9

i'm having trouble forcing users to only be able to use sftp when connecting over ssh.

I have the following lines in my /etc/ssh/sshd_config:

Subsystem sftp /usr/libexec/openssh/sftp-server

Match user USERNAME
ForceCommand internal-sftp

But when I try to connect via sftp, i get the error:

error: subsystem: cannot stat /usr/libexec/openssh/sftp-server: No such file or directory
subsystem request for sftp failed, subsystem not found

However, the file /usr/libexec/openssh/sftp-server does exist and seems to be working fine. If I don't try and force the connection to be sftp, then I can ssh in just fine, so the ssh daemon seems to be handling things correctly, but forcing sftp is not.

Does anyone have any suggestions? I've tried searching for answers but all the solutions i've found seem to be about the sftp-server not being in the correct place. For me though, the file is definitely there.

I'm using CentOS 6, and OpenSSH 5.3p1. Thanks for any help.

Jai Redden
  • 93
  • 1
  • 1
  • 4
  • Does SFTP work when the command isn't forced? – mgorven Apr 23 '12 at 06:09
  • Yes, sftp works fine when it isn't forced. In that case i get the following message in my /var/log/secure when connecting via sftp: sshd[3569]: subsystem request for sftp – Jai Redden Apr 23 '12 at 12:21
  • In my case, on one CentOS 6 minimal install, the `sshd_config` default path was wrong—it needed to be updated to `/usr/libexec/openssh/sftp-server` (find out where you have it installed via `find / -name "sftp-server"`). This was causing Ansible to pop warnings like `[WARNING]: sftp transfer mechanism failed on [server]` until I fixed it. – geerlingguy Mar 17 '17 at 19:50

1 Answers1

11

Do you use "ChrootDirectory"? That would explain "file not found" if your "/usr/libexec/openssh/sftp-server" exist.

You should use "Subsystem sftp internal-sftp" instead (or give up on Chroot)

Matija Nalis
  • 2,478
  • 24
  • 37