sftp session disconnects right after passwd enter

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



   Greetings All,
   I have a ssh server which allows sftp connections from the Internet
   while ssh connections from within the local net, here is the config:

                                     Code:
                                 Port 11111
                                 Port 11113
                                 Protocol 2
                               LogLevel DEBUG
                          PasswordAuthentication no
                                 UsePAM yes
                                PrintMotd no
                               PrintLastLog no
             Subsystem       sftp    /usr/lib64/misc/sftp-server
               Match LocalPort 11113 Address *,!192.168.0.0/24
                            ChrootDirectory /home/%u
                             AllowTCPForwarding no
                                X11Forwarding no
                              AllowUsers sftp_user
                   ForceCommand /usr/lib/openssh/sftp-server
                    AuthenticationMethods publickey,password
                       publickey,keyboard-interactive
                             RSAAuthentication yes
                            PubkeyAuthentication yes
                             AcceptEnv LANG LC_*

   now when I try to connect I from outside the net to test it I see this
   in the client:

                                               Code:
            dagg@NCC-5001-D ~/.ssh/sftp_keys $ sftp -oPort=11113
             -oIdentityFile=id_rsa [1]sftp_user@111.111.111.111
                     Authenticated with partial success.
                                  Password:
                              Connection closed

   I'm sure the passwd is correct because su - sftp_user with that same
   passwd works and if I enter a worng passwd I'm prompted with another
   "Password: " line.
   the server logs are:

                                                   Code:
     May 21 22:56:30 NCC-5001-D sshd[30467]: debug1: Forked child 30708.
   May 21 22:56:30 NCC-5001-D sshd[30708]: Set /proc/self/oom_score_adj to
                                      0
   May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: rexec start in 7 out 7
                          newsock 7 pipe 9 sock 10
     May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: inetd sockets after
                                dupping: 3, 3
   May 21 22:56:30 NCC-5001-D sshd[30708]: Connection from 111.111.111.111
                    port 41017 on 192.168.0.1 port 11113
    May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: HPN Disabled: 0, HPN
                             Buffer Size: 87380
   May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: Client protocol version
             2.0; client software version OpenSSH_6.6p1-hpn14v4
         May 21 22:56:30 NCC-5001-D sshd[30708]: SSH: Server;Ltype:
         Version;Remote: 111.111.111.111-41017;Protocol: 2.0;Client:
                            OpenSSH_6.6p1-hpn14v4
           May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: match:
            OpenSSH_6.6p1-hpn14v4 pat OpenSSH* compat 0x04000000
   May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: Enabling compatibility
                            mode for protocol 2.0
    May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: Local version string
                        SSH-2.0-OpenSSH_6.6p1-hpn14v4
    May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: permanently_set_uid:
                               22/22 [preauth]
     May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: list_hostkey_types:
          ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
    May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: SSH2_MSG_KEXINIT sent
                                  [preauth]
      May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: SSH2_MSG_KEXINIT
                             received [preauth]
       May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: AUTH STATE IS 0
                                  [preauth]
    May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: REQUESTED ENC.NAME is
                           'aes128-ctr' [preauth]
     May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: kex: client->server
            aes128-ctr [2]hmac-md5-etm@xxxxxxxxxxx none [preauth]
   May 21 22:56:30 NCC-5001-D sshd[30708]: SSH: Server;Ltype: Kex;Remote:
                 111.111.111.111-41017;Enc: aes128-ctr;MAC:
              [3]hmac-md5-etm@xxxxxxxxxxx;Comp: none [preauth]
    May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: REQUESTED ENC.NAME is
                           'aes128-ctr' [preauth]
     May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: kex: server->client
            aes128-ctr [4]hmac-md5-etm@xxxxxxxxxxx none [preauth]
          May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: expecting
                      SSH2_MSG_KEX_ECDH_INIT [preauth]
    May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: SSH2_MSG_NEWKEYS sent
                                  [preauth]
          May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: expecting
                         SSH2_MSG_NEWKEYS [preauth]
      May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: SSH2_MSG_NEWKEYS
                             received [preauth]
     May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: KEX done [preauth]
    May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: userauth-request for
         user sftp_user service ssh-connection method none [preauth]
         May 21 22:56:30 NCC-5001-D sshd[30708]: SSH: Server;Ltype:
      Authname;Remote: 111.111.111.111-41017;Name: sftp_user [preauth]
    May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: attempt 0 failures 0
                                  [preauth]
    May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: Config token is port
    May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: Config token is port
       May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: Config token is
                                  protocol
       May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: Config token is
                                  loglevel
       May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: Config token is
                           passwordauthentication
   May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: Config token is usepam
       May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: Config token is
                                  printmotd
       May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: Config token is
                                printlastlog
       May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: Config token is
                           useprivilegeseparation
       May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: Config token is
                                  subsystem
    May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: Config token is match
       May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: connection from
              192.168.0.1 matched 'LocalPort 11113' at line 176
       May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: connection from
       111.111.111.111 matched 'Address *,!192.168.0.0/24' at line 176
       May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: Config token is
                               chrootdirectory
       May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: Config token is
                             allowtcpforwarding
       May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: Config token is
                                x11forwarding
       May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: Config token is
                                 allowusers
       May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: Config token is
                                forcecommand
       May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: Config token is
                            authenticationmethods
       May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: Config token is
                              rsaauthentication
       May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: Config token is
                            pubkeyauthentication
       May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: Config token is
                                  acceptenv
       May 21 22:56:30 NCC-5001-D sshd[30708]: error: Disabled method
        "password" in AuthenticationMethods list "publickey,password"
     May 21 22:56:30 NCC-5001-D sshd[30708]: Authentication methods list
           "publickey,password" contains disabled method, skipping
   May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: authentication methods
                   list 0: publickey,keyboard-interactive
    May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: PAM: initializing for
                                 "sftp_user"
   May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: PAM: setting PAM_RHOST
                           to "red.unlimited.net"
   May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: PAM: setting PAM_TTY to
                                    "ssh"
       May 21 22:56:30 NCC-5001-D sshd[30708]: error: Disabled method
   "password" in AuthenticationMethods list "publickey,password" [preauth]
     May 21 22:56:30 NCC-5001-D sshd[30708]: Authentication methods list
      "publickey,password" contains disabled method, skipping [preauth]
   May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: authentication methods
              list 0: publickey,keyboard-interactive [preauth]
    May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: userauth-request for
      user sftp_user service ssh-connection method publickey [preauth]
    May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: attempt 1 failures 0
                                  [preauth]
        May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: test whether
                    pkalg/pkblob are acceptable [preauth]
    May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: temporarily_use_uid:
                              1004/100 (e=0/0)
   May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: trying public key file
                    /home/sftp_user/.ssh/authorized_keys
        May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: fd 4 clearing
                                 O_NONBLOCK
     May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: matching key found:
            file /home/sftp_user/.ssh/authorized_keys, line 1 RSA
               xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
      May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: restore_uid: 0/0
       May 21 22:56:30 NCC-5001-D sshd[30708]: Postponed publickey for
          sftp_user from 111.111.111.111 port 41017 ssh2 [preauth]
    May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: userauth-request for
      user sftp_user service ssh-connection method publickey [preauth]
    May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: attempt 2 failures 0
                                  [preauth]
    May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: temporarily_use_uid:
                              1004/100 (e=0/0)
   May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: trying public key file
                    /home/sftp_user/.ssh/authorized_keys
        May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: fd 4 clearing
                                 O_NONBLOCK
     May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: matching key found:
            file /home/sftp_user/.ssh/authorized_keys, line 1 RSA
               xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
      May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: restore_uid: 0/0
       May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: ssh_rsa_verify:
                              signature correct
   May 21 22:56:30 NCC-5001-D sshd[30708]: Partial publickey for sftp_user
                  from 111.111.111.111 port 41017 ssh2: RSA
               xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
    May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: userauth-request for
      user sftp_user service ssh-connection method keyboard-interactive
                                  [preauth]
    May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: attempt 3 failures 1
                                  [preauth]
    May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: keyboard-interactive
                               devs  [preauth]
      May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: auth2_challenge:
                       user=sftp_user devs= [preauth]
    May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: kbdint_alloc: devices
                               'pam' [preauth]
   May 21 22:56:30 NCC-5001-D sshd[30708]: debug1: auth2_challenge_start:
                trying authentication method 'pam' [preauth]
   May 21 22:56:31 NCC-5001-D sshd[30708]: Postponed keyboard-interactive
           for sftp_user from 111.111.111.111 port 41017 ssh2: RSA
          xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx [preauth]
   May 21 22:56:34 NCC-5001-D sshd[30713]: debug1: do_pam_account: called
      May 21 22:56:34 NCC-5001-D sshd[30708]: debug1: PAM: num PAM env
                                  strings 0
              May 21 22:56:34 NCC-5001-D sshd[30708]: Postponed
   keyboard-interactive/pam for sftp_user from 111.111.111.111 port 41017
                               ssh2 [preauth]
   May 21 22:56:34 NCC-5001-D sshd[30708]: debug1: do_pam_account: called
              May 21 22:56:34 NCC-5001-D sshd[30708]: Accepted
   keyboard-interactive/pam for sftp_user from 111.111.111.111 port 41017
                                    ssh2
   May 21 22:56:34 NCC-5001-D sshd[30708]: debug1: monitor_child_preauth:
           sftp_user has been authenticated by privileged process
   May 21 22:56:34 NCC-5001-D sshd[30708]: debug1: monitor_read_log: child
                                log fd closed
      May 21 22:56:34 NCC-5001-D sshd[30708]: debug1: PAM: establishing
                                 credentials
   May 21 22:56:34 NCC-5001-D sshd[30708]: pam_unix(sshd:session): session
                    opened for user sftp_user by (uid=0)
     May 21 22:56:34 NCC-5001-D sshd[30708]: User child is on pid 30721
      May 21 22:56:34 NCC-5001-D sshd[30721]: debug1: PAM: establishing
                                 credentials
         May 21 22:56:34 NCC-5001-D sshd[30708]: debug1: do_cleanup
        May 21 22:56:34 NCC-5001-D sshd[30708]: debug1: PAM: cleanup
    May 21 22:56:34 NCC-5001-D sshd[30708]: debug1: PAM: closing session
   May 21 22:56:34 NCC-5001-D sshd[30708]: pam_unix(sshd:session): session
                          closed for user sftp_user
        May 21 22:56:34 NCC-5001-D sshd[30708]: debug1: PAM: deleting
                                 credentials

   why I'm not able to get a ftp cli?
   Thanks.

References

   1. mailto:sftp_user@111.111.111.111
   2. mailto:hmac-md5-etm@xxxxxxxxxxx
   3. mailto:hmac-md5-etm@xxxxxxxxxxx
   4. mailto:hmac-md5-etm@xxxxxxxxxxx
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux