Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    add user and enable chroot ssh scp access

    Scheduled Pinned Locked Moved General pfSense Questions
    2 Posts 2 Posters 659 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      luisenrique
      last edited by luisenrique

      Hello beautiful people
      on my pf-sense box i need add and setup an user to allow sft/ssh chrroted but i don't know where start...
      so i added the user assigned User - System: Copy files to home directory (chrooted scp) but i dont know whats to do with /usr/local/etc/rc.d/scponlyc i enabled and try to start but nothing happens... which other role i should add?
      when i try ssh access and enter the passwd the coneection is closed. ... enabling -vv to the connection...:

      Password for userchrooted@mypfsenseboxip:
      debug3: send packet: type 61
      debug3: receive packet: type 60
      debug2: input_userauth_info_req
      debug2: input_userauth_info_req: num_prompts 0
      debug3: send packet: type 61
      debug3: receive packet: type 52
      debug1: Authentication succeeded (keyboard-interactive).
      Authenticated to mypfsenseboxip ([mypfsenseboxip]:22).
      debug1: channel 0: new [client-session]
      debug3: ssh_session2_open: channel_new: 0
      debug2: channel 0: send open
      debug3: send packet: type 90
      debug1: Requesting no-more-sessions@openssh.com
      debug3: send packet: type 80
      debug1: Entering interactive session.
      debug1: pledge: network
      debug1: console supports the ansi parsing
      debug3: Successfully set console output code page from:850 to 65001
      debug3: Successfully set console input code page from:850 to 65001
      debug3: receive packet: type 80
      debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
      debug3: receive packet: type 91
      debug2: channel_input_open_confirmation: channel 0: callback start
      debug2: fd 3 setting TCP_NODELAY
      debug2: client_session2_setup: id 0
      debug2: channel 0: request pty-req confirm 1
      debug3: send packet: type 98
      debug2: channel 0: request shell confirm 1
      debug3: send packet: type 98
      debug2: channel_input_open_confirmation: channel 0: callback done
      debug2: channel 0: open confirm rwindow 0 rmax 32768
      debug3: receive packet: type 99
      debug2: channel_input_status_confirm: type 99 id 0
      debug2: PTY allocation request accepted on channel 0
      debug2: channel 0: rcvd adjust 2097152
      debug3: receive packet: type 99
      debug2: channel_input_status_confirm: type 99 id 0
      debug2: shell request accepted on channel 0
      debug2: client_check_window_change: changed
      debug2: channel 0: request window-change confirm 0
      debug3: send packet: type 98
      
      WinSCP: this is end-of-file:0
      
      WinSCP: this is end-of-file:0
      
      WinSCP: this is end-of-file:0
      
      WinSCP: this is end-of-file:0
      debug1: client_input_channel_req: channel 0 rtype keepalive@openssh.com reply 1
      debug3: send packet: type 100
      debug3: receive packet: type 98
      debug3: send packet: type 100
      debug3: receive packet: type 96
      debug2: channel 0: rcvd eof
      debug2: channel 0: output open -> drain
      ^Cdebug3: receive packet: type 98
      debug1: client_input_channel_req: channel 0 rtype exit-signal reply 0
      debug3: receive packet: type 98
      debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
      debug2: channel 0: rcvd eow
      debug2: channel 0: close_read
      debug2: channel 0: input open -> closed
      debug3: receive packet: type 97
      debug2: channel 0: rcvd close
      debug3: channel 0: will not send data after close
      debug2: channel 0: obuf empty
      debug2: channel 0: close_write
      debug2: channel 0: output drain -> closed
      debug2: channel 0: almost dead
      debug2: channel 0: gc: notify user
      debug3: Successfully set console output code page from 65001 to 850
      debug3: Successfully set console input code page from 65001 to 850
      debug2: channel 0: gc: user detached
      debug2: channel 0: send close
      debug3: send packet: type 97
      debug2: channel 0: is dead
      debug2: channel 0: garbage collecting
      debug1: channel 0: free: client-session, nchannels 1
      debug3: channel 0: status: The following connections are open:
        #0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cc -1)
      
      debug3: send packet: type 1
      debug3: Successfully set console output code page from 65001 to 850
      debug3: Successfully set console input code page from 65001 to 850
      Connection to 192.168.9.2 closed.
      Transferred: sent 2876, received 4208 bytes, in 634.6 seconds
      Bytes per second: sent 4.5, received 6.6
      debug1: Exit status -1
      

      clent side.... on the pfsense box side:

      Jul  4 16:06:01 mypfsenseboxip sshd[84400]: Accepted keyboard-interactive/pam for userchrooted from ClientIP port 53472 ssh2
      Jul  4 16:07:52 mypfsenseboxip sshd[86855]: Received disconnect from ClientIP port 53472:11: disconnected by user
      Jul  4 16:07:52 mypfsenseboxip sshd[86855]: Disconnected from user userchrooted ClientIP port 53472
      Jul  4 16:10:46 mypfsenseboxip sshd[58245]: Accepted keyboard-interactive/pam for opensshuser from ClientIP port 53480 ssh2
      
      

      can some one put me in the right direction please? thanks in advanced as always
      i love pfsense

      1 Reply Last reply Reply Quote 0
      • L luisenrique referenced this topic on
      • rcfaR rcfa referenced this topic on
      • rcfaR
        rcfa
        last edited by

        FYI, here are the results of my investigation
        https://forum.netgate.com/topic/185794/there-s-absolutely-no-useful-documentation-on-user-system-copy-files-to-home-directory-chrooted-scp/6
        any improvements (and I wish there are) are welcome!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.