unable to sftp - SSH

This is a discussion on unable to sftp - SSH ; Hi I have installed the following Oopen ssh packages openssh-4.5p1.tar.gz zlib-1.2.3-sol9-sparc-local.gz tcp_wrappers-7.6-sol9-sparc-local.gz egd-0.8-sol9-sparc-local.gz openssl-0.9.8d-sol9-sparc-local.gz prngd-0.9.25-sol9-sparc-local.gz perl-5.8.7-sol9-sparc-local.gz lsof-4.77-sol9-sparc-local.gz create user and /var/empty # mkdir /var/empty # chown root:sys /var/empty # chmod 755 /var/empty # groupadd sshd # useradd -g sshd -c ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: unable to sftp

  1. unable to sftp

    Hi I have installed the following Oopen ssh packages

    openssh-4.5p1.tar.gz
    zlib-1.2.3-sol9-sparc-local.gz
    tcp_wrappers-7.6-sol9-sparc-local.gz
    egd-0.8-sol9-sparc-local.gz
    openssl-0.9.8d-sol9-sparc-local.gz
    prngd-0.9.25-sol9-sparc-local.gz
    perl-5.8.7-sol9-sparc-local.gz
    lsof-4.77-sol9-sparc-local.gz


    create user and /var/empty
    # mkdir /var/empty
    # chown root:sys /var/empty
    # chmod 755 /var/empty
    # groupadd sshd
    # useradd -g sshd -c 'sshd privsep' -d /var/empty -s /bin/false sshd


    # grep Subsystem /etc/ssh/sshd_config
    Subsystem sftp /usr/lib/ssh/sftp-server


    ran:
    ssh-keygen -t rsa1 -f /usr/local/etc/ssh_host_key -N ""
    ssh-keygen -t dsa -f /usr/local/etc/ssh_host_dsa_key -N ""
    ssh-keygen -t rsa -f /usr/local/etc/ssh_host_rsa_key -N ""


    which ssh
    /usr/bin/ssh
    ssh -V
    Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090700f


    restart sshd
    # /etc/init.d/sshd stop
    # /etc/init.d/sshd start


    I restarted the machine. Now when I do
    sftp -v sshd@servername, I get


    # sftp -v sshd@server
    Connecting to server...
    Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090700f
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Rhosts Authentication disabled, originating port will not be
    trusted.
    debug1: ssh_connect: needpriv 0
    debug1: Connecting to server [192.168.23.62] port 22.
    debug1: Connection established.
    debug1: identity file /.ssh/id_rsa type -1
    debug1: identity file /.ssh/id_dsa type -1
    debug1: Remote protocol version 2.0, remote software version
    Sun_SSH_1.1
    debug1: no match: Sun_SSH_1.1
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-Sun_SSH_1.1
    debug1: Failed to acquire GSS-API credentials for any mechanisms (No
    credentials were supplied, or the credentials were unavailable or
    inaccessible
    mech_dh: Invalid or unknown error
    )
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-ctr hmac-md5 none
    debug1: kex: client->server aes128-ctr hmac-md5 none
    debug1: Peer sent proposed langtags, ctos: en-AU,en-NZ,i-default,en
    debug1: Peer sent proposed langtags, stoc: en-AU,en-NZ,i-default,en
    debug1: We proposed langtags, ctos: en-AU
    debug1: We proposed langtags, stoc: en-AU
    debug1: Negotiated lang: en-AU
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: Remote: Negotiated main locale: en_AU
    debug1: Remote: Negotiated messages locale: en_AU
    debug1: dh_gen_key: priv key bits set: 132/256
    debug1: bits set: 1615/3191
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    The authenticity of host 'server (192.168.23.62)' can't be established.

    RSA key fingerprint is 90:f3:3b:00:14:e4:c3:66:b1:38:8e:5a:fa:1e:ca:4d.

    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added 'server,192.168.23.62' (RSA) to the list of
    known hosts.
    debug1: bits set: 1599/3191
    debug1: ssh_rsa_verify: signature correct
    debug1: newkeys: mode 1
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: newkeys: mode 0
    debug1: SSH2_MSG_NEWKEYS received
    debug1: done: ssh_kex2.
    debug1: send SSH2_MSG_SERVICE_REQUEST
    debug1: got SSH2_MSG_SERVICE_ACCEPT
    debug1: Authentications that can continue:
    gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
    debug1: Next authentication method: gssapi-keyex
    debug1: Next authentication method: gssapi-with-mic
    debug1: Failed to acquire GSS-API credentials for any mechanisms (No
    credentials were supplied, or the credentials were unavailable or
    inaccessible
    mech_dh: Invalid or unknown error
    )
    debug1: Next authentication method: publickey
    debug1: Trying private key: /.ssh/id_rsa
    debug1: Trying private key: /.ssh/id_dsa
    debug1: Next authentication method: keyboard-interactive
    Password:
    debug1: Authentication succeeded (keyboard-interactive)
    debug1: fd 5 setting O_NONBLOCK
    debug1: channel 0: new [client-session]
    debug1: send channel open 0
    debug1: Entering interactive session.
    debug1: ssh_session2_setup: id 0
    debug1: channel request 0: env
    debug1: channel request 0: env
    debug1: channel request 0: env
    debug1: channel request 0: env
    debug1: channel request 0: env
    debug1: channel request 0: env
    debug1: Sending subsystem: sftp
    debug1: channel request 0: subsystem
    debug1: channel 0: open confirm rwindow 0 rmax 32768
    debug1: Remote: Channel 0 set: LC_CTYPE=en_AU.ISO8859-1
    debug1: Remote: Channel 0 set: LC_COLLATE=en_AU.ISO8859-1
    debug1: Remote: Channel 0 set: LC_TIME=en_AU.ISO8859-1
    debug1: Remote: Channel 0 set: LC_NUMERIC=en_AU.ISO8859-1
    debug1: Remote: Channel 0 set: LC_MONETARY=en_AU.ISO8859-1
    debug1: Remote: Channel 0 set: LC_MESSAGES=C
    debug1: channel 0: rcvd eof
    debug1: channel 0: output open -> drain
    debug1: channel 0: obuf empty
    debug1: channel 0: close_write
    debug1: channel 0: output drain -> closed
    debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
    debug1: channel 0: rcvd close
    debug1: channel 0: close_read
    debug1: channel 0: input open -> closed
    debug1: channel 0: almost dead
    debug1: channel 0: gc: notify user
    debug1: channel 0: gc: user detached
    debug1: channel 0: send close
    debug1: channel 0: is dead
    debug1: channel 0: garbage collecting
    debug1: channel_free: channel 0: client-session, nchannels 1
    debug1: fd 0 clearing O_NONBLOCK
    debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.1 seconds
    debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
    debug1: Exit status 255
    Connection closed


    cat /etc/ssh/ssh_config
    Host *
    ForwardAgent no
    ForwardX11 no
    RhostsAuthentication no
    RhostsRSAAuthentication yes
    RSAAuthentication yes
    PasswordAuthentication yes
    FallBackToRsh no
    UseRsh no
    BatchMode no
    CheckHostIP yes
    StrictHostKeyChecking no
    IdentityFile ~/.ssh/identity
    IdentityFile ~/.ssh/id_dsa
    IdentityFile ~/.ssh/id_rsa1
    IdentityFile ~/.ssh/id_rsa2
    Port 22
    Protocol 2,1
    Cipher blowfish
    EscapeChar ~


    Can anyone please help. Thanks


  2. Re: unable to sftp


    Check that sshd_config has a "subsystem" line that points to a copy of sftp-server.

    --
    Richard Silverman
    res@qoxp.net


  3. Re: unable to sftp

    Richard,
    Here is the confirmation about sub system in /etc/ssh/sshd_config

    # sftp subsystem
    Subsystem sftp /usr/lib/ssh/sftp-server

    #l s -l /usr/lib/ssh/sftp-server
    -r-xr-xr-x 1 root bin 97272 Feb 7 2006
    /usr/lib/ssh/sftp-server

    I have restarted the server and sshd but no luck.


