Re: possible fix for sftp on Savannah; please try

Re: possible fix for sftp on Savannah; please try

[Jonathan Walther]

[-- Attachment #1.1: Type: text/plain, Size: 2480 bytes --]

On Mon, Oct 06, 2003 at 10:38:37PM +0200, Mathieu Roy wrote:
>> The errors always mention premature EOF on file descriptor 4.
>> 
>> If you could install chroot-sftp.c, that would be a tremendous help in
>> tracking down the problem.
>
>Firstly, I would to know why the current thing does not work for you
>while it works for me and while I was told by several others persons,
>including arch users, that it works ok.

When did you last test it?  I finally got a regular Savannah user
account, and talked to other regular Savannah users, and unless they use
ssh protocol 1, which you CANNOT chroot, they also are not able to sftp
into Savannah.  If you want only chrooted sftp you have to disable ssh
protocol 1 entirely.

The shell closes all file descriptors except 0, 1, and 2 before passing
them on to programs.  The sftp server expects to by invoked by sshd, not
by a shell script, and so it is waiting for incoming data on file
descriptor 4.

For this reason I have to request you to do the following on Savannah:

  cd ~djw
  make chroot-sftp
  cp chroot-sftp /usr/local/bin

Then in /etc/ssh/sshd_config, make sure the sftp subsystem is set like
so:

  Subsystem	sftp	/usr/local/bin/chroot-sftp

Restart sshd and let us know so we can test it.

Good luck.

Jonathan

PS: Just so you can look over the source code of chroot-sftp.c, here it
is.

/* chroot-sftp.c krooger@debian.org Sat Oct 11 21:55:36 EDT 2003
 *
 * Allows chrooted sftp access for Savannah projects.
 *
 * Ensures that all file descriptors opened by the ssh session, such as
 * 4 and up, are passed to the sftp-server program.
 */

#include <unistd.h>

int
main(int argc, char** argv)
{
        chroot("/upload");
        execl("/usr/lib/sftp-server", "/usr/lib/sftp-server", NULL);
}

/*
 * arch-tag: savannah:/home/djw/chroot-sftp.c
 */

-- 

    It's not true unless it makes you laugh,                           
             but you don't understand it until it makes you weep.      

    -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

                     Geek House Productions, Ltd.

  Providing Unix & Internet Contracting and Consulting,
  QA Testing, Technical Documentation, Systems Design & Implementation,
  General Programming, E-commerce, Web & Mail Services since 1998

Phone:   604-435-1205
Email:   djw@reactor-core.org
Webpage: http://reactor-core.org
Address: 13685 Hilton Road, Surrey, BC

[-- Attachment #1.2: Digital signature --]
[-- Type: application/pgp-signature, Size: 307 bytes --]

[-- Attachment #2: Type: text/plain, Size: 214 bytes --]

_______________________________________________
Gnu-arch-users mailing list
Gnu-arch-users@gnu.org
http://mail.gnu.org/mailman/listinfo/gnu-arch-users

GNU arch home page:
http://savannah.gnu.org/projects/gnu-arch/

Re: possible fix for sftp on Savannah; please try

[Mathieu Roy]

Jonathan Walther <krooger@debian.org> said:

> On Mon, Oct 06, 2003 at 10:38:37PM +0200, Mathieu Roy wrote:
> >> The errors always mention premature EOF on file descriptor 4.
> >> If you could install chroot-sftp.c, that would be a tremendous help
> >> in
> >> tracking down the problem.
> >
> >Firstly, I would to know why the current thing does not work for you
> >while it works for me and while I was told by several others persons,
> >including arch users, that it works ok.
> 
> When did you last test it?

The last time its configuration was changed.

> I finally got a regular Savannah user account, and talked to other
> regular Savannah users, and unless they use ssh protocol 1, which
> you CANNOT chroot,

We chroot it and it works chrooted.


Since you apparently do not believe me when I say that, please look at
the following:


moa@dionysos:~$ sftp -1 svtest@sv.gnu.org:/
Connecting to sv.gnu.org...
Enter passphrase for RSA key '/home/moa/.ssh/id_rsa1': 
Changing to: /
sftp> ls
.
..
123tkshop
7pages
9box
Andrew-Toolkit.README
Flush
FreelyAvailableTexts
Only
README
README.obst
Socket
[...]
sftp> ls /usr/bin
/usr/bin/.
/usr/bin/..
/usr/bin/sftp

It definitely works.



> The shell closes all file descriptors except 0, 1, and 2 before passing
> them on to programs.  The sftp server expects to by invoked by sshd, not
> by a shell script, and so it is waiting for incoming data on file
> descriptor 4.

This account is an usual account.

You requested a special account in order to help us but apparently you
always refers to specific issues related to this non-usual account.

The last time I was on IRC for almost one hour with people from your
project and I left only when it was said it was working. The
configuration did not changed. 

So please, can we have the error messages you get, with an usual
account?
(didn't asked for that information before?)
We are not about to fix something unless we have some clue about
reproducibility of the problem, unless we are able to confirm that
there is really a problem on the server side.






-- 
Mathieu Roy
 
  Homepage:
    http://yeupou.coleumes.org
  Not a native english speaker: 
    http://stock.coleumes.org/doc.php?i=/misc-files/flawed-english

Re: possible fix for sftp on Savannah; please try

[Andreas Schwab]

Jonathan Walther <krooger@debian.org> writes:

> The shell closes all file descriptors except 0, 1, and 2 before passing
> them on to programs.

A POSIX shell is not allowed to do that.  Are you by chance using a C
shell?

Andreas.

-- 
Andreas Schwab, SuSE Labs, schwab@suse.de
SuSE Linux AG, Deutschherrnstr. 15-19, D-90429 Nürnberg
Key fingerprint = 58CA 54C7 6D53 942B 1756  01D3 44D5 214B 8276 4ED5
"And now for something completely different."