Today (Saturday) We will make some minor tuning adjustments to MySQL.

You may experience 2 up to 10 seconds "glitch time" when we restart MySQL. We expect to make these adjustments around 1AM Eastern Daylight Saving Time (EDT) US.


Beginner : sftp doesnt work

Login or Register to Reply

 
Thread Tools Search this Thread
# 1  
Beginner : sftp doesnt work

Hello,
I really appreciate any help on this.
Have to connect to external server via sftp. Our server is Linux machine

Linux our.server.com 3.10.0-514.26.2.el7.x86_64 #1 SMP Tue Jul 4 15:04:05
UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

I generated the keys, put them in /root/.ssh, sent public one to the customer.

Well something doesn't work. Here is how it looks like
Code:
[root@kestrel tmp]# sftp -vvv user_name@xxxx.yyyyyy.ca
OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to xxxx.yyyyyy.ca [216.220.60.44] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug3: Incorrect RSA1 identifier
debug3: Could not load "/root/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version SilverSHielD
debug1: no match: SilverSHielD
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "xxxx.yyyyyy.ca" from file "/roo
t/.ssh/known_hosts"
debug3: load_hostkeys: loaded 0 keys
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-
sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hel
lman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-n
istp384-cert-v01@openssh.com,ecdsa-s...01@openssh.com,ssh-ed2551
9-cert-v01@openssh.com,ssh-rsa-cert-...01@openssh.com
,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,e
cdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour12
8,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,ae
s128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndae
l-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour12
8,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,ae
s128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndae
l-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,um
ac-64-etm@openssh.com,umac-128-etm@o...tm@openssh.com,hma
c-sha2-512-etm@openssh.com,hmac-ripe...tm@openssh.com,hmac-sha1-96-etm@opens
sh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-1
28@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh
.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,um
ac-64-etm@openssh.com,umac-128-etm@o...tm@openssh.com,hma
c-sha2-512-etm@openssh.com,hmac-ripe...tm@openssh.com,hmac-sha1-96-etm@opens
sh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-1
28@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh
.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-gro
up1-sha1,diffie-hellman-group14-sha1
debug2: kex_parse_kexinit: ssh-rsa
debug2: kex_parse_kexinit: blowfish-cbc,twofish256-cbc,twofish192-cbc,twofish128
-cbc,aes256-cbc,aes192-cbc,aes128-cbc,serpent256-cbc,serpent192-cbc,serpent128-c
bc,idea-cbc,cast128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,blowfish-ctr,twofish128
-ctr,twofish192-ctr,twofish256-ctr,serpent128-ctr,serpent192-ctr,serpent256-ctr,
idea-ctr,cast128-ctr
debug2: kex_parse_kexinit: blowfish-cbc,twofish256-cbc,twofish192-cbc,twofish128
-cbc,aes256-cbc,aes192-cbc,aes128-cbc,serpent256-cbc,serpent192-cbc,serpent128-c
bc,idea-cbc,cast128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,blowfish-ctr,twofish128
-ctr,twofish192-ctr,twofish256-ctr,serpent128-ctr,serpent192-ctr,serpent256-ctr,
idea-ctr,cast128-ctr
debug2: kex_parse_kexinit: hmac-sha1,hmac-ripemd160,hmac-ripemd,hmac-ripemd160@o
penssh.com,hmac-sha256@ssh.com,umac-32@openssh.com,umac-64@openssh.com,umac-96@o
penssh.com,umac-128@openssh.com
debug2: kex_parse_kexinit: hmac-sha1,hmac-ripemd160,hmac-ripemd,hmac-ripemd160@o
penssh.com,hmac-sha256@ssh.com,umac-32@openssh.com,umac-64@openssh.com,umac-96@o
penssh.com,umac-128@openssh.com
debug2: kex_parse_kexinit: none,zlib,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: setup hmac-sha1
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug2: mac_setup: setup hmac-sha1
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: kex: diffie-hellman-group-exchange-sha1 need=20 dh_need=20
debug1: kex: diffie-hellman-group-exchange-sha1 need=20 dh_need=20
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<7680<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
Received disconnect from 216.220.60.44: 6: Invalid packet
Couldn't read packet: Connection reset by peer
[root@kestrel tmp]#

