Tengo problemas para que sFTP funcione mientras no hay problemas con ssh. Básicamente estoy construyendo zlib, openssl y openssh para un procesador ARM usando un sistema de archivos Linux embebido existente. Después de buscar ideas, parecía un problema común, pero no he progresado. Solo tengo un usuario definido, que es root con una contraseña vacía.
Estoy usando openssh versión 4.7p1, y modifiqué sshd_config con la siguiente configuración:
PermitRootLogin yes
PermitEmptyPasswords yes
UseDNS yes
UsePrivilegeSeparation no
SyslogFacility AUTH
LogLevel DEBUG3
Subsystem sftp /usr/local/libexec/sftp-server -f AUTH -l DEBUG3
El servidor sftp se encuentra en / usr / local / libexec y tiene los siguientes permisos:
root@arm:/usr/local/libexec# ls -l
-rwxr-xr-x 1 root root 65533 Oct 3 22:12 sftp-server
-rwx--x--x 1 root root 233539 Oct 3 22:12 ssh-keysign
Sé que se encuentra el servidor sftp (la ruta se establece en sshd_config) porque si cambio el nombre del ejecutable sftp_server, aparece el siguiente error:
auth.err sshd[1698]: error: subsystem: cannot stat /usr/local/libexec/sftp-server: No such file or directory
auth.info sshd[1698]: subsystem request for sftp failed, subsystem not found
Además, los scripts de inicio de sesión del objetivo son muy simples y consisten en un solo archivo (etc / profile.d / local.sh), que solo contiene definiciones para LD_LIBRARY_PATH, PATH y PYTHONPATH como se muestra a continuación:
#!/bin/sh
export LD_LIBRARY_PATH="/usr/local/lib"
export PATH="/usr/local/bin:/usr/local/libexec:${PATH}"
export PYTHONPATH="/home/root/python"
Como puede ver .bashrc, .profile, etc. no existen en el directorio de inicio de la raíz:
root@arm:~# ls -la
drwxr-xr-x 2 root root 4096 Oct 4 14:57 .
drwxr-xr-x 3 root root 4096 Oct 4 01:11 ..
-rw------- 1 root root 120 Oct 4 01:21 .bash_history
Aquí está la salida del registro del sistema cuando se utiliza FileZilla para conectarse al servidor sftp en el destino. Del registro parece que se encuentra el ejecutable del servidor sftp, pero el proceso hijo se cierra inmediatamente. Estoy usando argumentos de depuración cuando llamo sftp-server en sshd_config (Subsistema sftp / usr / local / libexec / sftp-server -f AUTH -l DEBUG3), pero no se capturaron registros.
Oct 4 14:29:45 arm auth.info sshd[2070]: Connection from 192.168.1.12 port 45888
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug1: Client protocol version 2.0; client software version PuTTY_Local:_Mar_28_2012_12:33:05
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug1: no match: PuTTY_Local:_Mar_28_2012_12:33:05
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug1: Enabling compatibility mode for protocol 2.0
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug1: Local version string SSH-2.0-OpenSSH_4.7
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: fd 3 setting O_NONBLOCK
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug1: list_hostkey_types: ssh-rsa,ssh-dss
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug1: SSH2_MSG_KEXINIT sent
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug1: SSH2_MSG_KEXINIT received
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellma1
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysr
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysr
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: none,zlib@openssh.com
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: none,zlib@openssh.com
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit:
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit:
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: first_kex_follows 0
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: reserved 0
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellma1
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfish-ctr,blowfi8
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfish-ctr,blowfi8
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: none,zlib
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: none,zlib
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit:
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit:
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: first_kex_follows 0
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: reserved 0
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: mac_setup: found hmac-sha1
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug1: kex: client->server aes256-ctr hmac-sha1 none
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: mac_setup: found hmac-sha1
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug1: kex: server->client aes256-ctr hmac-sha1 none
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug1: SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: dh_gen_key: priv key bits set: 277/512
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: bits set: 2052/4096
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: bits set: 2036/4096
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_derive_keys
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: set_newkeys: mode 1
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: cipher_init: set keylen (16 -> 32)
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug1: SSH2_MSG_NEWKEYS sent
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug1: expecting SSH2_MSG_NEWKEYS
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: set_newkeys: mode 0
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: cipher_init: set keylen (16 -> 32)
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: SSH2_MSG_NEWKEYS received
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: KEX done
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: userauth-request for user root service ssh-connection method none
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: attempt 0 failures 0
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug3: Trying to reverse map address 192.168.1.12.
