Today I spent some time in getting scponly working. Actually my end goal was a chrooted sftp-only environment for users, so it took a while to get all binaries and libraries together. In an attempt to make life easier, I raised the scponly's debuglevel to 2, to see slightly more output than Connection closed when trying to log in.
I got as far that scp works, but logging in with sftp immediately resulted in Connection closed. Everything seemed to be in place, and all linked libraries used by sftp-server were moved to the chroot. However, I discovered that it had nothing to do with the chroot, setting the user's shell to the normal scponly shell still resulted in the same disconnection. The scponly FAQ suggests to execute strace on the spawned sshd process. Unfortunately, it didn't seem to capture information about the child processes, despite feeding strace the -f flag as prescribed.
Instead, I wrote a wrapper around scponly:
exec strace -o $(mktemp) -v -f /usr/sbin/scponlyc.orig $@
I replaced the scponly binary with the script above, and as you can see, moved the original to /usr/sbin/scponlyc.orig.
Finally, this resulted in the following lines in the output:
21947 --- SIGPIPE (Broken pipe) @ 0 (0) ---
21947 +++ killed by SIGPIPE +++
So it tries to write debug information to file descriptor 2, a.k.a. standard error, and for some reason it fails to do so. I was not really interested in the reason why, because this was already enough information. The solution would be to set scponly's debuglevel file back to 0 again so it wouldn't print anything on stderr anymore. And indeed, in the end I got this nice little prompt after logging in: