I am running a fedora core 13 server and I am having trouble with sftp. My users can connect to the server using SSH both using public key and password authentication. For some reason they are not able to connect using sftp.
I'l not sure what's going on. I ran sshd in debug mode and here's the trace:
Code:
debug1: sshd version OpenSSH_5.4p1
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: rexec_argv[2]='-p1234'
Set /proc/self/oom_adj from 0 to -17
debug1: Bind to port 1234 on 0.0.0.0.
Server listening on 0.0.0.0 port 1234.
debug1: Bind to port 1234 on ::.
Server listening on :: port 1234.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from 129.171.56.94 port 46607
debug1: Client protocol version 2.0; client software version OpenSSH_3.9p1
debug1: match: OpenSSH_3.9p1 pat OpenSSH_3.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.4
debug1: permanently_set_uid: 74/74
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user emil service ssh-connection method none
debug1: attempt 0 failures 0
debug1: PAM: initializing for "emil"
debug1: PAM: setting PAM_RHOST to "129.171.56.94"
debug1: PAM: setting PAM_TTY to "ssh"
debug1: userauth-request for user emil service ssh-connection method gssapi-with-mic
debug1: attempt 1 failures 0
debug1: An invalid name was supplied
Hostname cannot be canonicalized
debug1: userauth-request for user emil service ssh-connection method gssapi-with-mic
debug1: attempt 2 failures 0
debug1: userauth-request for user emil service ssh-connection method password
debug1: attempt 3 failures 0
debug1: PAM: password authentication accepted for emil
debug1: do_pam_account: called
Accepted password for emil from 129.171.56.94 port 46607 ssh2
debug1: monitor_child_preauth: emil has been authenticated by privileged process
debug1: temporarily_use_uid: 500/500 (e=0/0)
debug1: ssh_gssapi_storecreds: Not a GSSAPI mechanism
debug1: restore_uid: 0/0
debug1: SELinux support disabled
debug1: PAM: establishing credentials
debug1: PAM: establishing credentials
debug1: permanently_set_uid: 500/500
debug1: Entering interactive session for SSH2.
debug1: server_init_dispatch_20
User child is on pid 13726
debug1: server_input_channel_open: ctype session rchan 0 win 131072 max 32768
debug1: input_session_request
debug1: channel 0: new [server-session]
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_channel_req: channel 0 request subsystem reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req subsystem
subsystem request for sftp
debug1: subsystem: exec() /usr/libexec/openssh/sftp-server
debug1: Received SIGCHLD.
debug1: session_by_pid: pid 13727
debug1: session_exit_message: session 0 channel 0 pid 13727
debug1: session_exit_message: release channel 0
debug1: session_by_channel: session 0 channel 0
debug1: session_close_by_channel: channel 0 child 0
debug1: session_close: session 0 pid 0
debug1: channel 0: free: server-session, nchannels 1
Connection closed by 129.171.56.94
debug1: do_cleanup
Transferred: sent 2056, received 1336 bytes
Closing connection to 129.171.56.94 port 46607
debug1: PAM: cleanup
debug1: PAM: closing session
debug1: PAM: deleting credentials
I've had the hardest time getting my Windows users (technically proficient users who grew up with VAX.VMS systems) to abandon FTP and TELNET for SSH and SFTP/SCP. It's getting to the point where I'm getting seriously angry at them for being "stupid". With that little bit of complaint aside after... (1 Reply)
Hi,
I have searched the web and have come back with nothing that is satisfactory for what I require. SFTP is my corporations new file transfer standard. What I require is a method to lock down SFTP users to their directory (they may go to sub directories) while not restricting regular users. ... (2 Replies)
Hello,
Running Debian 5.
SSH version 5.1p1-5.
How do I set umask for sftp only users ?
Users are jailed - that means they use internal-sftp:
# cat /etc/ssh/sshd_config
..........
Match group group1
ChrootDirectory /home/%u
X11Forwarding no
AllowTcpForwarding... (2 Replies)
Hi, I need to log the activity of my SFTP (RHEL 5.4).
I have this in /etc/sshd/sshd_config:
Subsystem sftp /usr/libexec/openssh/sftp-server -f LOCAL5 -l VERBOSE
And this in /etc/syslog.conf:
LOCAL5.* /var/log/sftp.log
When I log in... (1 Reply)
In generally I use vsftp but I want to improve our security so I decide to use sftp instead of vsftp.
We know that ssh,scp and sftp are in openssh server.
How can I lock only sftp user to their home folder? And to prevent some users for sftp like root as such in vsftp daemon? (3 Replies)
Hello,
can someone please provide steps, can I restrict a multiple users to only access only sftp on a server, to perform upload and download of files on their home directories.
1. I have updated their login shell as /sbin/nologin.
anything else do I need to update.
Thanks, (3 Replies)
Hello,
I have a weird issue, I have RHEL 5.7 running with openssh5.2 where sftpgroup OS group is chroot. I see the difference difference in timestamp on files, when I login via ssh and SFTP, I see four hour difference, is something missing in my configuration.
#pwd... (8 Replies)
hi guys,
i need a script to sftp the file from windows to unix server ....(before that i have to check whether the file exists in the windows server or not
and again i have to reverse sftp the files from unix to windows server.....
regards,
Vasa Saikumar. (13 Replies)
Hi All
This is regarding an SFTP Password less connection.
I am logged into my local Server1 using username1.
The remote server i have to connect is "Remoteserver1" with the "useriD" provided. I have already exchanged the public key and they are added to the authorized keys in the remote... (2 Replies)
I am sorry if i post in wrong Form.
i have AIX server in which ssh works for all users but sftp only works for root user .
it is too much important for me to solve this .
Your help will be greatly appreciated. (1 Reply)