rssh not working in AIX 6.1


 
Thread Tools Search this Thread
Operating Systems AIX rssh not working in AIX 6.1
# 1  
Old 06-08-2012
rssh not working in AIX 6.1

Moderator's Comments:
Mod Comment edit by bakunin: double post SNIPped.


Hi,
I have a similar problem with my AIX 6.1. In AIX 5.3, I have successfully implemented rssh for the caging of my SFTP users. Since we just upgraded to AIX 6.1 TL6 SP7, the rssh does not work. The SFTP works when the user's shell is set to ksh, but just refuses to work when we change to rssh shell.

Below are the OpenSSH version installed for the AIX 6.1:-
Code:
# lslpp -L | grep open
  openssh.base.client     5.4.0.6100    C     F    Open Secure Shell Commands
  openssh.base.server     5.4.0.6100    C     F    Open Secure Shell Server
  openssh.license         4.3.0.5301    C     F    Open Secure Shell License
  openssh.man.en_US       5.4.0.6100    C     F    Open Secure Shell
  openssh.msg.DE_DE       5.4.0.6100    C     F    Open Secure Shell Messages -
  openssh.msg.de_DE       5.4.0.6100    C     F    Open Secure Shell Messages -
  openssh.msg.en_US       5.4.0.6100    C     F    Open Secure Shell Messages -
  openssl.base            0.9.8.1300    C     F    Open Secure Socket Layer
  openssl                   0.9.7d-2    C     R    Secure Sockets Layer and

The rssh version is 2.3.2.

I have detailed below the logs from the sftp. Appreciate your help to guide me on how this problem can be resolved.
Code:
# sftp -vvv surintf@localhost
OpenSSH_5.4p1, OpenSSL 0.9.8m 25 Feb 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so):   0509-022 Cannot load module /usr/krb5/lib/libkrb5.a(libkrb5.a.so).
        0509-026 System error: A file or directory in the path name does not exist.
debug1: Error loading Kerberos, disabling Kerberos auth.
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /.ssh/id_rsa type 1
debug1: identity file /.ssh/id_rsa-cert type -1
debug1: identity file /.ssh/id_dsa type -1
debug1: identity file /.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.4
debug1: match: OpenSSH_5.4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.4
debug2: fd 4 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 131/256
debug2: bits set: 482/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: host localhost filename /.ssh/known_hosts
debug3: check_host_in_hostfile: host localhost filename /.ssh/known_hosts
debug3: check_host_in_hostfile: match line 13
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /.ssh/known_hosts:13
debug2: bits set: 508/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /.ssh/id_rsa (20061b48)
debug2: key: /.ssh/id_dsa (0)
debug3: input_userauth_banner
Access to this server is restricted to authorized personnel only.
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /.ssh/id_dsa
debug3: no such identity: /.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: userauth_kbdint: disable: no info_req_seen
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred:
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
surintf@localhost's password:
debug3: packet_send2: adding 64 (len 60 padlen 4 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentication succeeded (password).
debug2: fd 5 setting O_NONBLOCK
debug3: fd 6 is O_NONBLOCK
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug2: callback start
debug2: client_session2_setup: id 0
debug1: Sending subsystem: sftp
debug2: channel 0: request subsystem confirm 1
debug2: fd 4 setting TCP_NODELAY
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: subsystem request accepted on channel 0
debug1: client_input_channel_req: channel 0 rtype exit-signal reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug2: channel 0: rcvd eow
debug2: channel 0: close_read
debug2: channel 0: input open -> closed
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug2: channel 0: rcvd close
debug3: channel 0: will not send data after close
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
  #0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cc -1)
debug3: channel 0: close_fds r -1 w -1 e 7
debug1: fd 0 clearing O_NONBLOCK
debug3: fd 1 is not O_NONBLOCK
Transferred: sent 1784, received 2200 bytes, in 0.0 seconds
Bytes per second: sent 46361.7, received 57172.5
debug1: Exit status -1
Connection closed
# grep surintf /etc/passwd
surintf:!:303:502:suri Interface:/home/im3/surintf/in:/usr/local/bin/rssh
# grep surintf /usr/local/etc/rssh.conf
user=surintf:017:00010:/home/im3/surintf        # suri Interface: sftp
# ls -ld /home/im3/surintf /home/im3/surint>
drwxr-x---    8 surintf  r3intfgp       4096 Jun 08 09:23 /home/im3/surintf
drwxr-x---    5 surintf  r3intfgp        256 Jun 08 09:03 /home/im3/surintf/in
drwx------    2 surintf  r3intfgp        256 Jun 08 08:12 /home/im3/surintf/in/.ssh

----------------------------------------------------------------------------------------

Thanks & Rgds.
Eddie
Smilie

Moderator's Comments:
Mod Comment edit by bakunin: please use [CODE]..[/CODE]-tags when posting code or terminal output. It is easier to read and preserves formatting. Thank you.

