ssh Problem using it for SFTP

To: debian <debian-user@lists.debian.org>
Subject: ssh Problem using it for SFTP
From: Steve Matzura <sm@noisynotes.com>
Date: Wed, 13 Jan 2016 19:13:57 -0500
Message-id: <[🔎] q7od9bl9vubatjkjg270rjqvcbegov6c9q@4ax.com>

I hope this isn't off-topic by too much. If it is, a word to me
privately and I'll wait for responses to queries I've made elsewhere.

I maintain two FTP servers and support four Windows-based FTP clients
for users of those servers--FTP Voyager, FlashFXP, Filezilla, and
WinSCP. One server accepts all four clients, the other accepts all but
FTP Voyager, indicating a configuration difference.

I've asked about this on the comp.security.ssh Usenet newsgroup, but
Usenet being what it is, I might have to wait at least a week before
getting a response of any kind, and my Voyager users are starting to
get restless for an answer as to what I did to break access for
them--i.e., they'd rather fight than switch.

Here are the two sshd_configs without comments, greatly shortening
what you'll be looking at.

First, the one that accepts all four clients:

SyslogFacility AUTHPRIV
PermitRootLogin  without-password
AuthorizedKeysFile	.ssh/authorized_keys
PermitEmptyPasswords  no
PasswordAuthentication yes
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
UsePAM yes
X11Forwarding yes
Compression  delayed
Banner /etc/issue.net
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY
LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
Subsystem sftp internal-sftp
ListenAddress ::
ListenAddress 0.0.0.0

Now, the one from the server that won't accept SFTP-over-ssh
connections from FTP Voyager:

Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 1024
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin without-password
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
AcceptEnv LANG LC_*
Subsystem sftp internal-sftp
UsePAM yes
Match Group documenters
    ChrootDirectory /home/documenters
    AllowTCPForwarding no
    X11Forwarding no
    ForceCommand internal-sftp

At first, I thought the problem has to do with the stanza beginning
with the MatchGroup directive, so I commented it out. The problem
didn't go away, and I don't perceive any differences between the two
configurations except maybe a few options that are defined explicitly
which are already at their default values according to the ssh
documentation.

Any help greatly appreciated, on- or off-list.

Reply to:

Follow-Ups:
- Re: ssh Problem using it for SFTP
  - From: <tomas@tuxteam.de>
- Re: ssh Problem using it for SFTP
  - From: Steve Matzura <sm@noisynotes.com>
- Re: ssh Problem using it for SFTP
  - From: Steve Matzura <sm@noisynotes.com>

Prev by Date: Re: Problem with apt-get and sources.list
Next by Date: Re: Problem with apt-get and sources.list
Previous by thread: Re: Problem with apt-get and sources.list
Next by thread: Re: ssh Problem using it for SFTP
Index(es):
- Date
- Thread