Etch, sftp and the rssh shell

less than 1 minute read

I discovered an issue. SFTP did not work anymore. The debug session showed:

[..]
debug1: Sending subsystem: sftp
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.2 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 0

The user only has the RSSH (sftp enabled) and he is further limited by the following entry in .ssh/authorized_keys:

command="/usr/lib/sftp-server" ...key...

But this doesn’t work anymore. /usr/lib/sftp-server now is a symlink to /usr/lib/openssh/sftp-server and I had to change the .ssh/authorized_keys for the user to:

command="/usr/lib/openssh/sftp-server" ...key...

and access is granted again.

Update

This can be found in syslog:

rssh[xxx]: user XXX attempted to execute forbidden commands
rssh[xxx]: command: /usr/lib/sftp-server