---------- Post updated at 12:50 PM ---------- Previous update was at 12:47 PM ----------

This is .ssh dir
Code:
[root@kestrel .ssh]# pwd
/root/.ssh
You have new mail in /var/spool/mail/root
[root@kestrel .ssh]# ls -ltr
total 24
-rw-------  1 root root  406 Mar  3  2017 authorized_keys
-rw-r--r--  1 root root  410 Jun 21 11:37 user_name.pub
-rw-------  1 root root 1679 Jun 21 11:37 user_name
-rwx------  1 root root 1679 Jun 21 13:53 id_rsa
-rwx------  1 root root  410 Jun 21 13:54 id_rsa.pub
-rw-r--r--. 1 root root 1773 Jun 21 14:33 known_hosts

---------- Post updated at 12:59 PM ---------- Previous update was at 12:50 PM ----------

Customer thinks it may be an old or weaker cipher algorithms being used at our end. Is there a way to check if that is the cause of the problem?

Thank you

Last edited by vbe; 06-22-2018 at 04:10 PM.. Reason: code tags
# 2  
You must first have placed your ssh key ( from kestrel /root/.ssh directory )into the remote directory, the .ssh directory in the login directory tree for the remote user. The .ssh directory there has to have correct permissions. Your local .ssh looks fine. Inside. Verify that the correct permissions are set on the directory /root/.ssh

I cannot tell if those are set up correctly. Please verify. It is usually the cause of this kind of problem.
# 3  
Quote:
Originally Posted by jim mcnamara
Your local .ssh looks fine. Inside. Verify that the correct permissions are set on the directory /root/.ssh
Sorry, but it doesn't look fine at all: id_rsa holds the private key and this file should be 600 at most. Most modern ssh-versions react quite uncool when they encounter excessive filemodes. The x-flag should also be removed from id_rsa.pub (it won't execute anyway, no?).

I hope this helps.

bakunin
# 4  
@Billy5

Configure your sshd_config with below Ciphers. Make sure to comment existing Chiphers line and append with below one.

If your SSHD configuration not having any Chiphers line Just add the below to your sshd configuration.

Code:
# vi /etc/ssh/ssh_config

Code:
Ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com

Code:
# sudo systemctl reload sshd

Let us know how it went through.

Thanks & Regards,
Bobin Lonston
Login or Register to Reply

|
Thread Tools Search this Thread
Search this Thread:
Advanced Search

More UNIX and Linux Forum Topics You Might Find Helpful
why doesnt it work?
The undertaker
I am trying to print out two fields in a file using awk. So, I have got awk -F '\t' 'NF = 2 {print $1 $2 "]"}' two.txt in a script called what.awk When i run this version like this - ./what.awk then it runs however I want to run the program like this awk -f what.awk two.txt. When I...... UNIX for Dummies Questions & Answers
8
UNIX for Dummies Questions & Answers
Vi doesnt work
muzahed
Hi Guys, I have a strange problem.( AIX 6.1) "vi" is not working at all..Whenever i #vi <anythin> ,, it returns the prompt back. Any clues folks??... AIX
14
AIX
cp doesnt work - Help
rudi.okelly
When trying to copy a file in Solaris 8 it doesnt copy file or give a error. This worked 100% until the 29th. I've checked the rights and everything seems fine: drwxrwxrwx 2 bmuser bmgroup 11776 Jan 3 10:32 spool This is the file I want to copy: -rwxrwxrwx 1 bmuser bmgroup ...... UNIX for Dummies Questions & Answers
26
UNIX for Dummies Questions & Answers
ls command doesnt work
shawnbishop
Good Day I mistakely renamed the dld.sl file in the /usr/lib directory. When i try to ls/ftp into the box i get this error :eek: crt0: ERROR couldn't open /usr/lib/dld.sl errno:000000002 I have tried to rename it back from the renamed file to the original file name, but it gives me the...... HP-UX
2
HP-UX
cd.. doesnt work
rintingtong
hi when i want to go to previous directory by typing cd.. i get the following message $ cd.. ksh: cd..: not found Please help rintingtong... UNIX for Dummies Questions & Answers
2
UNIX for Dummies Questions & Answers

Featured Tech Videos