ibsh shell session fails using scp/sftp
Trying to use WinSCP to connect using the ibsh shell. The logs in the WinSCP program indicate 'Connection failed. Server sent command exit status 0', but I cannot find anything in the FreeBSD logs. I am hoping to find where my FreeBSD 6.0 box is trying to execute a command so I can add it to the approved list of commands to run by the user. The /var/log/auth.log only states... May 8 09:21:28 files sshd[22864]: Accepted keyboard-interactive/pam for webtent from 192.168.1.12 port 1130 ssh2 May 8 09:21:29 files sshd[22867]: subsystem request for sftp While the /var/log/messages and /var/log/debug.log have nothing as a result of the attempt to login. Is there anywhere else this may be logging on why the session could not start? Thanks in advance! -- Robert ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ibsh shell session fails using scp/sftp
On Mon, 08 May 2006 09:28:54 -0400 Robert Fitzpatrick [EMAIL PROTECTED] wrote: Trying to use WinSCP to connect using the ibsh shell. The logs in the WinSCP program indicate 'Connection failed. Server sent command exit status 0', but I cannot find anything in the FreeBSD logs. I am hoping to find where my FreeBSD 6.0 box is trying to execute a command so I can add it to the approved list of commands to run by the user. The /var/log/auth.log only states... May 8 09:21:28 files sshd[22864]: Accepted keyboard-interactive/pam for webtent from 192.168.1.12 port 1130 ssh2 May 8 09:21:29 files sshd[22867]: subsystem request for sftp While the /var/log/messages and /var/log/debug.log have nothing as a result of the attempt to login. Is there anywhere else this may be logging on why the session could not start? Run sshd with -d. Be sure to read the manpage on what this does first, as it may be an unpleasant surprise if you're trying to work on a machine that you don't have local access to. -- Bill Moran Collaborative Fusion Inc. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ibsh shell session fails using scp/sftp
On Mon, 2006-05-08 at 09:39 -0400, Bill Moran wrote: Trying to use WinSCP to connect using the ibsh shell. The logs in the WinSCP program indicate 'Connection failed. Server sent command exit status 0', but I cannot find anything in the FreeBSD logs. I am hoping to find where my FreeBSD 6.0 box is trying to execute a command so I can add it to the approved list of commands to run by the user. The /var/log/auth.log only states... May 8 09:21:28 files sshd[22864]: Accepted keyboard-interactive/pam for webtent from 192.168.1.12 port 1130 ssh2 May 8 09:21:29 files sshd[22867]: subsystem request for sftp While the /var/log/messages and /var/log/debug.log have nothing as a result of the attempt to login. Is there anywhere else this may be logging on why the session could not start? Run sshd with -d. Be sure to read the manpage on what this does first, as it may be an unpleasant surprise if you're trying to work on a machine that you don't have local access to. Thanks, I can't seem to find all the debug messages on screen in a log file, so I'll try to not misspell or represent something here. After starting the session, it displays the subsystem message, then a 'Received SIGCHLD' and pid assignment, then the exit message... snip subsystem request for sftp debug1: sybsystem: exec() /usr/libexec/sftp-server debug1: Received SIGCHLD. debug1: session_by_pid: pid 23011 debug1: session_exit_message: session 0 channel 0 pid 23011 debug1: session_exit_message: release channel 0 debug1: session_close: session 0 pid 23011 snip I have sftp and even added exec to the approved commands along with anything else I could think of for ibsh with no luck, same messages. I tried adding /usr/libexec to my PATH, no help. files# echo $PATH /sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin:/root/bin:/usr/libexec files# cat /usr/local/etc/ibsh/globals.cmds cd ls pwd logout exit touch mkdir rm pico scp sftp sftp-server ssh sshd exec -- Robert ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ibsh
