Hello, I've setup a Debian Lenny server with a chroot environment and some users have a "scponlyc" shell. There's a Cisco Linksys router to access to internet forwarding port 22. The problem is that users have to do several attemps to connect to the server, after 6 or more attemps to connect sometimes they can login. I have no idea why they have to try to connect so many times, and why the connection is closed until they can connect.
sshd_config file have no special options set, and the passwd line for a scponly user is like: npuyal:x:2002:2002::/var/lib/vz/private/101//home/npuyal:/usr/sbin/scponlyc I repeat: after trying to connect several times they finally login. I attach sshd with debug level log enabled and sftp command output in verbose mode. I paste some relevant lines here: From sshd log: Jan 27 08:47:40 blau-debian-02 sshd[30813]: Accepted password for npuyal from 192.168.1.1 port 39184 ssh2 Jan 27 08:47:40 blau-debian-02 sshd[30815]: debug1: SELinux support disabled ... Jan 27 08:47:40 blau-debian-02 sshd[30815]: debug1: subsystem: exec() /usr/lib/openssh/sftp-server Jan 27 08:47:40 blau-debian-02 sshd[30815]: debug1: Received SIGCHLD. From sftp -vvv: debug1: Authentication succeeded (password). debug1: Entering interactive session. ... debug2: channel 0: rcvd eow debug2: channel 0: close_read debug2: channel 0: input open -> closed debug2: channel 0: rcvd eof debug2: channel 0: output open -> drain debug2: channel 0: obuf empty debug2: channel 0: close_write debug2: channel 0: output drain -> closed debug2: channel 0: rcvd close debug3: channel 0: will not send data after close debug2: channel 0: almost dead Any idea? Thanks -- Marc Olivé Grup Blau marc.ol...@grupblau.com Tel. + 34 977 87 07 02 Tel i Fax. + 34 977 87 05 07 Plaça d'en Canós 9-11, 2on 1a Espluga de Francolí Tarragona www.grupblau.com
Jan 27 08:47:36 blau-debian-02 sshd[30791]: debug1: Forked child 30813. Jan 27 08:47:36 blau-debian-02 sshd[30813]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8 Jan 27 08:47:36 blau-debian-02 sshd[30813]: debug1: inetd sockets after dupping: 3, 3 Jan 27 08:47:36 blau-debian-02 sshd[30813]: Connection from 192.168.1.1 port 39184 Jan 27 08:47:36 blau-debian-02 sshd[30813]: debug1: Client protocol version 2.0; client software version OpenSSH_5.1p1 Debian-5 Jan 27 08:47:36 blau-debian-02 sshd[30813]: debug1: match: OpenSSH_5.1p1 Debian-5 pat OpenSSH* Jan 27 08:47:36 blau-debian-02 sshd[30813]: debug1: Enabling compatibility mode for protocol 2.0 Jan 27 08:47:36 blau-debian-02 sshd[30813]: debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-5 Jan 27 08:47:36 blau-debian-02 sshd[30813]: Failed none for npuyal from 192.168.1.1 port 39184 ssh2 Jan 27 08:47:36 blau-debian-02 sshd[30813]: debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 Jan 27 08:47:36 blau-debian-02 sshd[30813]: debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048 Jan 27 08:47:36 blau-debian-02 sshd[30813]: debug1: temporarily_use_uid: 2002/2002 (e=0/0) Jan 27 08:47:36 blau-debian-02 sshd[30813]: debug1: trying public key file /var/lib/vz/private/101//home/npuyal/.ssh/authorized_keys Jan 27 08:47:36 blau-debian-02 sshd[30813]: debug1: restore_uid: 0/0 Jan 27 08:47:36 blau-debian-02 sshd[30813]: debug1: temporarily_use_uid: 2002/2002 (e=0/0) Jan 27 08:47:36 blau-debian-02 sshd[30813]: debug1: trying public key file /var/lib/vz/private/101//home/npuyal/.ssh/authorized_keys2 Jan 27 08:47:36 blau-debian-02 sshd[30813]: debug1: restore_uid: 0/0 Jan 27 08:47:36 blau-debian-02 sshd[30813]: Failed publickey for npuyal from 192.168.1.1 port 39184 ssh2 Jan 27 08:47:40 blau-debian-02 sshd[30813]: Accepted password for npuyal from 192.168.1.1 port 39184 ssh2 Jan 27 08:47:40 blau-debian-02 sshd[30813]: debug1: monitor_child_preauth: npuyal has been authenticated by privileged process Jan 27 08:47:40 blau-debian-02 sshd[30813]: User child is on pid 30815 Jan 27 08:47:40 blau-debian-02 sshd[30815]: debug1: SELinux support disabled Jan 27 08:47:40 blau-debian-02 sshd[30815]: debug1: permanently_set_uid: 2002/2002 Jan 27 08:47:40 blau-debian-02 sshd[30815]: debug1: Entering interactive session for SSH2. Jan 27 08:47:40 blau-debian-02 sshd[30815]: debug1: server_init_dispatch_20 Jan 27 08:47:40 