ForceCommand internal-sftp causes sftp logging to fail (openssh-5.0p1)

Fred Kilbourn fred at fredk.com
Fri Jun 27 13:27:11 EST 2008 

Larry,
	I tried this:

		ForceCommand internal-sftp -f AUTHPRIV -l VERBOSE

	But when I add either -f or -l flag, the connection is dropped
by the server as soon as I authenticate.

	Should I be quoting the arguments in some way on the
ForceCommand line?  Or is there another way to pass these parameters
along?  Or, is this something that openssh is not handling correctly?

	The following clip from a full debug test session:

debug1: session_new: init
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_channel_req: channel 0 request subsystem reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req subsystem
subsystem request for sftp
debug1: subsystem: exec() internal-sftp -f AUTHPRIV -l INFO
debug1: Forced command (config) 'internal-sftp -f AUTHPRIV -l INFO'
debug2: fd 3 setting TCP_NODELAY
debug2: fd 9 setting O_NONBLOCK
debug3: fd 9 is O_NONBLOCK
debug2: notify_done: reading
debug1: Received SIGCHLD.
debug1: session_by_pid: pid 2652
debug1: session_exit_message: session 0 channel 0 pid 2652
debug2: channel 0: request exit-status confirm 0
debug1: session_exit_message: release channel 0

Thanks,

Fred Kilbourn
Kilbourn Consulting, LLC
www.kilbournconsulting.com
231-392-3752
fred at fredk.com

> -----Original Message-----
> From: larry.l.becke at marshpm.com [mailto:larry.l.becke at marshpm.com]
> Sent: Wednesday, June 25, 2008 11:08 AM
> To: Fred Kilbourn
> Subject: ForceCommand internal-sftp causes sftp logging to fail
> (openssh-5.0p1)
> 
> 
> #================================================#
> Subsystem sftp internal-sftp -f AUTHPRIV -l VERBOSE
> 
> Match User fredwww
>    ChrootDirectory %h
>    #ForceCommand internal-sftp -f AUTHPRIV -l VERBOSE
> #================================================#
> 
> Modify the ForceCommand to use the same parameters as the Subsystem
> call....
> 
> You are overriding the Subsystem call with the forcecommand, so you
> must
> add the parms there as well.
> 
> 
> 
> Larry Becke, Sr. Technical Analyst
> MMC Global Technology Infrastructure | Centralized Operations
> 12421 Meredith Drive, MIS2, Urbandale, IA 50398, USA
> +1 515-365-3071 | larry.l.becke at marshpm.com
> www.mmc.com

More information about the openssh-unix-dev mailing list