On Tue, 4 Dec 2001, Boris Lorenz wrote:
Hi John,
On 01-Dec-01 John Ritchie wrote:
[much stuff cut]
The way I solved this (on Solaris with Openssh) was to set the sftp-only user's shell to be the sftp-server binary (/usr/local/libexec/sftp-server on my Solaris openssh build). I did not have to add this to /etc/shells. I haven't tried this on a SuSE box.
I've tried it on one of our linux boxes, and it doesn't work. The error:
"Warning: ssh_packet_wrapper_input: invalid packet received: len 1819239269 closing the offending input channel."
(Btw., the same error occurs with shells like false, noshell, etc.).
Maybe Solaris "wraps" sftp/ssh sessions differently than Linux. According to sftp's (Linux-)man page, sftp uses a sub-system from sshd to transfer files securely. I don't know much about the ssh implementation on Solaris, tho.
I remember encountering this error while testing but I got around it somehow. I'm thinking it had to do with versions of openssh (or maybe I saw that on the commercial SSH server?) or misconfigured sshd_config (sftp subservice not turned on?) or something like that. I'm sorry I don't remember the details; it's been several months and I didn't document it so it's gone. Sorry I can't be more exact. I tested using the sftp-server as shell on a SuSE 7.0 machine with openssh 2.9.9p2-27 and it worked for me. What version of ssh are you using? John