blau-debian-02 sshd[30815]: debug1: server_input_channel_open: ctype session rchan 0 win 2097152 max 32768 Jan 27 08:47:40 blau-debian-02 sshd[30815]: debug1: input_session_request Jan 27 08:47:40 blau-debian-02 sshd[30815]: debug1: channel 0: new [server-session] Jan 27 08:47:40 blau-debian-02 sshd[30815]: debug1: session_new: session 0 Jan 27 08:47:40 blau-debian-02 sshd[30815]: debug1: session_open: channel 0 Jan 27 08:47:40 blau-debian-02 sshd[30815]: debug1: session_open: session 0: link with channel 0 Jan 27 08:47:40 blau-debian-02 sshd[30815]: debug1: server_input_channel_open: confirm session Jan 27 08:47:40 blau-debian-02 sshd[30815]: debug1: server_input_global_request: rtype no-more-sessi...@openssh.com want_reply 0 Jan 27 08:47:40 blau-debian-02 sshd[30815]: debug1: server_input_channel_req: channel 0 request env reply 0 Jan 27 08:47:40 blau-debian-02 sshd[30815]: debug1: session_by_channel: session 0 channel 0 Jan 27 08:47:40 blau-debian-02 sshd[30815]: debug1: session_input_channel_req: session 0 req env Jan 27 08:47:40 blau-debian-02 sshd[30815]: debug1: server_input_channel_req: channel 0 request subsystem reply 1 Jan 27 08:47:40 blau-debian-02 sshd[30815]: debug1: session_by_channel: session 0 channel 0 Jan 27 08:47:40 blau-debian-02 sshd[30815]: debug1: session_input_channel_req: session 0 req subsystem Jan 27 08:47:40 blau-debian-02 sshd[30815]: subsystem request for sftp Jan 27 08:47:40 blau-debian-02 sshd[30815]: debug1: subsystem: exec() /usr/lib/openssh/sftp-server Jan 27 08:47:40 blau-debian-02 sshd[30815]: debug1: Received SIGCHLD. Jan 27 08:47:40 blau-debian-02 sshd[30815]: debug1: session_by_pid: pid 30816 Jan 27 08:47:40 blau-debian-02 sshd[30815]: debug1: session_exit_message: session 0 channel 0 pid 30816 Jan 27 08:47:40 blau-debian-02 sshd[30815]: debug1: session_exit_message: release channel 0 Jan 27 08:47:40 blau-debian-02 sshd[30815]: debug1: session_by_channel: session 0 channel 0 Jan 27 08:47:40 blau-debian-02 sshd[30815]: debug1: session_close_by_channel: channel 0 child 0 Jan 27 08:47:40 blau-debian-02 sshd[30815]: debug1: session_close: session 0 pid 0 Jan 27 08:47:40 blau-debian-02 sshd[30815]: debug1: channel 0: free: server-session, nchannels 1 Jan 27 08:47:40 blau-debian-02 sshd[30815]: Connection closed by 192.168.1.1 Jan 27 08:47:40 blau-debian-02 sshd[30815]: debug1: do_cleanup Jan 27 08:47:40 blau-debian-02 sshd[30815]: Transferred: sent 2008, received 1776 bytes Jan 27 08:47:40 blau-debian-02 sshd[30815]: Closing connection to 192.168.1.1 port 39184
marc.ol...@blau-portatil-04:~$ sftp -vvvvv npu...@blau.serveftp.net Connecting to blau.serveftp.net... OpenSSH_5.1p1 Debian-5, OpenSSL 0.9.8g 19 Oct 2007 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to blau.serveftp.net [88.9.219.130] port 22. debug1: Connection established. debug3: Not a RSA1 key file /home/marc.olive/.ssh/id_rsa. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing keytype debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: missing keytype debug1: identity file /home/marc.olive/.ssh/id_rsa type 1 debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048 debug1: identity file /home/marc.olive/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 Debian-5 debug1: match: OpenSSH_5.1p1 Debian-5 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-5 debug2: fd 3 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-...@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-...@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac...@openssh.com,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac...@openssh.com,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,z...@openssh.com,zlib debug2: kex_parse_kexinit: none,z...@openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-...@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-...@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac...@openssh.com,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac...@openssh.com,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,z...@openssh.com debug2: kex_parse_kexinit: none,z...