Login or Register to Ask a Question and Join Our Community


UNIX for Beginners Questions & Answers

Sftp does not work for particular user

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums UNIX for Beginners Questions & Answers Sftp does not work for particular user
# 1  
Old 04-18-2019
Sftp does not work for particular user
Hi,

Sftp does not work for user "infra" but ssh works fine. SFTP also works for remaining users. SFTP verbose log is attached here. Please check and recommended.

With Best Regards,
Md. Abdullah-Al Kauser

Code:
OID @vm-oid.banglalinkgsm.com:/u02/infra/product/104/orcl$sftp -vvv infra@172.16.10.179
Connecting to 172.16.10.179...
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 172.16.10.179 [172.16.10.179] port 22.
debug1: Connection established.
debug1: identity file /home/infra/.ssh/id_rsa type -1
debug1: identity file /home/infra/.ssh/id_dsa type -1
debug1: loaded 2 keys
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 139/256
debug2: bits set: 531/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /home/infra/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 2
debug1: Host '172.16.10.179' is known and matches the RSA host key.
debug1: Found key in /home/infra/.ssh/known_hosts:2
debug2: bits set: 522/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/infra/.ssh/id_rsa ((nil))
debug2: key: /home/infra/.ssh/id_dsa ((nil))
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-with-mic,password
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug3: Trying to reverse map address 172.16.10.179.
debug1: Unspecified GSS failure.  Minor code may provide more information
Unknown code krb5 195

debug1: Unspecified GSS failure.  Minor code may provide more information
Unknown code krb5 195

debug1: Unspecified GSS failure.  Minor code may provide more information
Unknown code krb5 195

debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/infra/.ssh/id_rsa
debug3: no such identity: /home/infra/.ssh/id_rsa
debug1: Trying private key: /home/infra/.ssh/id_dsa
debug3: no such identity: /home/infra/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
infra@172.16.10.179's password:
debug3: packet_send2: adding 64 (len 55 padlen 9 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentication succeeded (password).
debug2: fd 4 setting O_NONBLOCK
debug3: fd 5 is O_NONBLOCK
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Entering interactive session.
debug2: callback start
debug2: client_session2_setup: id 0
debug1: Sending environment.
debug3: Ignored env HOSTNAME
debug3: Ignored env SHELL
debug3: Ignored env TERM
debug3: Ignored env HISTSIZE
debug3: Ignored env TMPDIR
debug3: Ignored env KDE_NO_IPV6
debug3: Ignored env QTDIR
debug3: Ignored env OLDPWD
debug3: Ignored env QTINC
debug3: Ignored env USER
debug3: Ignored env LD_LIBRARY_PATH
debug3: Ignored env LS_COLORS
debug3: Ignored env ORACLE_SID
debug3: Ignored env ORACLE_BASE
debug3: Ignored env KDEDIR
debug3: Ignored env MAIL
debug3: Ignored env PATH
debug3: Ignored env INPUTRC
debug3: Ignored env PWD
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug3: Ignored env KDE_IS_PRELINKED
debug3: Ignored env ORACLE_TERM
debug3: Ignored env PS1
debug3: Ignored env SSH_ASKPASS
debug3: Ignored env SHLVL
debug3: Ignored env HOME
debug3: Ignored env TMP
debug3: Ignored env LOGNAME
debug3: Ignored env QTLIB
debug3: Ignored env CVS_RSH
debug3: Ignored env CLASSPATH
debug3: Ignored env LESSOPEN
debug3: Ignored env ORACLE_HOME
debug3: Ignored env G_BROKEN_FILENAMES
debug3: Ignored env HISTFILE
debug3: Ignored env _
debug1: Sending subsystem: sftp
debug2: channel 0: request subsystem confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel 0: rcvd adjust 2097152
Received message too long 1313808468
debug2: channel 0: read<=0 rfd 4 len -1
debug2: channel 0: read failed
debug2: channel 0: close_read
debug2: channel 0: input open -> drain
debug2: channel 0: ibuf empty
debug2: channel 0: send eof
debug2: channel 0: input drain -> closed
OID @vm-oid.banglalinkgsm.com:/u02/infra/product/104/orcl$debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug2: channel 0: rcvd close
debug3: channel 0: will not send data after close
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
  #0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cfd -1)

debug3: channel 0: close_fds r -1 w -1 e 6 c -1
debug1: fd 0 clearing O_NONBLOCK
debug3: fd 1 is not O_NONBLOCK
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.1 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 0

# 2  
Old 04-18-2019
This appears to be an error related to public-private key pair configuration issues.

One suggestion we see often in forum and blog when this happens is to clear out (or move to a temp location) all your key pairs on both server and client, rebuild and reinstall.
# 3  
Old 04-18-2019
Hi Neo,

But ssh works fine for this user....so i think it is not a keypair issue. Please suggest.
# 4  
Old 04-18-2019
But you can easily login when you use a regular password and not password-less, right?
# 5  
Old 04-18-2019
Also, do you remember how you created your ssh key-pairs?

Many people create these key pairs and bind the keys to the ports; and ssh and sftp ports are not the same.


