HPE Community
Operating System - HP-UX
1754393 Members
2930 Online
108813 Solutions
New Discussion юеВ

sftp can't log in.

 
Johns Manville
Frequent Advisor

тАО06-02-2011 11:11 AM

тАО06-02-2011 11:11 AM

sftp can't log in.

This is HP-UX 11.11.

I have a remote office that wants to use sftp to place a file on this server at my office.

I created a restricted ftp user that was restricted to their home directory. I was hoping that restricted ftp user on my side would jail the outside user when they log in.

However, when I test, sftp asks for the password of the user I put on the command line, but that password will not log them in. Plain old ftp works as it's intended.

I ran sftp with -v and it looks like sftp is comparing keys and recognized my root key instead of the sftp user's password.

I'm guessing I either went about this all wrong, or I need to change to allow password authentication in the sshd_config file? Or will they need to send me their pub key?

I'm using this version of OpenSSH:

OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL

Thanks for any help.
0 Kudos
15 REPLIES 15
Steven Schweda
Honored Contributor

тАО06-02-2011 01:10 PM

тАО06-02-2011 01:10 PM

Re: sftp can't log in.

> I created a restricted ftp user [...]

I don't know what that means (to you).

Except for the similar spelling, SFTP and FTP
are very different, and the configuration of
one has very little to do with the
configuration of the other.

> I ran sftp [...] it looks like [...]

That tells me approximately nothing. As
usual, showing actual commands with their
actual output can be more helpful than vague
descriptions or interpretations. What is
the SFTP client? Running on what? As which
user?

> I'm guessing [...]

With almost no useful information to work
with, that's about all I can do, too.

> OpenSSH_3.6.1p2, [...]

It may not matter, but that's not the latest
kit, is it?

> Thanks for any help.

You first. What, exactly, are you doing?
What, exactly, happens when you do it?
0 Kudos
Uday_S_Ankolekar
Honored Contributor

тАО06-02-2011 01:19 PM

тАО06-02-2011 01:19 PM

Re: sftp can't log in.

You need to configure ssh for the user.
Have you created key file by running ssh-keygen -t dsa? to generate private key ?

Good Luck..
0 Kudos
Johns Manville
Frequent Advisor

тАО06-02-2011 02:48 PM

тАО06-02-2011 02:48 PM

Re: sftp can't log in.

Yes I created an ssh key with ssh-keygen -t rsa for the new user that will access the account. I added that to the authorized_user file on the target server.

Here is the output with a -v added for verbose output:

$ sftp -v username@hpux41
Connecting to hpux41...
OpenSSH_4.3p2-hpn, OpenSSL 0.9.7i 14 Oct 2005
HP-UX Secure Shell-A.04.30.007, HP-UX Secure Shell version
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug1: Connecting to hpux41 [166.92.13.147] port 22.
debug1: Connection established.
debug1: identity file /home/username/.ssh/id_rsa type 1
debug1: identity file /home/username/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.6.1p2
debug1: match: OpenSSH_3.6.1p2 pat OpenSSH_3.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3p2-hpn
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'hpux41' is known and matches the RSA host key.
debug1: Found key in /home/username/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: external-keyx,gssapi,publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /home/username/.ssh/id_rsa
debug1: Authentications that can continue: external-keyx,gssapi,publickey,password,keyboard-interactive
debug1: Trying private key: /home/username/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: external-keyx,gssapi,publickey,password,keyboard-interactive
debug1: Next authentication method: password
username@hpux41's password:
debug1: Authentications that can continue: external-keyx,gssapi,publickey,password,keyboard-interactive
Permission denied, please try again.
username@hpux41's password:
0 Kudos
Steven Schweda
Honored Contributor

тАО06-02-2011 06:03 PM

тАО06-02-2011 06:03 PM

Re: sftp can't log in.

> Yes I created [...]

Still not exactly rich in details on the
preparation.

> $ sftp -v username@hpux41
> [...]

It's a start.

> debug1: Trying private key: /home/username/.ssh/id_dsa
> debug1: Next authentication method: keyboard-interactive

The server appears to hate your key data. As
a Forum search for SSH/SFTP problems would
probably reveal, this could be caused by many
things. Among the most popular might be bad
key data, or bad file or directory ownership
or permissions. With only my weak psychic
powers to work with, it's hard to offer
specific suggestions. In such a situation,
the server knows all, but tells the client
little. Inspecting the server system log
file(s) should provide the reason for the
log-in failure (or at least some suggestive
clues).
0 Kudos
Steven1970
Occasional Advisor

тАО06-02-2011 06:24 PM

тАО06-02-2011 06:24 PM

Re: sftp can't log in.

You wrote:
Yes I created an ssh key with ssh-keygen -t rsa for the new user that will access the account. I added that to the authorized_user file on the target server.

Did you add the key into a file named authorized_user or authorized_keys

If it was authorized_user then that is wrong, it should be authorized_keys
0 Kudos
Steven Schweda
Honored Contributor

тАО06-02-2011 08:13 PM

тАО06-02-2011 08:13 PM

Re: sftp can't log in.

> Did you add the key into a file named
> authorized_user or authorized_keys [?]

Again, copy+paste of an actual "ls -l"
command with its actual output would be more
useful than a vague and/or inaccurate
description. Just a thought.
0 Kudos
Uday_S_Ankolekar
Honored Contributor

тАО06-03-2011 05:19 AM

тАО06-03-2011 05:19 AM

Re: sftp can't log in.

It should be authorized_keys as mentioned in above post. Also look for the permission and ownership of .ssh dir
Good Luck..
0 Kudos
Johns Manville
Frequent Advisor

тАО06-03-2011 06:20 AM

тАО06-03-2011 06:20 AM

Re: sftp can't log in.

# ls -l
total 6
-rw------- 1 username ftponly 397 Jun 3 06:38 authorized_keys
-rw------- 1 username ftponly 887 Jun 3 06:31 id_rsa
-rw-r--r-- 1 username ftponly 225 Jun 3 06:31 id_rsa.pub
0 Kudos
Patrick Wallek
Honored Contributor

тАО06-03-2011 06:25 AM

тАО06-03-2011 06:25 AM

Re: sftp can't log in.

Are there any errors in the /var/adm/syslog/syslog.log file on the server your are trying to sftp to?
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.