debug1: done: send SSH2_MSG_NEWKEYS.
      debug1: done: KEX2.
      debug1: send SSH2_MSG_SERVICE_REQUEST
      debug1: service_accept: ssh-userauth
      debug1: got SSH2_MSG_SERVICE_ACCEPT
      Welcome to CCAP77. This system is for authorized users only. Unauthorized access is prohibited and p
      unishable by law.
      debug1: authentications that can continue: publickey,password
      debug1: next auth method to try is publickey
      debug1: key does not exist: /export/home/ifrancd/.ssh/id_rsa
      debug1: key does not exist: /export/home/ifrancd/.ssh/id_dsa
      debug1: next auth method to try is password
      sftptest@ccap77's password:
      debug1: ssh-userauth2 successfull: method password
      debug1: fd 6 setting O_NONBLOCK
      debug1: fd 7 IS O_NONBLOCK
      debug1: channel 0: new [client-session]
      debug1: send channel open 0
      debug1: Entering interactive session.
      debug1: client_init id 0 arg 0
      debug1: Sending subsystem: sftp
      debug1: channel 0: open confirm rwindow 0 rmax 16384
      debug1: channel_input_channel_request: channel: 0 rcvd request for exit-status reply 0
      debug1: cb_fn 2b77c cb_event 91
      debug1: channel 0: rcvd eof
      debug1: channel 0: output open->drain
      debug1: channel 0: obuf empty
      debug1: channel 0: output drain->closed
      debug1: channel 0: close_write
      debug1: channel 0: rcvd close
      debug1: channel 0: input open->closed
      debug1: channel 0: close_read
      debug1: channel 0: send close
      debug1: channel 0: full closed2
      debug1: channel_free: channel 0: status: The following connections are open:
      #0 client-session (t4 r0 i8/0 o128/0 fd -1/-1)

      debug1: channel_free: channel 0: dettaching channel user
      debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.0 seconds
      debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
      debug1: Exit status 1
      Couldn't read packet: Bad file number
      [@ccap77]:/export/home/ifrancd
      #


      Any help would be most appreciated.
      Thanks in advance,
      Dave