Also, did you try scp? Does scp work OK?
# 6  
Old 04-18-2019
Your connection on the ssh port seems fine:

Quote:
Originally Posted by makauser
...

debug1: Connecting to 172.16.10.179 [172.16.10.179] port 22.
debug1: Connection established.

And, despite unaccepted authentication attempts, like



Quote:
debug1: Unspecified GSS failure. Minor code may provide more information
Unknown code krb5 195
( you might want to check your kerberos setup)


and
Quote:
debug3: authmethod_lookup publickey
...
debug1: Trying private key: /home/infra/.ssh/id_rsa
debug3: no such identity: /home/infra/.ssh/id_rsa
debug1: Trying private key: /home/infra/.ssh/id_dsa
debug3: no such identity: /home/infra/.ssh/id_dsa
debug2: we did not send a packet, disable method

you finally seem to log in successfully after entering a password (did you enter a password?):
Quote:
debug1: Next authentication method: password
infra@172.16.10.179's password:
...
debug1: Authentication succeeded (password).

This might be the culprit
Quote:
Received message too long 1313808468
as after that the session close seems to start. Do you have a similar debug log for the successful ssh connections? Do you supply a password there as well?
This User Gave Thanks to RudiC For This Post:
Neo
# 7  
Old 04-18-2019
Regarding this ...

Quote:
Received message too long 1313808468
Look here...

OpenSSH FAQ 2.9

To put it simply, .bashrc and .bash_profile etc have to be silent or they interfere with the sftp / scp connection protocol.

(1. result in google).
These 3 Users Gave Thanks to stomp For This Post:
Neo rbatte1 RudiC
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Red Hat

Beginner : sftp doesnt work

Hello, I really appreciate any help on this. Have to connect to external server via sftp. Our server is Linux machine Linux our.server.com 3.10.0-514.26.2.el7.x86_64 #1 SMP Tue Jul 4 15:04:05 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux I generated the keys, put them in /root/.ssh, sent... (3 Replies)
Discussion started by: billy5
3 Replies

2. Shell Programming and Scripting

Passwordless sftp using a different user than the runtime user

I am running a shell script as user A. In that script I need to execute a sftp that would transfer the file using another user B. I am using the below command: sftp -oPort22 B@remote server However, I am getting password prompts each time. I have done the following: Added the public... (4 Replies)
Discussion started by: mady135
4 Replies

3. Red Hat

No shell access to sftp user

I have created two users on our ftp server. They will use sftp to connect this server. But I do not want them to give direct ssh access. If I give /bin/false shell, sftp will not work. If I give /bin/nologin, it fails with below messages # sftp trdeo@bd01.xxx.com Connecting to bd01.xxx.com...... (6 Replies)
Discussion started by: solaris_1977
6 Replies

4. UNIX for Advanced & Expert Users

Sftp user chrooted in a directory

Hello, I have a task to create 3 users that must connect only via sftp on a machine, and must have only read access to a certain directory (thay shouldn;t be able to cd anywhere else) The problem is that the directory where these users must have access to, it's already created/owned by another... (0 Replies)
Discussion started by: black_fender
0 Replies

5. Shell Programming and Scripting

SFTP with domain user

Hello Guys, I need help on SFTP from Solaris to Windows. I am doing SFTP from Solaris to Windows and its working fine with COPSSH installed on windows. But when I want to login to windows (remote) with Domain user of windows network, I have no idea how to do it. Can you please help... (1 Reply)
Discussion started by: Deei
1 Replies

6. AIX

restricting sftp and ssh for a user

I want to know if there is any way to set up a users home directory access with a restricted shell and allow them to SFTP to the directory. I want to allow the user to SSH into their home directory but no where else on the AIX server. I also want the user to be able to SFTP files to their home... (1 Reply)
Discussion started by: daveisme
1 Replies

7. Shell Programming and Scripting

SFTP using user id and password

Hi, I am using below syntax - sftp -b passwordfile userid@ipaddress passwordfile is a file, in which I have just kept a password of userid. But by this, an error is coming like - Permission denied (publickey,password,keyboard-interactive). Please suggest me on this..as I dont... (6 Replies)
Discussion started by: Monalisa
6 Replies

8. UNIX for Dummies Questions & Answers

FTP or SFTP User

Hello there, is there any command in Unix to check that following ftp user is ftp or sftp user. Thanks. (1 Reply)
Discussion started by: ahhmedbilal
1 Replies

9. UNIX for Advanced & Expert Users

will sftp work with /bin/false

helo helo I have create user for the group and entry for the user in /etc/passwd file is liek this bhavin:x:2014:109:test:/home/pds_RBAC:/bin/false I have keep here /bin/false now i m accesing user through sftp ow when i access that user using sftp from the another linux pc for e.g... (1 Reply)
Discussion started by: amitpansuria
1 Replies

10. UNIX for Advanced & Expert Users

How to restrict user to sftp usage?

Hi everyone! I have a problem... I need to restrict user to sftp usage only from one computer to another... I mean that the user cannot login to the computer or even use sftp from other computer only from the one i allow. thanx for the help! (13 Replies)
Discussion started by: eliraza6
13 Replies
Login or Register to Ask a Question