Have you looked at the scponly shell? On 5/7/06, Robert Fitzpatrick [EMAIL PROTECTED] wrote: On Sun, 2006-05-07 at 12:32 -0400, Robert Fitzpatrick wrote: Anyone using ibsh shell for locking users in to their home directory? I just found out about this googling and installed the port on my FreeBSD 6.0 box, but can't seem to get it working Sorry for posting to quickly, I found that merely editing the /etc/passwd file to change the shell did not get it done. I have ibsh shell working now, but something peculiar happening. I can login from my Linux box using ssh and all is as expected, but if I use the WinSCP program, commonly used by our staff, it does not believe there is an SFTP server running. Of course, logging in using WinSCP with a user of a different shell works perfectly. Here is ibsh commands I am allowing and the log from WinSCP... files# cat globals.cmds # Add any commands the user may execute. Even shell commands. # You have to allow logout and/or exit, so the user can logout! # cd and pwd should also be allowed. Note: other shell builtin # commands are not yet implemented! cd ls pwd logout exit . 2006-05-07 12:48:40.600 -- . 2006-05-07 12:48:40.600 WinSCP Version 3.7.6 (Build 306) (OS 5.2.3790 Service Pack 1) . 2006-05-07 12:48:40.600 Login time: Sunday, May 07, 2006 12:48:40 PM . 2006-05-07 12:48:40.600 -- . 2006-05-07 12:48:40.600 Session name: [EMAIL PROTECTED] . 2006-05-07 12:48:40.600 Host name: 192.168.1.7 (Port: 22) . 2006-05-07 12:48:40.600 User name: webtent (Password: Yes, Key file: No) . 2006-05-07 12:48:40.610 Transfer Protocol: SFTP (SCP) . 2006-05-07 12:48:40.610 SSH protocol version: 2; Compression: No . 2006-05-07 12:48:40.610 Agent forwarding: No; TIS/CryptoCard: No; KI: Yes; GSSAPI: No . 2006-05-07 12:48:40.610 Ciphers: aes,blowfish,3des,WARN,des; Ssh2DES: No . 2006-05-07 12:48:40.610 Ping type: -, Ping interval: 30 sec; Timeout: 15 sec . 2006-05-07 12:48:40.610 SSH Bugs: -,-,-,-,-,-,-,- . 2006-05-07 12:48:40.610 SFTP Bugs: -,-,- . 2006-05-07 12:48:40.610 Proxy: none . 2006-05-07 12:48:40.610 Return code variable: Autodetect; Lookup user groups: Yes . 2006-05-07 12:48:40.621 Shell: default, EOL: 0 . 2006-05-07 12:48:40.621 Local directory: default, Remote directory: home, Update: No, Cache: Yes . 2006-05-07 12:48:40.621 Cache directory changes: Yes, Permanent: Yes . 2006-05-07 12:48:40.621 Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes . 2006-05-07 12:48:40.621 Alias LS: No, Ign LS warn: Yes, Scp1 Comp: No . 2006-05-07 12:48:40.621 -- . 2006-05-07 12:48:40.771 Looking up host 192.168.1.7 . 2006-05-07 12:48:40.781 Connecting to 192.168.1.7 port 22 . 2006-05-07 12:48:40.831 Server version: SSH-2.0-OpenSSH_4.2p1 FreeBSD-20050903 . 2006-05-07 12:48:40.851 We claim version: SSH-2.0-WinSCP_release_3.7.6 . 2006-05-07 12:48:40.861 Using SSH protocol version 2 . 2006-05-07 12:48:40.881 Doing Diffie-Hellman group exchange . 2006-05-07 12:48:41.001 Doing Diffie-Hellman key exchange . 2006-05-07 12:48:42.273 Host key fingerprint is: . 2006-05-07 12:48:42.293 ssh-dss 2048 0a:59:6c:0f:b9:18:2b:68:1b:e0:5d:3b:d6:5a:e0:65 . 2006-05-07 12:48:42.313 Initialised AES-256 client-server encryption . 2006-05-07 12:48:42.333 Initialised HMAC-SHA1 client-server MAC algorithm . 2006-05-07 12:48:42.353 Initialised AES-256 server-client encryption . 2006-05-07 12:48:42.373 Initialised HMAC-SHA1 server-client MAC algorithm ! 2006-05-07 12:48:42.413 Using username webtent. ! 2006-05-07 12:48:42.523 Using keyboard-interactive authentication. . 2006-05-07 12:48:42.543 Password: prompt from server . 2006-05-07 12:48:42.563 Responding with stored password. . 2006-05-07 12:48:42.603 Access granted . 2006-05-07 12:48:42.623 Opened channel for session . 2006-05-07 12:48:42.653 Started a shell/command . 2006-05-07 12:48:42.673 -- . 2006-05-07 12:48:42.693 Using SFTP protocol. . 2006-05-07 12:48:42.724 Doing startup conversation with host. 2006-05-07 12:48:42.744 Type: SSH_FXP_INIT, Size: 5, Number: -1 . 2006-05-07 12:48:42.774 Server sent command exit status 0 . 2006-05-07 12:48:42.794 All channels closed. Disconnecting . 2006-05-07 12:48:42.824 Server closed network connection * 2006-05-07 12:48:42.854 (ESshFatal) Cannot initialize SFTP protocol. Is the host running a SFTP server? * 2006-05-07 12:48:42.854 Connection has been unexpectedly closed. Server sent command exit status 0. -- Robert ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- -- Perfection is just a word I use occasionally with mustard. --Atom Powers
ibsh
Anyone using ibsh shell for locking users in to their home directory? I just found out about this googling and installed the port on my FreeBSD 6.0 box, but can't seem to get it working files# grep ibsh /etc/shells /usr/local/bin/ibsh files# grep webtent /etc/passwd webtent:*:1002:1000:WebTent Networking, Inc.:/home/webtent:/usr/local/bin/ibsh [EMAIL PROTECTED]:~ ssh [EMAIL PROTECTED] Password: snip [EMAIL PROTECTED] cd .. [EMAIL PROTECTED] pwd /home [EMAIL PROTECTED] What am I missing? I can't find any docs or manual on the system... -- Robert ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ibsh
