HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
cancel
Showing results for 
Search instead for 
Did you mean: 

problems configuring sftp

 
Goriik
Advisor

problems configuring sftp

Hi guys.

I do everything from instructions http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&taskId=115&prodSeriesId=3215373&prodTypeId=18964&objectID=c01516983

I make

[root @ server] # / opt / ssh / bin / sftp appuser @ server
Connecting to server ...
Password:
subsystem request failed on channel 0
Connection closed
[root @ server] # / opt / ssh / bin / sftp appuser @ server
Connecting to server ...
Password:
subsystem request failed on channel 0
Connection closed
[root @ server] # sftp-vvv appuser @ server
Connecting to server ...
OpenSSH_5.3p1 + sftpfilecontrol-v1.3-hpn13v5, OpenSSL 0.9.8h 28 May 2008
HP-UX Secure Shell-A.05.30.009, HP-UX Secure Shell version
debug1: Reading configuration data / opt / ssh / etc / ssh_config
debug3: RNG is ready, skipping seeding
debug2: ssh_connect: needpriv 0
debug1: Connecting to server [10.1.2.157] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0 / 3
debug1: identity file / .ssh / id_rsa type -1
debug1: identity file / .ssh / id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3p1 + sftpfilecontrol-v1.3-hpn13v5
debug1: match: OpenSSH_5.3p1 + sftpfilecontrol-v1.3-hpn13v5 pat OpenSSH *
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3p1 + sftpfilecontrol-v1.3-hpn13v5
debug2: fd 4 setting O_NONBLOCK
debug3: RNG is ready, skipping seeding
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 792 bytes for a total of 844
debug1: SSH2_MSG_KEXINIT received
debug1: AUTH STATE IS 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa, ssh-dss
debug2: kex_parse_kexinit: aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc @ lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc @ lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96
debug2: kex_parse_kexinit: none, zlib@openssh.com, zlib
debug2: kex_parse_kexinit: none, zlib@openssh.com, zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa, ssh-dss
debug2: kex_parse_kexinit: aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc @ lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc @ lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96
debug2: kex_parse_kexinit: none, zlib@openssh.com
debug2: kex_parse_kexinit: none, zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: REQUESTED ENC.NAME is 'aes128-ctr'
debug1: kex: server-> client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: REQUESTED ENC.NAME is 'aes128-ctr'
debug1: kex: client-> server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST (1024 <1024 <8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug3: Wrote 24 bytes for a total of 868
debug2: dh_gen_key: priv key bits set: 124/256
debug2: bits set: 512/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: Wrote 144 bytes for a total of 1012
debug3: check_host_in_hostfile: filename / .ssh / known_hosts
debug3: check_host_in_hostfile: match line 1
debug3: check_host_in_hostfile: filename / .ssh / known_hosts
debug3: check_host_in_hostfile: match line 2
debug1: Host 'server' is known and matches the RSA host key.
debug1: Found key in / .ssh / known_hosts: 1
debug2: bits set: 505/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: Wrote 16 bytes for a total of 1028
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug3: Wrote 48 bytes for a total of 1076
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: / .ssh / id_rsa (0)
debug2: key: / .ssh / id_dsa (0)
debug3: Wrote 64 bytes for a total of 1140
debug1: Authentications that can continue: publickey, password, keyboard-interactive
debug3: start over, passed a different list publickey, password, keyboard-interactive
debug3: preferred publickey, keyboard-interactive, password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive, password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: / .ssh / id_rsa
debug3: no such identity: / .ssh / id_rsa
debug1: Trying private key: / .ssh / id_dsa
debug3: no such identity: / .ssh / id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug3: Wrote 96 bytes for a total of 1236
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1