  4. Re: unable to sftp

    On Tue, 16 Jan 2007 13:24:34 -0800, donkarnash wrote:

    > Richard,
    > Here is the confirmation about sub system in /etc/ssh/sshd_config
    >
    > # sftp subsystem
    > Subsystem sftp /usr/lib/ssh/sftp-server
    >
    > #l s -l /usr/lib/ssh/sftp-server
    > -r-xr-xr-x 1 root bin 97272 Feb 7 2006
    > /usr/lib/ssh/sftp-server
    >
    > I have restarted the server and sshd but no luck.


    There is a couple of things I don't 'get' about your post. You say you
    installed openssh but the log you show is from Sun's ssh. Are you running
    the correct daemon? Perhaps you should have run /etc/init.d/openssh start.
    If that isn't the issue then one other thing is that you say you ran the
    command
    sftp -v sshd@server
    but you surely shouldn't be connecting as sshd which is a restricted
    account used only to run the sshd daemon. Any attempts to connect to this
    account will surely fail since it doesn't have a valid shell.

    JohnK

  5. Re: unable to sftp

    Hi John,

    your answer makes sense. I have create sshd with the following command.

    useradd -g sshd -c 'sshd privsep' -d /var/empty -s /bin/false sshd

    can you suggest me if I need to grant a valid shell to sshd ???

    Please let me know. Another thing, I do not have openssh in
    /etc/init.d.

    I just have sshd.



    JohnK wrote:
    > On Tue, 16 Jan 2007 13:24:34 -0800, donkarnash wrote:
    >
    > > Richard,
    > > Here is the confirmation about sub system in /etc/ssh/sshd_config
    > >
    > > # sftp subsystem
    > > Subsystem sftp /usr/lib/ssh/sftp-server
    > >
    > > #l s -l /usr/lib/ssh/sftp-server
    > > -r-xr-xr-x 1 root bin 97272 Feb 7 2006
    > > /usr/lib/ssh/sftp-server
    > >
    > > I have restarted the server and sshd but no luck.

    >
    > There is a couple of things I don't 'get' about your post. You say you
    > installed openssh but the log you show is from Sun's ssh. Are you running
    > the correct daemon? Perhaps you should have run /etc/init.d/openssh start.
    > If that isn't the issue then one other thing is that you say you ran the
    > command
    > sftp -v sshd@server
    > but you surely shouldn't be connecting as sshd which is a restricted
    > account used only to run the sshd daemon. Any attempts to connect to this
    > account will surely fail since it doesn't have a valid shell.
    >
    > JohnK



  6. Re: unable to sftp

    On Tue, 16 Jan 2007 14:32:47 -0800, donkarnash wrote:

    > Hi John,
    >
    > your answer makes sense. I have create sshd with the following command.
    >
    > useradd -g sshd -c 'sshd privsep' -d /var/empty -s /bin/false sshd
    >
    > can you suggest me if I need to grant a valid shell to sshd ???
    >
    > Please let me know. Another thing, I do not have openssh in /etc/init.d.
    >
    > I just have sshd.


    Hi 'donk'

    No, don't use the sshd account. It shouldn't be used for anything except
    running the ssh daemon. Try connecting to another account like your own
    or a specially created one with the home directory placed where you want
    to transfer files to.
    I would *guess* that the openssh excutables have been installed in
    /usr/local/bin and /usr/local/sbin. Look for the sshd executable in
    /usr/local/sbin. You will have to find or write a script to put in
    /etc/init.d. Look at the Sun /etc/init.d/sshd script. Perhaps you can
    copy and amend that one to run openssh.

    In the interim you could run
    /etc/init.d/sshd stop
    to close the Sun one and run
    /usr/local/sbin/sshd
    to start the openssh one. This will run in the background. Note that you
    really should put in an /etc/init.d/openssh script to start the daemon so
    that it survives after a reboot.

    Regards

    JohnK

+ Reply to Thread