Net ssh users - Nov 2006 - sftp restricted shell

Hello,

When I try to connect over sftp to a user account with a restricted shell (rksh,
http://www.openbsd.org/cgi-bin/man.cgi?query=rksh&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html
)

it hangs on waiting for the :open status (by means of the sftp.connect method)

this is the code:

    ssh_session = Net::SSH.start( ''localhost'',
                :password => ''*****'',
                :port => *****,
                :username => ''*****'',
                :verbose => :debug)

    sftp = Net::SFTP::Session.new( ssh_session )
    sftp.connect

this is the last part of the debugged traffic of a hanging session:

[DEBUG] Thu Nov 16 17:30:08 CET 2006 -- connection.driver:
CHANNEL_OPEN_CONFIRMATION recieved (1)[DEBUG] Thu Nov 16 17:30:08 CET 2006 --
sftp.protocol.driver: requesting sftp subsystem[DEBUG] Thu Nov 16 17:30:08 CET
2006 -- transport.session: sending message
>>"b\000\000\000\000\000\000\000\tsubsystem\001\000\000\000\004sftp"<<[DEBUG]
Thu Nov 16 17:30:08 CET 2006 -- transport.session: waiting for packet from
server...[DEBUG] Thu Nov 16 17:30:08 CET 2006 --
transport.incoming_packet_stream: reading 8 bytes from socket...[DEBUG] Thu Nov
16 17:30:08 CET 2006 -- transport.incoming_packet_stream: packet length(20)
remaining(16)[DEBUG] Thu Nov 16 17:30:08 CET 2006 --
transport.incoming_packet_stream: received:
"]\000\000\000\001\000\002\000\000"[DEBUG] Thu Nov 16 17:30:08 CET
2006 -- transport.session: got packet of type 93[DEBUG] Thu Nov 16 17:30:08 CET
2006 -- connection.driver: CHANNEL_WINDOW_ADJUST recieved (1:131072)[DEBUG] Thu
Nov 16 17:30:08 CET 2006 -- transport.session: waiting for packet from
server...[DEBUG] Thu Nov 16 17:30:08 CET 2006 --
transport.incoming_packet_stream: reading 8 bytes from socket...[DEBUG] Thu Nov
16 17:30:08 CET 2006 -- transport.incoming_packet_stream: packet length(12)
remaining(8)[DEBUG] Thu Nov 16 17:30:08 CET 2006 --
transport.incoming_packet_stream: received: "c\000\000\000\001"[DEBUG]
Thu Nov 16 17:30:08 CET 2006 -- transport.session: got packet of type 99[DEBUG]
Thu Nov 16 17:30:08 CET 2006 -- connection.driver: CHANNEL_SUCCESS recieved
(1)[DEBUG] Thu Nov 16 17:30:08 CET 2006 -- sftp.protocol.driver: initializing
sftp subsystem[DEBUG] Thu Nov 16 17:30:08 CET 2006 -- transport.session: sending
message
>>"^\000\000\000\000\000\000\000\t\000\000\000\005\001\000\000\000\005"<<[DEBUG]
Thu Nov 16 17:30:08 CET 2006 -- transport.session: waiting for packet from
server...[DEBUG] Thu Nov 16 17:30:08 CET 2006 --
transport.incoming_packet_stream: reading 8 bytes from socket...[DEBUG] Thu Nov
16 17:30:08 CET 2006 -- transport.incoming_packet_stream: packet length(44)
remaining(40)[DEBUG] Thu Nov 16 17:30:08 CET 2006 --
transport.incoming_packet_stream: received:
"b\000\000\000\001\000\000\000\vexit-signal\000\000\000\000\004PIPE\000\000\000\000\000\000\000\000\000"[DEBUG]
Thu Nov 16 17:30:08 CET 2006 -- transport.session: got packet of type 98[DEBUG]
Thu Nov 16 17:30:08 CET 2006 -- connection.driver: CHANNEL_REQUEST recieved
(1:exit-signal)[DEBUG] Thu Nov 16 17:30:08 CET 2006 -- transport.session:
waiting for packet from server...[DEBUG] Thu Nov 16 17:30:08 CET 2006 --
transport.incoming_packet_stream: reading 8 bytes from socket...[DEBUG] Thu Nov
16 17:30:08 CET 2006 -- transport.incoming_packet_stream: packet length(12)
remaining(8)[DEBUG] Thu Nov 16 17:30:08 CET 2006 --
transport.incoming_packet_stream: received: "`\000\000\000\001"[DEBUG]
Thu Nov 16 17:30:08 CET 2006 -- transport.session: got packet of type 96[DEBUG]
Thu Nov 16 17:30:08 CET 2006 -- connection.driver: CHANNEL_EOF recieved
(1)[DEBUG] Thu Nov 16 17:30:08 CET 2006 -- transport.session: waiting for packet
from server...[DEBUG] Thu Nov 16 17:30:08 CET 2006 --
transport.incoming_packet_stream: reading 8 bytes from socket...[DEBUG] Thu Nov
16 17:30:08 CET 2006 -- transport.incoming_packet_stream: packet length(12)
remaining(8)[DEBUG] Thu Nov 16 17:30:08 CET 2006 --
transport.incoming_packet_stream: received: "a\000\000\000\001"[DEBUG]
Thu Nov 16 17:30:08 CET 2006 -- transport.session: got packet of type 97[DEBUG]
Thu Nov 16 17:30:08 CET 2006 -- connection.driver: CHANNEL_CLOSE recieved
(1)[DEBUG] Thu Nov 16 17:30:08 CET 2006 -- transport.session: sending message
>>"a\000\000\000\000"<<[DEBUG] Thu Nov 16 17:30:08 CET
2006 -- transport.session: waiting for packet from server...[DEBUG] Thu Nov 16
17:30:08 CET 2006 -- transport.incoming_packet_stream: reading 8 bytes from
socket...

and here it keeps hanging forever (only ctrl-c helps).

If I change the shell in /etc/passwd from /bin/rksh to /bin/ksh it succeeds.
(tell me if you want a debug of that too)

Since I''m using this stuff within rails it hangs my whole application,
including all threads
(which I currently "solved" by putting this code into a timeout
block). I would really like to use this software with restricted shells though.

I used OpenBSD 3.9 with the shipped OpenSSH 4.3 (and thus sftp protocol 3).

Cheers,

Tim





____________________________________________________________________________________
Sponsored Link

Mortgage rates near 39yr lows.
$420k for $1,399/mo. Calculate new payment!
www.LowerMyBills.com/lre