Beginner : sftp doesnt work

Login or Register to Reply

 
Thread Tools Search this Thread
# 1  
Old 06-22-2018
Beginner : sftp doesnt work

Hello,
I really appreciate any help on this.
Have to connect to external server via sftp. Our server is Linux machine

Linux our.server.com 3.10.0-514.26.2.el7.x86_64 #1 SMP Tue Jul 4 15:04:05
UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

I generated the keys, put them in /root/.ssh, sent public one to the customer.

Well something doesn't work. Here is how it looks like
Code:
[root@kestrel tmp]# sftp -vvv user_name@xxxx.yyyyyy.ca
OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to xxxx.yyyyyy.ca [216.220.60.44] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug3: Incorrect RSA1 identifier
debug3: Could not load "/root/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version SilverSHielD
debug1: no match: SilverSHielD
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "xxxx.yyyyyy.ca" from file "/roo
t/.ssh/known_hosts"
debug3: load_hostkeys: loaded 0 keys
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-
sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hel
lman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-n
istp384-cert-v01@openssh.com,ecdsa-s...01@openssh.com,ssh-ed2551
9-cert-v01@openssh.com,ssh-rsa-cert-...01@openssh.com
,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,e
cdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour12
8,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,ae
s128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndae
l-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour12
8,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,ae
s128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndae
l-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,um
ac-64-etm@openssh.com,umac-128-etm@o...tm@openssh.com,hma
c-sha2-512-etm@openssh.com,hmac-ripe...tm@openssh.com,hmac-sha1-96-etm@opens
sh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-1
28@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh
.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,um
ac-64-etm@openssh.com,umac-128-etm@o...tm@openssh.com,hma
c-sha2-512-etm@openssh.com,hmac-ripe...tm@openssh.com,hmac-sha1-96-etm@opens
sh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-1
28@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh
.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-gro
up1-sha1,diffie-hellman-group14-sha1
debug2: kex_parse_kexinit: ssh-rsa
debug2: kex_parse_kexinit: blowfish-cbc,twofish256-cbc,twofish192-cbc,twofish128
-cbc,aes256-cbc,aes192-cbc,aes128-cbc,serpent256-cbc,serpent192-cbc,serpent128-c
bc,idea-cbc,cast128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,blowfish-ctr,twofish128
-ctr,twofish192-ctr,twofish256-ctr,serpent128-ctr,serpent192-ctr,serpent256-ctr,
idea-ctr,cast128-ctr
debug2: kex_parse_kexinit: blowfish-cbc,twofish256-cbc,twofish192-cbc,twofish128
-cbc,aes256-cbc,aes192-cbc,aes128-cbc,serpent256-cbc,serpent192-cbc,serpent128-c
bc,idea-cbc,cast128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,blowfish-ctr,twofish128
-ctr,twofish192-ctr,twofish256-ctr,serpent128-ctr,serpent192-ctr,serpent256-ctr,
idea-ctr,cast128-ctr
debug2: kex_parse_kexinit: hmac-sha1,hmac-ripemd160,hmac-ripemd,hmac-ripemd160@o
penssh.com,hmac-sha256@ssh.com,umac-32@openssh.com,umac-64@openssh.com,umac-96@o
penssh.com,umac-128@openssh.com
debug2: kex_parse_kexinit: hmac-sha1,hmac-ripemd160,hmac-ripemd,hmac-ripemd160@o
penssh.com,hmac-sha256@ssh.com,umac-32@openssh.com,umac-64@openssh.com,umac-96@o
penssh.com,umac-128@openssh.com
debug2: kex_parse_kexinit: none,zlib,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: setup hmac-sha1
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug2: mac_setup: setup hmac-sha1
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: kex: diffie-hellman-group-exchange-sha1 need=20 dh_need=20
debug1: kex: diffie-hellman-group-exchange-sha1 need=20 dh_need=20
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<7680<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
Received disconnect from 216.220.60.44: 6: Invalid packet
Couldn't read packet: Connection reset by peer
[root@kestrel tmp]#

---------- Post updated at 12:50 PM ---------- Previous update was at 12:47 PM ----------