Furthermore, do not hijack others threads (that is, posting your problems to them) but open your own thread. Do not double-post. And, all in all, you might want to read the rules you agreed to follow with your registration.

Last edited by bakunin; 06-08-2012 at 07:06 AM..
# 2  
Old 06-21-2012
rssh vs openssh

Just wondering why you are fighting with it. Openssh has had this ability for quite some time now. It's just a matter of adding an user/group, and modifying your /etc/ssh/sshd_config file to restrict that user or group.

example:
(/etc/ssh/sshd_config) addition:

Subsystem sftp internal-sftp
Match Group rssh
ChrootDirectory /home/shared/web
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

Caveats:
* create a goup "rssh" and add your "specific clients" to the group membership.
* the directory /home/shared/web exists (and entire tree down to /home/shared/web is root owned, with chmod 744
* sshd is HUPPed or restarted
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Beginners Questions & Answers

AIX 4.3 - Need help - Printers not working

I am running an old IBM P-Series server running AIX 4.3 (I know a dinosaur). The OS has not been updated. We had a hard drive failure last weekend, and I was able to get most of the system back up, however, I have 3 line printers and 3 label printers that I can not get working. I have tried... (2 Replies)
Discussion started by: Patrick.Crocker
2 Replies

2. Shell Programming and Scripting

Syntax Error in AIX but working in UX

MENU_INTRO(){ date="`date`" HOSTNAME="`hostname`" if ; then cols=$2 else cols=2 fi clear now=`date +%A,%B-%d-%Y@%H:%M:%S` echo " -: INFORMIX DBA MENU :- " echo... (1 Reply)
Discussion started by: fedora132010
1 Replies

3. UNIX for Dummies Questions & Answers

Ssh stopped working AIX

I Was able to ssh into the AIX box. now i cannot When I run the command to start it it comes back that is was started, but still does not work. Here is a shot i what i see # server:/> lslpp -l | grep ssh openssh.base.client 4.3.0.5201 COMMITTED Open Secure Shell Commands ... (2 Replies)
Discussion started by: fierfek
2 Replies

4. Red Hat

Loggin SFTP activity for chrooted (rssh) users

Hi, I need to log the activity of my SFTP (RHEL 5.4). I have this in /etc/sshd/sshd_config: Subsystem sftp /usr/libexec/openssh/sftp-server -f LOCAL5 -l VERBOSE And this in /etc/syslog.conf: LOCAL5.* /var/log/sftp.log When I log in... (1 Reply)
Discussion started by: Tr0cken
1 Replies

5. UNIX for Advanced & Expert Users

rm -rf not working on AIX 6.1

Hi Guys, I have never seen this happen before, but created a directory as a user when installing some software, software install fails so I try and remove the directory as root and get an error. There is no processes using the folder see output: ls -l total 446336 -rwxr----- 1 u0008862... (2 Replies)
Discussion started by: chris5126
2 Replies

6. AIX

suid not working on AIX ?

Hello, I'm running AIX 6.1 box. I tried to use suid on binary file but it doesn't work. (I set suid on /usr/bin/sleep and tried to run it as user1(sleep owner is bin) - and program still runs as user1. It shoud run as bin isn't it ? - This test run as expected on Linux box) Filesystem is... (3 Replies)
Discussion started by: vilius
3 Replies

7. Shell Programming and Scripting

*/5 not working in AIX

Hi Guys, I tried to schedule a script for every 5 mins. i tried */5 but it is not working. Is writing every 5 mins is the only way to do it? like below 05,10,15,20,25,30,35,40,45,50,55 05-08 Thanks And Regards, Magesh (11 Replies)
Discussion started by: mac4rfree
11 Replies

8. AIX

prtconf command not working in Aix 5.3

put prtconf command,after show this error message: bash-3.00# prtconf /usr/sbin/prtconf: msize=msize + 12544^J12544: syntax error pleae help me...........waiting for replay by mohan.s Aix sysadmin (deleted email, rule violation) (2 Replies)
Discussion started by: smohan62
2 Replies

9. AIX

^P Not working on AIX.

I'm working on an AIX box, and I generall prefer emacs command line editing in ksh. Most control-commands are working, except not control-P (Recall previous command). ksh set - o emacs ^p Does not result in the expected outcome. does anyone know why this might be? (0 Replies)
Discussion started by: akbar
0 Replies

10. Programming

Code working AIX 5.2 and not in Solaris 5.9

Hi, When i run the below code in AIX it runs and solaris not ... why ??? #include <stdio.h> #include <string.h> #define MAX 1 int main () { char str ="1,2,3,4,5"; char * pch,b; int a; printf ("Enter the int to be searched ",str); scanf("%d",&a); sprintf(b,"%d",a); ... (2 Replies)
Discussion started by: vijaysabari
2 Replies
Login or Register to Ask a Question

Featured Tech Videos