System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Sftp does not list directory ONLY from a particular client

SOLVED
Go to solution
tsunix-pdm-1
Advisor

Sftp does not list directory ONLY from a particular client

Hello,

 

I can sftp to system, get directory listing and upload/download files. But from  a particular machine to the sftp server, I can log in with sftp (same user ) but I can't retrieve the contents of a directory; eventually I get a timeout. Firewall people assure nothing is blocking connections. I tried to raise debug level of ftp-server, but I see nothing relevant.

 

Any idea on why directory listing is not working?

 

Best Regards,

6 REPLIES
Matti_Kurkela
Honored Contributor

Re: Sftp does not list directory ONLY from a particular client

Do you mean SFTP, the file transfer extension of the SSH protocol?

Although the user interface may be similar to FTP, the protocol itself has nothing at all to do with the plain old FTP.  To get more information, you should focus on the logging settings of the sshd daemon.

 

Or do you mean SSL/TLS-protected version of FTP, known as FTPS? Which client and server softwares are you using?

MK
tsunix-pdm-1
Advisor

Re: Sftp does not list directory ONLY from a particular client

Hi,

 

I mean sftp, ssh-based. It does not have to do wit sshd_config, because from other clients the directoy listing works fine. The problem its only from a particular client. I tried with putty-sftp and winscp.

 

Best Regards,

Matti_Kurkela
Honored Contributor

Re: Sftp does not list directory ONLY from a particular client

You said you raised the debug level of the FTP server. Raising the debug level of the FTP server does not help with SFTP, because FTP server does not handle SFTP connections at all.

 

If you want more information on SFTP connections at the server end, you must raise the log level of the SFTP server.

 

The way to increase SFTP logging is to add the '-l' (loglevel) option to the subsystem declaration (see "man sftp-server"):

Subsystem sftp /opt/ssh/bin/sftp-server -l VERBOSE

 

It works the same way with internal-sftp too:

Subsystem sftp internal-sftp -l VERBOSE

Remember to restart sshd after modifying sshd_config.

 

You should also check your /etc/syslog.conf: with the default configuration, HP-UX syslogd discards informational and debug-level log messages.

 

It is possible to add client-specific settings to sshd_config file: if your sshd_config includes a Match block that matches the IP address of the client that is having the problem, the settings within the Match block might be causing the directory listing to fail for that client.

 

Does your SFTP connection go through a SSH proxy? You can easily check it: when you connect with putty-sftp using the verbose option (-v), it displays the host key fingerprint like this:

Host key fingerprint is:
ssh-rsa 2048 84:fe:1d:4b:0f:fe:2f:6a:d9:9e:3b:81:cc:05:3d:f5

 On the SFTP server, you should verify the fingerprint with:

ssh-keygen -l -f /opt/ssh/etc/ssh_host_rsa_key.pub
2048 84:fe:1d:4b:0f:fe:2f:6a:d9:9e:3b:81:cc:05:3d:f5 /opt/ssh/etc/ssh_host_rsa_key.pub (RSA)

(replace "rsa" with "dsa" if putty-sftp output indicated that a DSA key was used instead of RSA)

 

If the result has a different hex string, the connection is definitely going through a proxy which can log your sessions, restrict available commands or even modify the data transferred over the connection. (I've seen such a proxy system in an environment where it was a requirement that all access must be logged.) A configuration error or other problem in such a proxy might cause the directory listing to fail for a specific client only.

MK
tsunix-pdm-1
Advisor

Re: Sftp does not list directory ONLY from a particular client

First of all, thank you for your time and help. What I raised was the debug level of sftp-server, uncommenting these three lines in sshd_config (Is what I see in "man sftp-server"):

 

LogSftp yes
SftpLogFacility AUTH
SftpLogLevel DEBUG3

I have checked the fingerprint and it is the same I see when connecting from client to server through sftp. I am wondering if the culprit could be some kind of buffer that prevents the "ls" from working from only one particular client. I don't know what to think.

 

Best Regards,

tsunix-pdm-1
Advisor

Re: Sftp does not list directory ONLY from a particular client

Hi,

 

I've seen SFTP listing directory works if the directory has few archives. When it has more than 8-9 files, it does not work and I get a timeout. And it is only happening from a Windows client; from other windows or HP-UX SFTP clients, it is working as expected....

 

Best Regards,

tsunix-pdm-1
Advisor
Solution

Re: Sftp does not list directory ONLY from a particular client

Problem solved. Firewall was blocking some icmp packets between the two systems.