# [solved] Unable to sftp when sshd is in chroot

## i0

Hey

Problem: cannot connect with sftp but can connect with filezilla.

Config:

sshd_config

```

Port 22

Port 3333

Protocol 2

AllowUsers me you another

PermitRootLogin no

PasswordAuthentication no

UsePAM yes

Subsystem   sftp   /usr/lib/misc/sftp-server

Match Group users

   ChrootDirectory /home/%u

   X11Forwarding no

   AllowTcpForwarding no

   ForceCommand internal-sftp

```

Connecting with filezilla is ok. I can see directories and upload files etc.

But with command line sftp client:

```

sftp -oPort=3333 -s sftp_server me@myhost:folder/

Connecting to myhost...

Password: 

subsystem request failed on channel 0

Couldn't read packet: Connection reset by peer

```

Now, trying to connect in debugger mode:

```

 sftp -oPort=3333 -v me@myhost

Connecting to myhost...

OpenSSH_5.1p1, OpenSSL 0.9.8j 07 Jan 2009

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: Connecting to myhost [xxx.xxx.xxx.xxx] port 3333.

debug1: Connection established.

debug1: identity file /home/me/.ssh/id_rsa type 1

debug1: identity file /home/me/.ssh/id_dsa type -1

debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1

debug1: match: OpenSSH_5.1 pat OpenSSH*

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_5.1

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug1: kex: server->client aes128-cbc hmac-md5 none

debug1: kex: client->server aes128-cbc hmac-md5 none

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

debug1: Host '[myhost]:3333' is known and matches the RSA host key.

debug1: Found key in /home/me/.ssh/known_hosts:50

debug1: ssh_rsa_verify: signature correct

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug1: SSH2_MSG_NEWKEYS received

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug1: Authentications that can continue: publickey,keyboard-interactive

debug1: Next authentication method: publickey

debug1: Offering public key: /home/me/.ssh/id_rsa

debug1: Authentications that can continue: publickey,keyboard-interactive

debug1: Trying private key: /home/me/.ssh/id_dsa

debug1: Next authentication method: keyboard-interactive

Password: 

debug1: Authentication succeeded (keyboard-interactive).

debug1: channel 0: new [client-session]

debug1: Requesting no-more-sessions@openssh.com

debug1: Entering interactive session.

debug1: Sending subsystem: sftp

subsystem request failed on channel 0

Couldn't read packet: Connection reset by peer