@openssh.com debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug2: mac_setup: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 125/256 debug2: bits set: 495/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: check_host_in_hostfile: filename /home/marc.olive/.ssh/known_hosts debug3: check_host_in_hostfile: match line 33 debug3: check_host_in_hostfile: filename /home/marc.olive/.ssh/known_hosts debug3: check_host_in_hostfile: match line 83 debug1: Host 'blau.serveftp.net' is known and matches the RSA host key. debug1: Found key in /home/marc.olive/.ssh/known_hosts:33 debug2: bits set: 542/1024 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /home/marc.olive/.ssh/id_rsa (0x7f0b4a380a90) debug2: key: /home/marc.olive/.ssh/id_dsa ((nil)) debug1: Authentications that can continue: publickey,password debug3: start over, passed a different list publickey,password debug3: preferred gssapi-keyex,gssapi-with-mic,gssapi,publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering public key: /home/marc.olive/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,password debug1: Trying private key: /home/marc.olive/.ssh/id_dsa debug3: no such identity: /home/marc.olive/.ssh/id_dsa debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: ,password debug3: authmethod_is_enabled password debug1: Next authentication method: password npu...@blau.serveftp.net's password: debug3: packet_send2: adding 64 (len 59 padlen 5 extra_pad 64) debug2: we sent a password packet, wait for reply debug1: Authentication succeeded (password). debug2: fd 4 setting O_NONBLOCK debug3: fd 5 is O_NONBLOCK debug1: channel 0: new [client-session] debug3: ssh_session2_open: channel_new: 0 debug2: channel 0: send open debug1: Requesting no-more-sessi...@openssh.com debug1: Entering interactive session. debug2: callback start debug2: client_session2_setup: id 0 debug1: Sending environment. debug3: Ignored env SHELL debug3: Ignored env DESKTOP_STARTUP_ID debug3: Ignored env TERM debug3: Ignored env GTK_RC_FILES debug3: Ignored env WINDOWID debug3: Ignored env USER debug3: Ignored env LS_COLORS debug3: Ignored env SSH_AUTH_SOCK debug3: Ignored env GNOME_KEYRING_SOCKET debug3: Ignored env SESSION_MANAGER debug3: Ignored env USERNAME debug3: Ignored env DESKTOP_SESSION debug3: Ignored env PATH debug3: Ignored env GDM_XSERVER_LOCATION debug3: Ignored env PWD debug1: Sending env LANG = ca_ES.UTF-8 debug2: channel 0: request env confirm 0 debug3: Ignored env GNOME_KEYRING_PID debug3: Ignored env GDM_LANG debug3: Ignored env GDMSESSION debug3: Ignored env HISTCONTROL debug3: Ignored env HOME debug3: Ignored env SHLVL debug3: Ignored env GNOME_DESKTOP_SESSION_ID debug3: Ignored env LOGNAME debug3: Ignored env XDG_DATA_DIRS debug3: Ignored env DBUS_SESSION_BUS_ADDRESS debug3: Ignored env WINDOWPATH debug3: Ignored env DISPLAY debug3: Ignored env COLORTERM debug3: Ignored env XAUTHORITY debug3: Ignored env _ debug1: Sending subsystem: sftp debug2: channel 0: request subsystem confirm 1 debug2: fd 3 setting TCP_NODELAY debug2: callback done debug2: channel 0: open confirm rwindow 0 rmax 32768 debug2: channel 0: rcvd adjust 2097152 debug2: channel_input_confirm: type 99 id 0 debug2: subsystem request accepted on channel 0 debug1: client_input_channel_req: channel 0 rtype exit-signal reply 0 debug1: client_input_channel_req: channel 0 rtype e...@openssh.com reply 0 debug2: channel 0: rcvd eow debug2: channel 0: close_read debug2: channel 0: input open -> closed debug2: channel 0: rcvd eof debug2: channel 0: output open -> drain debug2: channel 0: obuf empty debug2: channel 0: close_write debug2: channel 0: output drain -> closed debug2: channel 0: rcvd close debug3: channel 0: will not send data after close debug2: channel 0: almost dead debug2: channel 0: gc: notify user debug2: channel 0: gc: user detached debug2: channel 0: send close debug2: channel 0: is dead debug2: channel 0: garbage collecting debug1: channel 0: free: client-session, nchannels 1 debug3: channel 0: status: The following connections are open: #0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cfd -1) debug3: channel 0: close_fds r -1 w -1 e 6 c -1 debug1: fd 0 clearing O_NONBLOCK debug3: fd 1 is not O_NONBLOCK Transferred: sent 1776, received 2008 bytes, in 0.0 seconds Bytes per second: sent 357699.1, received 404425.6 debug1: Exit status -1 Connection closed marc.ol...@blau-portatil-04:~$
