# Chrooted SFTP/SSH account, account hangs on ssh

## matttah

I created a SSH/SFTP chrooted environment for certain users on my server.  The SFTP works fine however whenever I try to ssh in as the user it just hangs.  The auth.log notes that it accepted the users public key but they nothing happens.  The shell i have set up as /bin/bash.  Any ideas on why this may be happening?

Daum

----------

## jody

Hi

I'm not a ssh expert, but you may gain more information on your problem by using the verbose modes of ssh:

```
ssh -v user@my_host

ssh -vv user@my_host

ssh -vvv user@my_host
```

These variations give increasingly detailed debug messages.

I hope this helps a bit.

  Jody

----------

## matttah

```

OpenSSH_5.8p1-hpn13v10lpk, OpenSSL 1.0.0d 8 Feb 2011

debug1: Reading configuration data /home/daum/.ssh/config

debug1: Reading configuration data /etc/ssh/ssh_config

debug2: ssh_connect: needpriv 0

debug1: Connecting to xxx.com [xxx.xxx.xx.xx] port 22.

debug1: Connection established.

debug1: identity file /home/daum/.ssh/id_rsa type -1

debug1: identity file /home/daum/.ssh/id_rsa-cert type -1

debug3: Incorrect RSA1 identifier

debug3: Could not load "/home/daum/.ssh/id_dsa" as a RSA1 public key

debug2: key_type_from_name: unknown key type '-----BEGIN'

debug3: key_read: missing keytype

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug2: key_type_from_name: unknown key type '-----END'

debug3: key_read: missing keytype

debug2: key_type_from_name: unknown key type '-----BEGIN'

debug3: key_read: missing keytype

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug2: key_type_from_name: unknown key type '-----END'

debug3: key_read: missing keytype

debug1: identity file /home/daum/.ssh/id_dsa type 2

debug1: identity file /home/daum/.ssh/id_dsa-cert type -1

debug1: identity file /home/daum/.ssh/id_ecdsa type -1

debug1: identity file /home/daum/.ssh/id_ecdsa-cert type -1

debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3

debug1: match: OpenSSH_5.3 pat OpenSSH*

debug1: Remote is NON-HPN aware

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_5.8p1-hpn13v10lpk

debug2: fd 3 setting O_NONBLOCK

debug3: load_hostkeys: loading entries for host "xxx.com" from file "/home/daum/.ssh/known_hosts"

debug3: load_hostkeys: found key type RSA in file /home/daum/.ssh/known_hosts:130

debug3: load_hostkeys: loaded 1 keys

debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug1: AUTH STATE IS 0

debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss

debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib

debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib

debug2: kex_parse_kexinit: 

debug2: kex_parse_kexinit: 

debug2: kex_parse_kexinit: first_kex_follows 0 

debug2: kex_parse_kexinit: reserved 0 

debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit: ssh-rsa,ssh-dss

debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: none,zlib@openssh.com

debug2: kex_parse_kexinit: none,zlib@openssh.com

debug2: kex_parse_kexinit: 

debug2: kex_parse_kexinit: 

debug2: kex_parse_kexinit: first_kex_follows 0 

debug2: kex_parse_kexinit: reserved 0 

debug2: mac_setup: found hmac-md5

debug1: REQUESTED ENC.NAME is 'aes128-ctr'

debug1: kex: server->client aes128-ctr hmac-md5 none

debug2: mac_setup: found hmac-md5

debug1: REQUESTED ENC.NAME is 'aes128-ctr'

debug1: kex: client->server aes128-ctr hmac-md5 none

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

debug2: dh_gen_key: priv key bits set: 116/256

debug2: bits set: 520/1024

debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

debug1: Server host key: RSA 31:5e:5e:98:4e:6f:3c:07:30:bd:85:a5:10:95:c1:06

debug3: load_hostkeys: loading entries for host "xxxx.com" from file "/home/daum/.ssh/known_hosts"

debug3: load_hostkeys: found key type RSA in file /home/daum/.ssh/known_hosts:130

debug3: load_hostkeys: loaded 1 keys

debug3: load_hostkeys: loading entries for host "xxx.xxx.xxx.xxx" from file "/home/daum/.ssh/known_hosts"

debug3: load_hostkeys: found key type RSA in file /home/daum/.ssh/known_hosts:148

debug3: load_hostkeys: loaded 1 keys

debug1: Host 'xxxx.com' is known and matches the RSA host key.

debug1: Found key in /home/daum/.ssh/known_hosts:130

debug2: bits set: 543/1024

debug1: ssh_rsa_verify: signature correct

debug2: kex_derive_keys

debug2: set_newkeys: mode 1

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug2: set_newkeys: mode 0

debug1: SSH2_MSG_NEWKEYS received

debug1: Roaming not allowed by server

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug2: service_accept: ssh-userauth

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug2: key: /home/daum/.ssh/id_rsa ((nil))

debug2: key: /home/daum/.ssh/id_dsa (0xc523d0)

debug2: key: /home/daum/.ssh/id_ecdsa ((nil))

debug1: Authentications that can continue: publickey,keyboard-interactive

debug3: start over, passed a different list publickey,keyboard-interactive

debug3: preferred publickey,keyboard-interactive,password

debug3: authmethod_lookup publickey

debug3: remaining preferred: keyboard-interactive,password

debug3: authmethod_is_enabled publickey

debug1: Next authentication method: publickey

debug1: Trying private key: /home/daum/.ssh/id_rsa

debug3: no such identity: /home/daum/.ssh/id_rsa

debug1: Offering DSA public key: /home/daum/.ssh/id_dsa

debug3: send_pubkey_test

debug2: we sent a publickey packet, wait for reply

debug1: Server accepts key: pkalg ssh-dss blen 434

debug2: input_userauth_pk_ok: fp c1:a6:39:60:e8:42:67:f3:4d:de:3a:df:a5:ee:66:86

debug3: sign_and_send_pubkey: DSA c1:a6:39:60:e8:42:67:f3:4d:de:3a:df:a5:ee:66:86

debug1: read PEM private key done: type DSA

debug1: Authentication succeeded (publickey).

Authenticated to xxx.com ([xxx.xxx.xx.xx]:22).

debug1: HPN to Non-HPN Connection

debug1: Final hpn_buffer_size = 131072

debug1: HPN Disabled: 0, HPN Buffer Size: 131072

debug1: channel 0: new [client-session]

debug1: Enabled Dynamic Window Scaling

debug3: ssh_session2_open: channel_new: 0

debug2: channel 0: send open

debug1: Requesting no-more-sessions@openssh.com

debug1: Entering interactive session.

debug2: callback start

debug2: client_session2_setup: id 0

debug2: fd 3 setting TCP_NODELAY

debug3: packet_set_tos: set IP_TOS 0x10

debug2: channel 0: request pty-req confirm 1

debug2: channel 0: request shell confirm 1

debug2: callback done

debug2: channel 0: open confirm rwindow 0 rmax 32768

debug2: tcpwinsz: 87380 for connection: 3

debug2: tcpwinsz: 87380 for connection: 3

debug2: channel_input_status_confirm: type 99 id 0

debug2: PTY allocation request accepted on channel 0

debug2: channel 0: rcvd adjust 2097152

debug2: channel_input_status_confirm: type 99 id 0

debug2: shell request accepted on channel 0

debug2: tcpwinsz: 87380 for connection: 3

debug2: tcpwinsz: 87380 for connection: 3

debug2: tcpwinsz: 87380 for connection: 3

debug2: tcpwinsz: 87380 for connection: 3

debug2: tcpwinsz: 87380 for connection: 3

debug2: tcpwinsz: 87380 for connection: 3

debug2: tcpwinsz: 87380 for connection: 3

debug2: tcpwinsz: 87380 for connection: 3

debug2: tcpwinsz: 87380 for connection: 3

debug2: tcpwinsz: 87380 for connection: 3

debug2: tcpwinsz: 87380 for connection: 3

debug2: tcpwinsz: 87380 for connection: 3

debug2: tcpwinsz: 87380 for connection: 3

debug2: tcpwinsz: 87380 for connection: 3

debug2: tcpwinsz: 87380 for connection: 3

debug2: tcpwinsz: 87380 for connection: 3

debug2: tcpwinsz: 87380 for connection: 3

