• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

add user and enable chroot ssh scp access

Scheduled Pinned Locked Moved General pfSense Questions
2 Posts 2 Posters 456 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • L
    luisenrique
    last edited by luisenrique Jul 6, 2023, 7:06 PM Jul 4, 2023, 8:17 PM

    Hello beautiful people
    on my pf-sense box i need add and setup an user to allow sft/ssh chrroted but i don't know where start...
    so i added the user assigned User - System: Copy files to home directory (chrooted scp) but i dont know whats to do with /usr/local/etc/rc.d/scponlyc i enabled and try to start but nothing happens... which other role i should add?
    when i try ssh access and enter the passwd the coneection is closed. ... enabling -vv to the connection...:

    Password for userchrooted@mypfsenseboxip:
debug3: send packet: type 61
debug3: receive packet: type 60
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 0
debug3: send packet: type 61
debug3: receive packet: type 52
debug1: Authentication succeeded (keyboard-interactive).
Authenticated to mypfsenseboxip ([mypfsenseboxip]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Requesting no-more-sessions@openssh.com
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: network
debug1: console supports the ansi parsing
debug3: Successfully set console output code page from:850 to 65001
debug3: Successfully set console input code page from:850 to 65001
debug3: receive packet: type 80
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug3: receive packet: type 91
debug2: channel_input_open_confirmation: channel 0: callback start
debug2: fd 3 setting TCP_NODELAY
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug3: send packet: type 98
debug2: channel 0: request shell confirm 1
debug3: send packet: type 98
debug2: channel_input_open_confirmation: channel 0: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98

WinSCP: this is end-of-file:0

WinSCP: this is end-of-file:0

WinSCP: this is end-of-file:0

WinSCP: this is end-of-file:0
debug1: client_input_channel_req: channel 0 rtype keepalive@openssh.com reply 1
debug3: send packet: type 100
debug3: receive packet: type 98
debug3: send packet: type 100
debug3: receive packet: type 96
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
^Cdebug3: receive packet: type 98
debug1: client_input_channel_req: channel 0 rtype exit-signal reply 0
debug3: receive packet: type 98
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug2: channel 0: rcvd eow
debug2: channel 0: close_read
debug2: channel 0: input open -> closed
debug3: receive packet: type 97
debug2: channel 0: rcvd close
debug3: channel 0: will not send data after close
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug3: Successfully set console output code page from 65001 to 850
debug3: Successfully set console input code page from 65001 to 850
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug3: send packet: type 97
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
  #0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cc -1)

debug3: send packet: type 1
debug3: Successfully set console output code page from 65001 to 850
debug3: Successfully set console input code page from 65001 to 850
Connection to 192.168.9.2 closed.
Transferred: sent 2876, received 4208 bytes, in 634.6 seconds
Bytes per second: sent 4.5, received 6.6
debug1: Exit status -1

    clent side.... on the pfsense box side:

    Jul  4 16:06:01 mypfsenseboxip sshd[84400]: Accepted keyboard-interactive/pam for userchrooted from ClientIP port 53472 ssh2
Jul  4 16:07:52 mypfsenseboxip sshd[86855]: Received disconnect from ClientIP port 53472:11: disconnected by user
Jul  4 16:07:52 mypfsenseboxip sshd[86855]: Disconnected from user userchrooted ClientIP port 53472
Jul  4 16:10:46 mypfsenseboxip sshd[58245]: Accepted keyboard-interactive/pam for opensshuser from ClientIP port 53480 ssh2

    can some one put me in the right direction please? thanks in advanced as always
    i love pfsense

    1 Reply Last reply Reply Quote 0
    • L luisenrique referenced this topic on Jul 5, 2023, 2:03 AM
    • R rcfa referenced this topic on Jan 27, 2024, 4:34 PM
    • R
      rcfa
      last edited by Jan 28, 2024, 12:56 AM

      FYI, here are the results of my investigation
      https://forum.netgate.com/topic/185794/there-s-absolutely-no-useful-documentation-on-user-system-copy-files-to-home-directory-chrooted-scp/6
      any improvements (and I wish there are) are welcome!

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received