I followed instructions in the Co:Z SFTP User's Guide (section 2.1 and subsection titled "User specific customization") to enable the CoZ sftp-server to be used for my User ID.
When I attempt to do an SFTP connection to the server after making these changes, I immediately get disconnected after a successful authentication.
I am not seeing any log files created either. So, to troubleshoot this, I did a local SFTP connection as shown below and got an error about a missing "`" in sftp-server.sh script.
Code: Select all
sftp -P /usr/lpp/coz/bin/sftp-server.sh
Attaching to /usr/lpp/coz/bin/sftp-server.sh...
/u/userid/.ssh/sftp-server.rc 1: .: /usr/lpp/coz/bin/sftp-server.sh 58: FSUM7729 missing closing "`"
FOTS0841 Connection closedThanks
**************************
Code: Select all
#! /bin/sh
# This shell script is a front-end to the Co:Z version of the
# sftp-server executable. This script runs under a normal
# user process under sshd if the /etc/ssh/sshd.config file points
# the "sftp" subsystem to the full path name of this script.
# This script will first run an installation profile: "/etc/ssh/sftp-server.rc"
# if it exists and then a user profile: "$HOME/.ssh/sftp-server.rc"
# if it exists.
# By default, this script will execute the IBM version of sftp-server
# unless the user has a profile or the installation profile
# sets USE_COZ_SFTP=true.
# These profiles may be used to set environment variables to control sftp-server.
# The following variables may be exported by the user's sftp-server.rc
# profile to control the Co:Z sftp-server:
#
# SFTP_LOGFILE - pathname of file to where log/debug messages are written.
# Default is /tmp/sftp-server.<userid>.<nnnn>.log
# SFTP_SERVER_OPTIONS - commandline options to sftp-server. Default is
# "-e" which is required in order to route messages to
# SFTP_LOGFILE. "-e -l debug3" may be used to configure
# debug-level logging in sftp-server code.
# COZ_LOG - Controls logging options for the Co:Z extension library
# used to add z/OS support to sftp-server.
# May be set to "D"/"T"/"F" for Debug, Trace, or Fine-trace
# logging levels
# SFTP_ZOS_OPTIONS - May be used to set a default options string for the user.
# Default is empty. Example: "mode=text,c=ISO8859-1"
# COZ_SFTP_USER_SERVER_RC - May be set in /etc/ssh/sftp-server.rc to identify the location
# of the user specific RC file. Defaults to $HOME/.ssh/sftp-server.rc
# COZ_SFTP_USER_SERVER_CONFIG - May be set in /etc/ssh/sftp-server.rc to identify the location
# of the user specific config file. Defaults to $HOME/.ssh/cozsftp_server_config
# USE_COZ_SFTP The user may set this to "false" if the IBM sftp-server should
# always be used (even if the user has an sftp-server.rc profile)
export _BPX_SHAREAS=YES
export _BPX_SPAWN_SCRIPT=YES
export _BPXK_JOBLOG=STDERR
COZ_BIN=${0%/*}
export LOWER_LOGNAME=`echo $LOGNAME | tr "[:upper:]" "[:lower:]"`
# Set default locations for the user level RC and config files
# These can be overridden in /etc/ssh/sftp-server.rc
export COZ_SFTP_USER_SERVER_RC=$HOME/.ssh/sftp-server.rc
export COZ_SFTP_USER_SERVER_CONFIG=$HOME/.ssh/cozsftp_server_config
# If there is an installation profile file, run it.
if [[ -x "/etc/ssh/sftp-server.rc" ]]
then
. /etc/ssh/sftp-server.rc
fi
if [[ -x "$COZ_SFTP_USER_SERVER_RC" ]]
then
. "$COZ_SFTP_USER_SERVER_RC"
USE_COZ_SFTP=${USE_COZ_SFTP:-true}
fi
# If we are not supposed to use the Co:Z version of the sftp-server,
# or we can't find it as an executable file, then fall back and exec the IBM version
if [[ -z "$COZ_BIN" || ! -e /etc/ssh/cozsftp_debug ]]
then
COZ_BIN=${0%/*}
fi
SFTP_SERVER="$COZ_BIN/sftp-server"
if [[ ! ( $USE_COZ_SFTP == "true" && -x "$SFTP_SERVER" ) ]]; then
exec /usr/lib/ssh/sftp-server
exit $?
fi
# Set default options if not set by the .rc profile
if [[ -z "$SFTP_SERVER_OPTIONS" ]]
then
SFTP_SERVER_OPTIONS="-e"
fi
# Setup a logfile if not set by the .rc profile
if [[ -z "$SFTP_LOGFILE" ]]
then
tdir=${TMPDIR:-/tmp}
dte=`date +%j.%H%M%S`
SFTP_LOGFILE=$tdir/sftp-server.$LOWER_LOGNAME.$dte.$$.log
fi
# Ensure that the logfile is writable, and the filesystem is not full. If not, issue a
# WTO error message and set the log to /dev/null before continuing
emsg="COZSFTP001E log file $SFTP_LOGFILE is not writable, or file system is full!"
if [[ -f "$SFTP_LOGFILE" && ! -w "$SFTP_LOGFILE" ]]; then
$COZ_BIN/wto -r 2 -d 6 "$emsg"
SFTP_LOGFILE=/dev/null
else
echo "=======" > $SFTP_LOGFILE
if [[ $? -ne 0 ]]; then
$COZ_BIN/wto -r 2 -d 6 "$emsg"
SFTP_LOGFILE=/dev/null
fi
fi
export SFTP_LOGFILE
# Establish the default C locale and invoke sftp-server
export LC_ALL="C"
"$SFTP_SERVER" $SFTP_SERVER_OPTIONS 2>"$SFTP_LOGFILE"
RC=$?
# Remove the logfile if empty
if [[ -f "$SFTP_LOGFILE" && ! -s "$SFTP_LOGFILE" ]]; then
rm $SFTP_LOGFILE
fi
exit $RC