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: parse_server_config: config reprocess config len 302
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: input_userauth_request: setting up authctxt for root
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: input_userauth_request: try method none
Oct 4 14:29:46 arm auth.info sshd[2070]: Accepted none for root from 192.168.1.12 port 45888 ssh2
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: Entering interactive session for SSH2.
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: fd 4 setting O_NONBLOCK
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: fd 5 setting O_NONBLOCK
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: server_init_dispatch_20
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: server_input_channel_open: ctype session rchan 256 win 2147483647 max 16384
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: input_session_request
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: channel 0: new [server-session]
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: session_new: init
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: session_new: session 0
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: session_open: channel 0
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: session_open: session 0: link with channel 0
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: server_input_channel_open: confirm session
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: server_input_channel_req: channel 0 request simple@putty.projects.tartarus.org reply 0
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: session_by_channel: session 0 channel 0
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: session_input_channel_req: session 0 req simple@putty.projects.tartarus.org
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: server_input_channel_req: channel 0 request subsystem reply 1
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: session_by_channel: session 0 channel 0
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: session_input_channel_req: session 0 req subsystem
Oct 4 14:29:46 arm auth.info sshd[2070]: subsystem request for sftp
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: subsystem: exec() /usr/local/libexec/sftp-server -f AUTH -l DEBUG3
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: fd 3 setting TCP_NODELAY
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: fd 7 setting O_NONBLOCK
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug3: fd 7 is O_NONBLOCK
Oct 4 14:29:46 arm auth.debug sshd[2073]: debug1: permanently_set_uid: 0/0
Oct 4 14:29:46 arm auth.debug sshd[2073]: debug3: channel 0: close_fds r -1 w -1 e -1 c -1
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: read<=0 rfd 7 len -1
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: read failed
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: close_read
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: input open -> drain
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: ibuf empty
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: send eof
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: input drain -> closed
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: notify_done: reading
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: Received SIGCHLD.
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: session_by_pid: pid 2073
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: session_exit_message: session 0 channel 0 pid 2073
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: request exit-status confirm 0
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: session_exit_message: release channel 0
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: write failed
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: close_write
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: output open -> closed
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: send close
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug3: channel 0: will not send data after close
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: rcvd close
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug3: channel 0: will not send data after close
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: is dead
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: gc: notify user
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: session_by_channel: session 0 channel 0
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: session_close_by_channel: channel 0 child 0
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: session_close: session 0 pid 0
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: gc: user detached
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: is dead
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: garbage collecting
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: channel 0: free: server-session, nchannels 1
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug3: channel 0: status: The following connections are open:\r\n #0 server-session (t4 r256 i3/0 o3/0 fd 7/7 cfd -1)\r\n
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug3: channel 0: close_fds r 7 w 7 e -1 c -1
Oct 4 14:29:46 arm auth.info sshd[2070]: Connection closed by 192.168.1.12
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: do_cleanup
Oct 4 14:29:46 arm auth.info sshd[2070]: Closing connection to 192.168.1.12
un poco sin relación: OpenSSH 4.7p1 tiene 6 años; por razones de seguridad, utilice algo más nuevo. En cuanto a la pregunta:
—
Peter
sftp-serverparece que estás saliendo prematuramente:Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: Received SIGCHLD.
@peterph - Actualicé al último openssh (6.3p1) ayer y experimenté los mismos problemas.
—
Michael
@Patrick: he probado el comando sftp desde el host al destino y los resultados son los mismos. El servidor cierra la conexión después de la autenticación.
—
Michael
@Michael, ¿podrías ejecutar sshd
—
Peter
strace -f?
sftpcomando (sftp host.name.here). Si algo falla, también podría darte una mejor información.