On Sun, 2006-05-07 at 12:32 -0400, Robert Fitzpatrick wrote: Anyone using ibsh shell for locking users in to their home directory? I just found out about this googling and installed the port on my FreeBSD 6.0 box, but can't seem to get it working Sorry for posting to quickly, I found that merely editing the /etc/passwd file to change the shell did not get it done. I have ibsh shell working now, but something peculiar happening. I can login from my Linux box using ssh and all is as expected, but if I use the WinSCP program, commonly used by our staff, it does not believe there is an SFTP server running. Of course, logging in using WinSCP with a user of a different shell works perfectly. Here is ibsh commands I am allowing and the log from WinSCP... files# cat globals.cmds # Add any commands the user may execute. Even shell commands. # You have to allow logout and/or exit, so the user can logout! # cd and pwd should also be allowed. Note: other shell builtin # commands are not yet implemented! cd ls pwd logout exit . 2006-05-07 12:48:40.600 -- . 2006-05-07 12:48:40.600 WinSCP Version 3.7.6 (Build 306) (OS 5.2.3790 Service Pack 1) . 2006-05-07 12:48:40.600 Login time: Sunday, May 07, 2006 12:48:40 PM . 2006-05-07 12:48:40.600 -- . 2006-05-07 12:48:40.600 Session name: [EMAIL PROTECTED] . 2006-05-07 12:48:40.600 Host name: 192.168.1.7 (Port: 22) . 2006-05-07 12:48:40.600 User name: webtent (Password: Yes, Key file: No) . 2006-05-07 12:48:40.610 Transfer Protocol: SFTP (SCP) . 2006-05-07 12:48:40.610 SSH protocol version: 2; Compression: No . 2006-05-07 12:48:40.610 Agent forwarding: No; TIS/CryptoCard: No; KI: Yes; GSSAPI: No . 2006-05-07 12:48:40.610 Ciphers: aes,blowfish,3des,WARN,des; Ssh2DES: No . 2006-05-07 12:48:40.610 Ping type: -, Ping interval: 30 sec; Timeout: 15 sec . 2006-05-07 12:48:40.610 SSH Bugs: -,-,-,-,-,-,-,- . 2006-05-07 12:48:40.610 SFTP Bugs: -,-,- . 2006-05-07 12:48:40.610 Proxy: none . 2006-05-07 12:48:40.610 Return code variable: Autodetect; Lookup user groups: Yes . 2006-05-07 12:48:40.621 Shell: default, EOL: 0 . 2006-05-07 12:48:40.621 Local directory: default, Remote directory: home, Update: No, Cache: Yes . 2006-05-07 12:48:40.621 Cache directory changes: Yes, Permanent: Yes . 2006-05-07 12:48:40.621 Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes . 2006-05-07 12:48:40.621 Alias LS: No, Ign LS warn: Yes, Scp1 Comp: No . 2006-05-07 12:48:40.621 -- . 2006-05-07 12:48:40.771 Looking up host 192.168.1.7 . 2006-05-07 12:48:40.781 Connecting to 192.168.1.7 port 22 . 2006-05-07 12:48:40.831 Server version: SSH-2.0-OpenSSH_4.2p1 FreeBSD-20050903 . 2006-05-07 12:48:40.851 We claim version: SSH-2.0-WinSCP_release_3.7.6 . 2006-05-07 12:48:40.861 Using SSH protocol version 2 . 2006-05-07 12:48:40.881 Doing Diffie-Hellman group exchange . 2006-05-07 12:48:41.001 Doing Diffie-Hellman key exchange . 2006-05-07 12:48:42.273 Host key fingerprint is: . 2006-05-07 12:48:42.293 ssh-dss 2048 0a:59:6c:0f:b9:18:2b:68:1b:e0:5d:3b:d6:5a:e0:65 . 2006-05-07 12:48:42.313 Initialised AES-256 client-server encryption . 2006-05-07 12:48:42.333 Initialised HMAC-SHA1 client-server MAC algorithm . 2006-05-07 12:48:42.353 Initialised AES-256 server-client encryption . 2006-05-07 12:48:42.373 Initialised HMAC-SHA1 server-client MAC algorithm ! 2006-05-07 12:48:42.413 Using username webtent. ! 2006-05-07 12:48:42.523 Using keyboard-interactive authentication. . 2006-05-07 12:48:42.543 Password: prompt from server . 2006-05-07 12:48:42.563 Responding with stored password. . 2006-05-07 12:48:42.603 Access granted . 2006-05-07 12:48:42.623 Opened channel for session . 2006-05-07 12:48:42.653 Started a shell/command . 2006-05-07 12:48:42.673 -- . 2006-05-07 12:48:42.693 Using SFTP protocol. . 2006-05-07 12:48:42.724 Doing startup conversation with host. 2006-05-07 12:48:42.744 Type: SSH_FXP_INIT, Size: 5, Number: -1 . 2006-05-07 12:48:42.774 Server sent command exit status 0 . 2006-05-07 12:48:42.794 All channels closed. Disconnecting . 2006-05-07 12:48:42.824 Server closed network connection * 2006-05-07 12:48:42.854 (ESshFatal) Cannot initialize SFTP protocol. Is the host running a SFTP server? * 2006-05-07 12:48:42.854 Connection has been unexpectedly closed. Server sent command exit status 0. -- Robert ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