This is .ssh dir
Code:
[root@kestrel .ssh]# pwd
/root/.ssh
You have new mail in /var/spool/mail/root
[root@kestrel .ssh]# ls -ltr
total 24
-rw-------  1 root root  406 Mar  3  2017 authorized_keys
-rw-r--r--  1 root root  410 Jun 21 11:37 user_name.pub
-rw-------  1 root root 1679 Jun 21 11:37 user_name
-rwx------  1 root root 1679 Jun 21 13:53 id_rsa
-rwx------  1 root root  410 Jun 21 13:54 id_rsa.pub
-rw-r--r--. 1 root root 1773 Jun 21 14:33 known_hosts

---------- Post updated at 12:59 PM ---------- Previous update was at 12:50 PM ----------

Customer thinks it may be an old or weaker cipher algorithms being used at our end. Is there a way to check if that is the cause of the problem?

Thank you

Last edited by vbe; 06-22-2018 at 04:10 PM.. Reason: code tags
# 2  
Old 06-23-2018
You must first have placed your ssh key ( from kestrel /root/.ssh directory )into the remote directory, the .ssh directory in the login directory tree for the remote user. The .ssh directory there has to have correct permissions. Your local .ssh looks fine. Inside. Verify that the correct permissions are set on the directory /root/.ssh

I cannot tell if those are set up correctly. Please verify. It is usually the cause of this kind of problem.
# 3  
Old 06-23-2018
Quote:
Originally Posted by jim mcnamara
Your local .ssh looks fine. Inside. Verify that the correct permissions are set on the directory /root/.ssh
Sorry, but it doesn't look fine at all: id_rsa holds the private key and this file should be 600 at most. Most modern ssh-versions react quite uncool when they encounter excessive filemodes. The x-flag should also be removed from id_rsa.pub (it won't execute anyway, no?).

I hope this helps.

bakunin
# 4  
Old 07-09-2018
@Billy5

Configure your sshd_config with below Ciphers. Make sure to comment existing Chiphers line and append with below one.

If your SSHD configuration not having any Chiphers line Just add the below to your sshd configuration.

Code:
# vi /etc/ssh/ssh_config

Code:
Ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com

Code:
# sudo systemctl reload sshd

Let us know how it went through.

Thanks & Regards,
Bobin Lonston
Login or Register to Reply

|
Thread Tools Search this Thread
Search this Thread:
Advanced Search

More UNIX and Linux Forum Topics You Might Find Helpful
Why doesnt if inside a while loop work ? qwarentine Shell Programming and Scripting 3 01-15-2013 02:16 PM
why doesnt it work? The undertaker UNIX for Dummies Questions & Answers 8 12-03-2011 01:49 PM
Vi doesnt work muzahed AIX 14 09-26-2011 04:46 AM
compiler doesnt work gustave Shell Programming and Scripting 1 03-07-2010 03:50 PM
loop doesnt work sigh2010 Shell Programming and Scripting 5 07-24-2009 04:12 PM
Sed with sort doesnt work pinnacle Shell Programming and Scripting 2 05-20-2009 09:30 PM
Crontab file doesnt seem to work bsddaemon AIX 3 04-17-2009 10:01 AM
A script doesnt work properly when crontab digitalrg Shell Programming and Scripting 11 04-15-2009 03:04 PM
tar -xvf doesnt work lo-lp-kl AIX 2 05-19-2008 08:46 PM
ldapsearch doesnt work. shamik Red Hat 0 04-01-2008 02:27 AM
cp doesnt work - Help rudi.okelly UNIX for Dummies Questions & Answers 26 01-04-2007 08:53 AM
find command with exec doesnt work funtochat2002 Shell Programming and Scripting 6 07-26-2006 03:29 PM
ls command doesnt work shawnbishop HP-UX 2 09-01-2005 10:57 AM
cd.. doesnt work rintingtong UNIX for Dummies Questions & Answers 2 07-29-2004 03:30 PM
why doesnt my script work!!! Heedunk Shell Programming and Scripting 7 03-01-2004 05:03 AM