sftp problem with ftponly shell

JerryHone · October 15, 2010, 7:08am

Solaris (10 if it matters)

We can connect from a remote client successfully to our server and use ftp without issue for an account with ftponly shell

With public/private keys, we can also connect passwordless to a server ftponly account and use sftp

However, if we try to connect to the using sftp on the client and enter the password (ie without public/private keys) , although it appears to connect nothing seems to work - the client side freezes and it's not possible to do anything useful. Doing the same thing but to a ksh account works fine, but leaves a huge security hole!

I've heard rumours that there's a known issue with sftp/ftponly but can't find any details. Can anyone help?

Jerry

Neo · October 15, 2010, 7:36am

What are the (error) messages in syslog?

erick_tuk · October 15, 2010, 8:12am

can you check usePAM in sshd_config?. Also if you don't want it to prompt you a password change StricModes to "yes"

JerryHone · October 15, 2010, 8:27am

Neo - nothing obvious on client or server in /var/adm/messages!

erick_tuk - I don't have privileges to see the config, so I'll try and get my SAs to take a look. What exactly are you expecting to see, and what do you think is needed?

Jerry