/ var / adm / syslog / syslog.log
Mar 15 17:27:13 server sshd [10347]: SSH: Server; Ltype: Version; Remote: 10.1.28.72-3785; Protocol: 2.0; Client: WinSCP_FAR_release_1.6.2
Mar 15 17:27:14 server sshd [10347]: Accepted keyboard-interactive/pam for root from 10.1.28.72 port 3785 ssh2
Mar 15 17:27:14 server sshd [10347]: subsystem request for sftp
Mar 15 17:27:14 server sshd [10347]: subsystem request for sftp failed, subsystem not found
Mar 15 17:27:14 server sshd [10347]: SSH: Server; LType: Throughput; Remote: 10.1.28.72-3785; IN: 644; OUT: 224; Duration: 0.0; tPut_in: 36722.1; tPut_out: 12772.9
Mar 15 17:27:16 server sshd [10350]: SSH: Server; Ltype: Version; Remote: 10.1.28.72-3786; Protocol: 2.0; Client: WinSCP_FAR_release_1.6.2
Mar 15 17:27:16 server sshd [10350]: Accepted keyboard-interactive/pam for root from 10.1.28.72 port 3786 ssh2
Mar 15 17:27:16 server sshd [10350]: subsystem request for sftp
Mar 15 17:27:16 server sshd [10350]: subsystem request for sftp failed, subsystem not found
Mar 15 17:27:16 server sshd [10350]: SSH: Server; LType: Throughput; Remote: 10.1.28.72-3786; IN: 580; OUT: 308; Duration: 0.0; tPut_in: 30712.0; tPut_out: 16309.1
Mar 15 17:27:24 server sshd [9233]: SSH: Server; LType: Throughput; Remote: 10.1.28.72-3647; IN: 19568; OUT: 5472; Duration: 2421.6; tPut_in: 8.1; tPut_out: 2.3
Mar 15 17:27:26 server sshd [10353]: SSH: Server; Ltype: Version; Remote: 10.1.28.72-3787; Protocol: 2.0; Client: SecureCRT_6.2.2 (build 263) SecureCRT
Mar 15 17:27:29 server sshd [10353]: Accepted password for root from 10.1.28.72 port 3787 ssh2
Mar 15 17:27:29 server sshd [10353]: SSH: Server; LType: Throughput; Remote: 10.1.28.72-3787; IN: 592; OUT: 320; Duration: 0.1; tPut_in: 9738.7; tPut_out: 5264.2
Mar 15 17:27:32 server sshd [10357]: SSH: Server; Ltype: Version; Remote: 10.1.28.72-3788; Protocol: 2.0; Client: SecureCRT_6.2.2 (build 263) SecureCRT
Mar 15 17:27:39 server sshd [10357]: Accepted password for root from 10.1.28.72 port 3788 ssh2
Mar 15 17:27:39 server sshd [10357]: SSH: Server; LType: Throughput; Remote: 10.1.28.72-3788; IN: 592; OUT: 320; Duration: 0.1; tPut_in: 8866.5; tPut_out: 4792.7


When you try to connect to a server via ssh

[root @ server] # vi / etc / passwd
Last successful login: Mon Mar 15 17:27:16 WST 2010 10.1.28.72
Last authentication failure: Mon Mar 15 17:23:56 WST 2010
Last login: Mon Mar 15 16:47:03 2010 from 10.1.28.72
/ sbin / sh: No such file or directory

This came after configuring sftp for instructions.

[root @ erver] # cat / etc / passwd

root: / aq9QjUajlNrA: 0:3 ::/:/ sbin / sh
appuser: QIYGAgLG6/y9c: 4000:20: chrooted user: / newroot / home / appuser: / bin / sh
4 REPLIES
Turgay Cavdar
Honored Contributor

Re: problems configuring sftp

I think you try to setup chrooted environment for sftp.

Check the new open ssh versions new directive: ChrootDirectory
http://www13.itrc.hp.com/service/cki/docDisplay.do?docLocale=en&docId=emr_na-c01711417
Goriik
Advisor

Re: problems configuring sftp

I think you try to setup chrooted environment for sftp.

Check the new open ssh versions new directive: ChrootDirectory
http://www13.itrc.hp.com/service/cki/docDisplay.do?docLocale=en&docId=emr_na-c01711417

I went to your link, but ..

Note: We are sorry but the document you requested requires additional authorization such as a certain level of support agreement.
Goriik
Advisor

Re: problems configuring sftp

Problem solved. I added a few lines in / opt / ssh / etc / sshd_config

Match User appuser
X11Forwarding no
AllowTcpForwarding no
ChrootDirectory /newroot
Viktor Balogh
Honored Contributor

Re: problems configuring sftp

yepp. man sshd_config:

Match
Introduces a conditional block. If all of the criteria on the
Match line are satisfied, the keywords on the following lines
override those set in the global section of the config file,
until either another Match line or the end of the file. The
arguments to Match are one or more criteria-pattern pairs. The
available criteria are User, Group, Host, and Address. Only a
subset of keywords may be used on the lines following a Match
keyword. Available keywords are AllowTcpForwarding,
ForceCommand, GatewayPorts, PermitOpen, X11DisplayOffset,
X11Forwarding, and X11UseLocalHost.
****
Unix operates with beer.