[Savannah-hackers] Re: possible fix for sftp on Savannah; please try

savannah-hackers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Savannah-hackers] Re: possible fix for sftp on Savannah; please try

From:	Jonathan Walther
Subject:	[Savannah-hackers] Re: possible fix for sftp on Savannah; please try
Date:	Mon, 13 Oct 2003 15:41:38 -0700
User-agent:	Mutt/1.5.4i

On Mon, Oct 06, 2003 at 10:38:37PM +0200, Mathieu Roy wrote:

The errors always mention premature EOF on file descriptor 4.

If you could install chroot-sftp.c, that would be a tremendous help in
tracking down the problem.


Firstly, I would to know why the current thing does not work for you
while it works for me and while I was told by several others persons,
including arch users, that it works ok.


When did you last test it?  I finally got a regular Savannah user
account, and talked to other regular Savannah users, and unless they use
ssh protocol 1, which you CANNOT chroot, they also are not able to sftp
into Savannah.  If you want only chrooted sftp you have to disable ssh
protocol 1 entirely.

The shell closes all file descriptors except 0, 1, and 2 before passing
them on to programs.  The sftp server expects to by invoked by sshd, not
by a shell script, and so it is waiting for incoming data on file
descriptor 4.

For this reason I have to request you to do the following on Savannah:

 cd ~djw
 make chroot-sftp
 cp chroot-sftp /usr/local/bin

Then in /etc/ssh/sshd_config, make sure the sftp subsystem is set like
so:

 Subsystem      sftp    /usr/local/bin/chroot-sftp

Restart sshd and let us know so we can test it.

Good luck.

Jonathan

PS: Just so you can look over the source code of chroot-sftp.c, here it
is.

/* chroot-sftp.c address@hidden Sat Oct 11 21:55:36 EDT 2003
*
* Allows chrooted sftp access for Savannah projects.
*
* Ensures that all file descriptors opened by the ssh session, such as
* 4 and up, are passed to the sftp-server program.
*/

#include <unistd.h>

int
main(int argc, char** argv)
{
       chroot("/upload");
       execl("/usr/lib/sftp-server", "/usr/lib/sftp-server", NULL);
}

/*
* arch-tag: savannah:/home/djw/chroot-sftp.c
*/

--

It's not true unless it makes you laugh,but you don't understand it until it makes you weep.

   -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

                    Geek House Productions, Ltd.

 Providing Unix & Internet Contracting and Consulting,
 QA Testing, Technical Documentation, Systems Design & Implementation,
 General Programming, E-commerce, Web & Mail Services since 1998

Phone:   604-435-1205
Email:   address@hidden
Webpage: http://reactor-core.org
Address: 13685 Hilton Road, Surrey, BC

signature.asc
Description: Digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Savannah-hackers] possible fix for sftp on Savannah; please try, Jonathan Walther, 2003/10/06
- [Savannah-hackers] Re: possible fix for sftp on Savannah; please try, Mathieu Roy, 2003/10/06
  - [Savannah-hackers] Re: possible fix for sftp on Savannah; please try, Jonathan Walther, 2003/10/06
    - [Savannah-hackers] Re: possible fix for sftp on Savannah; please try, Mathieu Roy, 2003/10/06
    - [Savannah-hackers] Re: possible fix for sftp on Savannah; please try, Jonathan Walther <=
    - [Savannah-hackers] Re: possible fix for sftp on Savannah; please try, Mathieu Roy, 2003/10/14
    - [Savannah-hackers] Re: possible fix for sftp on Savannah; please try, Andreas Schwab, 2003/10/14

Prev by Date: [Savannah-hackers] submission of SLIME: The Superior Lisp Interaction Mod - savannah.nongnu.org
Next by Date: [Savannah-hackers] submission of Planets - savannah.nongnu.org
Previous by thread: [Savannah-hackers] Re: possible fix for sftp on Savannah; please try
Next by thread: [Savannah-hackers] Re: possible fix for sftp on Savannah; please try
Index(es):
- Date
- Thread