Monday, May 14, 2007

Etch, sftp and the rssh shell

And finally I discovered an issue. SFTP did not work anymore. The debug session showed:

debug1: Sending subsystem: sftp
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.2 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 0

The user only has the RSSH shell (sftp enabled) and he is further limited by the following entry in .ssh/authorized_keys:

command="/usr/lib/sftp-server" [SSH-key]

But this doesn't work anymore. /usr/lib/sftp-server now is a symlink to /usr/lib/openssh/sftp-server and I had to change the .ssh/authorized_keys for the user to:

command="/usr/lib/openssh/sftp-server" [SSH-key]

and access is granted again.


This one can be found in syslog:

rssh[xxx]: user XXX attempted to execute forbidden commands
rssh[xxx]: command: /usr/lib/sftp-server