Re: Enabling SFTP under Debian 4.0r0
On Jul 7, 2007, at 6:50 AM, Florian Kulzer wrote:
On Sat, Jul 07, 2007 at 02:24:52 -0500, ArcticFox wrote:
On Jul 6, 2007, at 11:54 PM, Kent West wrote:
ArcticFox wrote:
[ snip: sftp does not work from Apple box to Debian server, while ssh
does work. ]
You might "tail /var/log/auth.log" for clues.
All that tells me is there was a ssh session opened for root then
closed a second later. No error messages or anything useful.
I would first try to get it working for a normal user (see below).
ssh works for a normal user but not for root, sftp doesn't work for
either. But I agree, one problem at a time.
[...]
Also, I don't know if this is related, but attempting to connect
through ssh as root gets a "Bad Password" message, yet the
password is accepted when used locally.
IIRC, it used to be that sshd_config had "PermitRootLogin=no", but I
think in more recent times it's set to yes (which seems unwise to
me).
Have a look at /etc/pam.d/login, you will probably see this:
# Disallows root logins except on tty's listed in /etc/securetty
# (Replaces the `CONSOLE' setting from login.defs)
auth requisite pam_securetty.so
AFAIK, this can block remote root logins even if sshd_config allows
them.
I agree with Kent that it is better not to allow remote root logins.
Unless you guys have a suggestion that'll let me run root commands as a
normal user I kinda have to. Trying to sudo get me the message 'Fox is
not in the sudoers file, this incident will be reported.'
It would be nice to have more debugging output from the client. Try to
run this on the Apple box:
sftp -v username@host
and post the output here. (Replace "username" and "host" as is
appropriate for your Debian system; you will be prompted for the
password.)
(I hope that OS X, being BSD based, still has the normal sftp utility.)
Here's what it spit out:
Last login: Sat Jul 7 11:38:30 on console
Welcome to Darwin!
genkos-Computer:~ genko$ sftp -v fox@10.0.0.150
Connecting to 10.0.0.150...
OpenSSH_4.5p1, OpenSSL 0.9.7l 28 Sep 2006
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to 10.0.0.150 [10.0.0.150] port 22.
debug1: Connection established.
debug1: identity file /Users/genko/.ssh/id_rsa type -1
debug1: identity file /Users/genko/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version lshd-2.0.2
lsh - a GNU ssh
debug1: no match: lshd-2.0.2 lsh - a GNU ssh
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.5
debug1: An invalid name was supplied
Cannot determine realm for numeric host address
debug1: An invalid name was supplied
Cannot determine realm for numeric host address
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client 3des-cbc hmac-md5 none
debug1: kex: client->server 3des-cbc hmac-md5 none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Host '10.0.0.150' is known and matches the RSA host key.
debug1: Found key in /Users/genko/.ssh/known_hosts:6
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: password,publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/genko/.ssh/id_rsa
debug1: Trying private key: /Users/genko/.ssh/id_dsa
debug1: Next authentication method: password
fox@10.0.0.150's password:
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending subsystem: sftp
Request for subsystem 'sftp' failed on channel 0
Connection closed
Reply to: