Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    add user and enable chroot ssh scp access

    Scheduled Pinned Locked Moved General pfSense Questions
    2 Posts 2 Posters 659 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      luisenrique
      last edited by luisenrique

      Hello beautiful people
      on my pf-sense box i need add and setup an user to allow sft/ssh chrroted but i don't know where start...
      so i added the user assigned User - System: Copy files to home directory (chrooted scp) but i dont know whats to do with /usr/local/etc/rc.d/scponlyc i enabled and try to start but nothing happens... which other role i should add?
      when i try ssh access and enter the passwd the coneection is closed. ... enabling -vv to the connection...:

      Password for userchrooted@mypfsenseboxip:
debug3: send packet: type 61
debug3: receive packet: type 60
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 0
debug3: send packet: type 61
debug3: receive packet: type 52
debug1: Authentication succeeded (keyboard-interactive).
Authenticated to mypfsenseboxip ([mypfsenseboxip]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Requesting no-more-sessions@openssh.com
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: network
debug1: console supports the ansi parsing
debug3: Successfully set console output code page from:850 to 65001
debug3: Successfully set console input code page from:850 to 65001
debug3: receive packet: type 80
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug3: receive packet: type 91
debug2: channel_input_open_confirmation: channel 0: callback start
debug2: fd 3 setting TCP_NODELAY
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug3: send packet: type 98
debug2: channel 0: request shell confirm 1
debug3: send packet: type 98
debug2: channel_input_open_confirmation: channel 0: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98

WinSCP: this is end-of-file:0

WinSCP: this is end-of-file:0

WinSCP: this is end-of-file:0

WinSCP: this is end-of-file:0
debug1: client_input_channel_req: channel 0 rtype keepalive@openssh.com reply 1
debug3: send packet: type 100
debug3: receive packet: type 98
debug3: send packet: type 100
debug3: receive packet: type 96
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
^Cdebug3: receive packet: type 98
debug1: client_input_channel_req: channel 0 rtype exit-signal reply 0
debug3: receive packet: type 98
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug2: channel 0: rcvd eow
debug2: channel 0: close_read
debug2: channel 0: input open -> closed
debug3: receive packet: type 97
debug2: channel 0: rcvd close
debug3: channel 0: will not send data after close
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug3: Successfully set console output code page from 65001 to 850
debug3: Successfully set console input code page from 65001 to 850
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug3: send packet: type 97
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
  #0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cc -1)

debug3: send packet: type 1
debug3: Successfully set console output code page from 65001 to 850
debug3: Successfully set console input code page from 65001 to 850
Connection to 192.168.9.2 closed.
Transferred: sent 2876, received 4208 bytes, in 634.6 seconds
Bytes per second: sent 4.5, received 6.6
debug1: Exit status -1

      clent side.... on the pfsense box side:

      Jul  4 16:06:01 mypfsenseboxip sshd[84400]: Accepted keyboard-interactive/pam for userchrooted from ClientIP port 53472 ssh2
Jul  4 16:07:52 mypfsenseboxip sshd[86855]: Received disconnect from ClientIP port 53472:11: disconnected by user
Jul  4 16:07:52 mypfsenseboxip sshd[86855]: Disconnected from user userchrooted ClientIP port 53472
Jul  4 16:10:46 mypfsenseboxip sshd[58245]: Accepted keyboard-interactive/pam for opensshuser from ClientIP port 53480 ssh2

      can some one put me in the right direction please? thanks in advanced as always
      i love pfsense

      1 Reply Last reply Reply Quote 0
      • L luisenrique referenced this topic on
      • rcfaR rcfa referenced this topic on
      • rcfaR
        rcfa
        last edited by

        FYI, here are the results of my investigation
        https://forum.netgate.com/topic/185794/there-s-absolutely-no-useful-documentation-on-user-system-copy-files-to-home-directory-chrooted-scp/6
        any improvements (and I wish there are) are welcome!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.