```

that's with 3 v's.  Any ideas?  Nothing pops out to me.

Daum

----------

## jody

I also don't see anything obvious...

Am i right that you have set up password-less ssh (i don't see any password prompt)?

When i try 'ssh -vvv' i get this at the end:

```
--- snip ---

debug1: Entering interactive session.

debug2: callback start

debug2: client_session2_setup: id 0

debug2: fd 3 setting TCP_NODELAY

debug3: packet_set_tos: set IP_TOS 0x10

debug2: channel 0: request pty-req confirm 1

debug2: channel 0: request shell confirm 1

debug2: callback done

debug2: channel 0: open confirm rwindow 0 rmax 32768

debug2: tcpwinsz: 87380 for connection: 3

debug2: tcpwinsz: 87380 for connection: 3

debug2: channel_input_status_confirm: type 99 id 0

debug2: PTY allocation request accepted on channel 0

debug2: channel 0: rcvd adjust 87380

debug2: channel_input_status_confirm: type 99 id 0

debug2: shell request accepted on channel 0

debug2: tcpwinsz: 87380 for connection: 3

debug2: tcpwinsz: 87380 for connection: 3

Last login: Wed Jun 15 09:11:25 CEST 2011 from workstation on pts/43

```

I.e. 2 lines of "tcpwinsz ..." at the end instead of many, as is the case in your output.

However, i don't know what this means...

Do you have the same behaviour with "normal" ssh?

Do you have the same behaviour when doing ssh to a different machine?

----------

## upengan78

Did you guys figure out the reason to see those messages when ssh -vvv is run? I also see a light bit of delay before getting the SHELL on remote system via ssh.

----------