```

Sshd in debug mode while connecting with sftp:

```

debug1: sshd version OpenSSH_5.1p1

debug1: read PEM private key done: type RSA

debug1: private host key: #0 type 1 RSA

debug1: read PEM private key done: type DSA

debug1: private host key: #1 type 2 DSA

debug1: rexec_argv[0]='/usr/sbin/sshd'

debug1: rexec_argv[1]='-d'

debug1: Bind to port 3333 on ::.

Server listening on :: port 3333.

debug1: Bind to port 3333 on 0.0.0.0.

Server listening on 0.0.0.0 port 3333.

debug1: Bind to port 22 on ::.

Server listening on :: port 22.

debug1: Bind to port 22 on 0.0.0.0.

Server listening on 0.0.0.0 port 22.

debug1: Server will not fork when running in debugging mode.

debug1: rexec start in 7 out 7 newsock 7 pipe -1 sock 10

debug1: inetd sockets after dupping: 3, 3

Connection from xxx.xxx.xxx.xxx port 41695

debug1: Client protocol version 2.0; client software version OpenSSH_5.1

debug1: match: OpenSSH_5.1 pat OpenSSH*

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_5.1

debug1: permanently_set_uid: 22/22

debug1: list_hostkey_types: ssh-rsa,ssh-dss

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug1: kex: client->server aes128-cbc hmac-md5 none

debug1: kex: server->client aes128-cbc hmac-md5 none

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received

debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT

debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug1: SSH2_MSG_NEWKEYS received

debug1: KEX done

debug1: userauth-request for user me service ssh-connection method none

debug1: attempt 0 failures 0

debug1: user me matched group list users at line 118

debug1: PAM: initializing for "me"

debug1: PAM: setting PAM_RHOST to "connectinghostname"

debug1: PAM: setting PAM_TTY to "ssh"

debug1: userauth-request for user me service ssh-connection method publickey

debug1: attempt 1 failures 0

debug1: test whether pkalg/pkblob are acceptable

debug1: temporarily_use_uid: 1001/100 (e=0/0)

debug1: trying public key file //.ssh/authorized_keys

debug1: restore_uid: 0/0

debug1: temporarily_use_uid: 1001/100 (e=0/0)

debug1: trying public key file //.ssh/authorized_keys2

debug1: restore_uid: 0/0

Failed publickey for me from xxx.xxx.xxx.xxx port 41695 ssh2

debug1: userauth-request for user me service ssh-connection method keyboard-interactive

debug1: attempt 2 failures 1

debug1: keyboard-interactive devs 

debug1: auth2_challenge: user=me devs=

debug1: kbdint_alloc: devices 'pam'

debug1: auth2_challenge_start: trying authentication method 'pam'

Postponed keyboard-interactive for me from xxx.xxx.xxx.xxx port 41695 ssh2

debug1: do_pam_account: called

debug1: PAM: num PAM env strings 0

Postponed keyboard-interactive/pam for me from xxx.xxx.xxx.xxx port 41695 ssh2

debug1: do_pam_account: called

Accepted keyboard-interactive/pam for me from xxx.xxx.xxx.xxx port 41695 ssh2

debug1: monitor_child_preauth: me has been authenticated by privileged process

debug1: PAM: establishing credentials

User child is on pid 2804

debug1: PAM: establishing credentials

Changed root directory to "/home/me"

debug1: permanently_set_uid: 1001/100

debug1: Entering interactive session for SSH2.

debug1: server_init_dispatch_20

debug1: server_input_channel_open: ctype session rchan 0 win 2097152 max 32768

debug1: input_session_request

debug1: channel 0: new [server-session]

debug1: session_new: session 0

debug1: session_open: channel 0

debug1: session_open: session 0: link with channel 0

debug1: server_input_channel_open: confirm session

debug1: server_input_global_request: rtype no-more-sessions@openssh.com want_reply 0

debug1: server_input_channel_req: channel 0 request subsystem reply 1

debug1: session_by_channel: session 0 channel 0

debug1: session_input_channel_req: session 0 req subsystem

subsystem request for sftp

subsystem: cannot stat /usr/lib/misc/sftp-server: No such file or directory

subsystem request for sftp failed, subsystem not found

Connection closed by xxx.xxx.xxx.xxx

debug1: channel 0: free: server-session, nchannels 1

debug1: session_close: session 0 pid 0

debug1: do_cleanup

Transferred: sent 1928, received 1760 bytes

Closing connection to xxx.xxx.xxx.xxx port 41695

debug1: PAM: cleanup

debug1: PAM: deleting credentials

debug1: PAM: closing session

```

As i see problem is:

```
subsystem request for sftp

subsystem: cannot stat /usr/lib/misc/sftp-server: No such file or directory

subsystem request for sftp failed, subsystem not found
```

File /usr/lib/misc/sftp-server is actually there:

```
 ls -la /usr/lib/misc/sftp-server

-rwxr-xr-x 1 root root 42568 2009-01-31 08:37 /usr/lib/misc/sftp-server

```

Is sshd trying to use sftp-server after jail?

EDIT:

Sshd in debugger mode while connecting with filezilla:

```
debug1: sshd version OpenSSH_5.1p1

debug1: read PEM private key done: type RSA

debug1: private host key: #0 type 1 RSA

debug1: read PEM private key done: type DSA

debug1: private host key: #1 type 2 DSA

debug1: rexec_argv[0]='/usr/sbin/sshd'

debug1: rexec_argv[1]='-d'

debug1: Bind to port 3333 on ::.

Server listening on :: port 3333.

debug1: Bind to port 3333 on 0.0.0.0.

Server listening on 0.0.0.0 port 3333.

debug1: Bind to port 22 on ::.

Server listening on :: port 22.

debug1: Bind to port 22 on 0.0.0.0.

Server listening on 0.0.0.0 port 22.

debug1: Server will not fork when running in debugging mode.

debug1: rexec start in 7 out 7 newsock 7 pipe -1 sock 10

debug1: inetd sockets after dupping: 3, 3

Connection from xxx.xxx.xxx.xxx port 47529

debug1: Client protocol version 2.0; client software version PuTTY_Local:_Feb__3_2009_11:16:49

debug1: no match: PuTTY_Local:_Feb__3_2009_11:16:49

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_5.1

debug1: permanently_set_uid: 22/22

debug1: list_hostkey_types: ssh-rsa,ssh-dss

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug1: kex: client->server aes256-ctr hmac-sha1 none

debug1: kex: server->client aes256-ctr hmac-sha1 none

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received

debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT

debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug1: SSH2_MSG_NEWKEYS received

debug1: KEX done

debug1: userauth-request for user me service ssh-connection method none

debug1: attempt 0 failures 0

debug1: user me matched group list users at line 118

debug1: PAM: initializing for "me"

debug1: PAM: setting PAM_RHOST to "connectinghostname"

debug1: PAM: setting PAM_TTY to "ssh"

debug1: userauth-request for user me service ssh-connection method publickey

debug1: attempt 1 failures 0

debug1: test whether pkalg/pkblob are acceptable

debug1: temporarily_use_uid: 1001/100 (e=0/0)

debug1: trying public key file //.ssh/authorized_keys

debug1: restore_uid: 0/0

debug1: temporarily_use_uid: 1001/100 (e=0/0)

debug1: trying public key file //.ssh/authorized_keys2

debug1: restore_uid: 0/0

Failed publickey for me from xxx.xxx.xxx.xxx port 47529 ssh2

debug1: userauth-request for user me service ssh-connection method keyboard-interactive

debug1: attempt 2 failures 1

debug1: keyboard-interactive devs 

debug1: auth2_challenge: user=me devs=

debug1: kbdint_alloc: devices 'pam'

debug1: auth2_challenge_start: trying authentication method 'pam'

Postponed keyboard-interactive for me from xxx.xxx.xxx.xxx port 47529 ssh2

debug1: do_pam_account: called

debug1: PAM: num PAM env strings 0

Postponed keyboard-interactive/pam for me from xxx.xxx.xxx.xxx port 47529 ssh2

debug1: do_pam_account: called

Accepted keyboard-interactive/pam for me from xxx.xxx.xxx.xxx port 47529 ssh2

debug1: monitor_child_preauth: me has been authenticated by privileged process

debug1: PAM: establishing credentials

User child is on pid 13782

debug1: PAM: establishing credentials

Changed root directory to "/home/me"

debug1: permanently_set_uid: 1001/100

debug1: Entering interactive session for SSH2.

debug1: server_init_dispatch_20

debug1: server_input_channel_open: ctype session rchan 256 win 2147483647 max 16384

debug1: input_session_request

debug1: channel 0: new [server-session]

debug1: session_new: session 0

debug1: session_open: channel 0

debug1: session_open: session 0: link with channel 0

debug1: server_input_channel_open: confirm session

debug1: server_input_channel_req: channel 0 request simple@putty.projects.tartarus.org reply 0

debug1: session_by_channel: session 0 channel 0

debug1: session_input_channel_req: session 0 req simple@putty.projects.tartarus.org

debug1: server_input_channel_req: channel 0 request subsystem reply 1

debug1: session_by_channel: session 0 channel 0

debug1: session_input_channel_req: session 0 req subsystem

subsystem request for sftp

subsystem: cannot stat /usr/lib/misc/sftp-server: No such file or directory

subsystem request for sftp failed, subsystem not found

debug1: server_input_channel_req: channel 0 request exec reply 1

debug1: session_by_channel: session 0 channel 0

debug1: session_input_channel_req: session 0 req exec

debug1: Forced command (config) 'internal-sftp'

Connection closed by xxx.xxx.xxx.xxx

debug1: channel 0: free: server-session, nchannels 1

debug1: session_close: session 0 pid 13783

debug1: do_cleanup

Transferred: sent 3656, received 3200 bytes

Closing connection to xxx.xxx.xxx.xxx port 47529

debug1: PAM: cleanup

debug1: PAM: deleting credentials

debug1: PAM: closing session
```

EDIT2:

After experimenting with sftp options it turned out that sftp needs an subsystem argument.

Argument should start with slash and it does not matter what it is.

Eg:

```

sftp -oPort=3333 -s /whatever me@myhost

Connecting to myhost...

Password: 

sftp> pwd

Remote working directory: /

sftp> bye

```

In debugger mode, sshd still complains about non existent sftp-server but everything is working.

Weird.

 :Confused: 

----------

## causality

Try changing

```
Subsystem   sftp   /usr/lib/misc/sftp-server 
```

to

```
Subsystem sftp internal-sftp
```

In a chrooted environment, /usr/ is unlikely to exist.  That's alright though because you don't actually need to execute /usr/lib/misc/sftp-server to handle an SFTP connection.  The SSH daemon has this functionality built-in.

----------

