Centos – Filezilla or PuTTY: I have “Access granted” followed by “Server unexpectedly closed network connection”. How to troubleshoot

Here is an extract of Filezilla debug traces :

Offered public key from "(...)"
Offer of public key accepted, trying to authenticate using it.
Access granted
Server unexpectedly closed network connection

I notice same behaviour from putty in debug mode, access is granted and then "Server unexpectedly closed network connection".

When removing following lines from /etc/ssh/sshd_config :

Match User user1
   ChrootDirectory /home/user1
   AllowTCPForwarding no
   X11Forwarding no
   ForceCommand /usr/lib/openssh/sftp-server

Then Filezilla can connect but not PuTTY. This is fine as I only target FTP, but then user1 can access much more than the required home directory, which is not good.

Any idea of how to troubleshoot this issue? Is there any log to look at on server side?

PS: I don't think it has anything to do with the issue, but authentication is key based (as it appears in traces).

Update:
Thanks to Fred Clausen good advice, I had a look into /var/log/secure and fixed "fatal: bad ownership or modes for chroot directory component" issue. But it's still not working. Here is what's now content of /var/log/secure

Accepted publickey for user1 from ***.***.***.*** port 56432 ssh2
pam_unix(sshd:session): session opened for user user1 by (uid=0)
subsystem request for sftp by user user1
pam_unix(sshd:session): session closed for user user1

From the Filzilla debug, I found this interesrting error:

Event Log: Started a shell/command
Incoming packet #0xc, type 94 / 0x5e (SSH2_MSG_CHANNEL_DATA)
00000000  00 00 01 00 00 00 00 26 2f 62 69 6e 2f 62 61 73  .......&/bin/bas
00000010  68 3a 20 4e 6f 20 73 75 63 68 20 66 69 6c 65 20  h: No such file 
00000020  6f 72 20 64 69 72 65 63 74 6f 72 79 0d 0a        or directory..

Looking into it…

Best Answer

This is fine as I only target FTP, but then user1 can access much more than the required home directory, which is not good.

FTP and SFTP are in no way related to each other with the exception that they can both be used for transferring files.

Anyway for SFTP login I use this in sshd_config:

Subsystem   sftp    internal-sftp -f AUTH -l INFO

Match Group sftp
    ChrootDirectory %h
    ForceCommand internal-sftp
    AllowTcpForwarding no
    AuthorizedKeysFile  %h/authorized_keys
Match

The users that can sftp are in the sftp group. Make sure you give them the /sbin/nologin shell. They will get what they need from OpenSSH.

Lastly if the home directory does not exist, I think you will also be disconnected. As well as if the user has no access to the home directory. Rights to the home dir should be 700 and the user and group should also be the user's username and groupname. In your example:

1049327 drwx------. 2 user1 user1 4,0K oct 8 2013 user1

This is all relates to CentOS, I don't know if this works on another tux.

Best Answer

Related Solutions

Linux – PuTTY Session Closed on Expired Password Over SSH Connection

Linux – Suspicious password login in sshd log

Related Topic