Author Topic: sftp problem with specific FTP client  (Read 23702 times)

Offline suhas!

  • Regular User
  • **
  • Posts: 34
    • View Profile
sftp problem with specific FTP client
« on: September 16, 2009, 12:03:42 pm »
Hi,

We are facing problem in SFTP connection with WS_FTP Professional Version 12.0.1. We get connection error.

++++++++++++++
Started subsystem "sftp" on channel 0760a2ce
error 84350000 initializing sftp protocol
Sending channel close message for channel 0760a2ce
SSH Transport closed.
++++++++++++++



When server is running in debug level 1, below is the output we get.

++++++++++++++
192.168.0.100 (::ffff:192.168.0.111[::ffff:192.168.0.111]) - SETUP PRIVS at main.c:1073
192.168.0.100 (::ffff:192.168.0.111[::ffff:192.168.0.111]) - FTP session opened.
192.168.0.100 (::ffff:192.168.0.111[::ffff:192.168.0.111]) - Preparing to chroot to directory '/home/user1'
192.168.0.100 (::ffff:192.168.0.111[::ffff:192.168.0.111]) - Environment successfully chroot()ed
192.168.0.100 (::ffff:192.168.0.111[::ffff:192.168.0.111]) - SETUP PRIVS at auth.c:451
192.168.0.100 (::ffff:192.168.0.111[::ffff:192.168.0.111]) - USER user1: Login successful
192.168.0.100 (::ffff:192.168.0.111[::ffff:192.168.0.111]) - user 'user1' authenticated by mod_auth_unix.c
192.168.0.100 (::ffff:192.168.0.111[::ffff:192.168.0.111]) - mod_cap/1.0: setreuid: Operation not permitted
192.168.0.100 (::ffff:192.168.0.111[::ffff:192.168.0.111]) - USER user1: Login successful.
192.168.0.100 (::ffff:192.168.0.111[::ffff:192.168.0.111]) - SSH2 session closed.
+++++++++++++++

SFTP works fine with other FTP client e.g. WinSCP

The above output is from proftpd-cvs-20090915, below is the conf file


+++++++++++++++
ServerName                      "ProFTPD server"
ServerIdent                     on "FTP Server ready."
ServerAdmin                     root@localhost
ServerType                      standalone
DefaultServer                   on
AccessGrantMsg                  "User %u logged in."
DeferWelcome                    off

DefaultRoot                     ~ !adm


IdentLookups                    off
UseReverseDNS                   off


Umask                           022

ListOptions                     "-a"


AllowRetrieveRestart            on
AllowStoreRestart               on

MaxInstances                    60
MaxClientsPerUser               10
User                            nobody
Group                           nobody

UseSendfile                     no

ScoreboardFile                  /var/run/proftpd.score

LogFormat                       mylogformat "%t %u %b %h \"%r\" %P %T %s"


LoadModule mod_sftp.c
<Global>
    AllowOverwrite                yes
    <Limit ALL SITE_CHMOD>
        AllowAll
    </Limit>
</Global>

ExtendedLog /var/log/proftpd/ftp.log all mylogformat
SFTPEngine on
Port 2222
SFTPLog /var/log/sftp.log
SFTPHostKey /etc/ssh/ssh_host_rsa_key
SFTPHostKey /etc/ssh/ssh_host_dsa_key
SFTPAuthorizedUserKeys file:~/.sftp/authorized_keys
SFTPCompression delayed
MaxLoginAttempts 6

<VirtualHost 192.168.0.100 >
DefaultRoot                     ~
Port 21
ExtendedLog /var/log/proftpd/ftp.log all mylogformat

<Limit LOGIN>
        Allow From 192.168.0
        DenyAll
</Limit>

</VirtualHost>

+++++++++++++++


Proftpd compile options are --

    configure  '--enable-dso' '--enable-openssl' '--with-shared=mod_sftp' '--prefix=/usr/local/proftpd-cvs'


Please suggest

Regards

Offline castaglia

  • Administrator
  • Support Hero
  • *****
  • Posts: 5160
    • View Profile
    • http://www.castaglia.org/
Re: sftp problem with specific FTP client
« Reply #1 on: September 16, 2009, 03:15:35 pm »
What does the SFTPLog show?

Offline suhas!

  • Regular User
  • **
  • Posts: 34
    • View Profile
Re: sftp problem with specific FTP client
« Reply #2 on: September 17, 2009, 10:20:47 am »
Getting this in SFTP Log ( proftpd-cvs-20090915 )

++++++

Sep 17 17:19:20 mod_sftp/0.9.7[28153]: using '/etc/ssh/ssh_host_rsa_key' as RSA hostkey
Sep 17 17:19:20 mod_sftp/0.9.7[28153]: using '/etc/ssh/ssh_host_dsa_key' as DSA hostkey
Sep 17 17:19:20 mod_sftp/0.9.7[28153]: received client version 'SSH-2.0-WS_FTP-12.0.1-0'
Sep 17 17:19:20 mod_sftp/0.9.7[28153]: handling connection from SSH2 client 'WS_FTP-12.0.1-0'
Sep 17 17:19:20 mod_sftp/0.9.7[28153]:  + Session key exchange: diffie-hellman-group-exchange-sha1
Sep 17 17:19:20 mod_sftp/0.9.7[28153]:  + Session server hostkey: ssh-dss
Sep 17 17:19:20 mod_sftp/0.9.7[28153]:  + Session client-to-server encryption: aes256-cbc
Sep 17 17:19:20 mod_sftp/0.9.7[28153]:  + Session server-to-client encryption: aes256-cbc
Sep 17 17:19:20 mod_sftp/0.9.7[28153]:  + Session client-to-server MAC: hmac-md5
Sep 17 17:19:20 mod_sftp/0.9.7[28153]:  + Session server-to-client MAC: hmac-md5
Sep 17 17:19:20 mod_sftp/0.9.7[28153]:  + Session client-to-server compression: zlib
Sep 17 17:19:20 mod_sftp/0.9.7[28153]:  + Session server-to-client compression: zlib
Sep 17 17:19:20 mod_sftp/0.9.7[28153]:  + Session client-to-server language:
Sep 17 17:19:20 mod_sftp/0.9.7[28153]:  + Session server-to-client language:
Sep 17 11:49:20 mod_sftp/0.9.7[28153]: sending userauth success
Sep 17 11:49:20 mod_sftp/0.9.7[28153]: user 'user1' authenticated via 'password' method
Sep 17 11:49:20 mod_sftp/0.9.7[28153]: 'subsystem' channel request for 'sftp' subsystem
Sep 17 11:49:20 mod_sftp/0.9.7[28153]: client sent SSH_MSG_IGNORE message (296 bytes)
Sep 17 11:49:25 mod_sftp/0.9.7[28153]: error writing packet (fd 1): Broken pipe
Sep 17 11:49:25 mod_sftp/0.9.7[28153]: disconnecting client (Broken pipe)
++++++


On another system, where ProFTPD Version 1.3.2a Stable version is installed, getting below logs --

++++++
Sep 17 10:11:01 mod_sftp/0.9.6[27502]: using '/etc/ssh/ssh_host_rsa_key' as RSA hostkey
Sep 17 10:11:01 mod_sftp/0.9.6[27502]: using '/etc/ssh/ssh_host_dsa_key' as DSA hostkey
Sep 17 10:11:01 mod_sftp/0.9.6[27502]: received client version 'SSH-2.0-WS_FTP-12.0.1-0'
Sep 17 10:11:01 mod_sftp/0.9.6[27502]: handling connection from SSH2 client 'WS_FTP-12.0.1-0'
Sep 17 10:11:01 mod_sftp/0.9.6[27502]:  + Session key exchange: diffie-hellman-group-exchange-sha1
Sep 17 10:11:01 mod_sftp/0.9.6[27502]:  + Session server hostkey: ssh-dss
Sep 17 10:11:01 mod_sftp/0.9.6[27502]:  + Session client-to-server encryption: aes256-cbc
Sep 17 10:11:01 mod_sftp/0.9.6[27502]:  + Session server-to-client encryption: aes256-cbc
Sep 17 10:11:01 mod_sftp/0.9.6[27502]:  + Session client-to-server MAC: hmac-md5
Sep 17 10:11:01 mod_sftp/0.9.6[27502]:  + Session server-to-client MAC: hmac-md5
Sep 17 10:11:01 mod_sftp/0.9.6[27502]:  + Session client-to-server compression: zlib
Sep 17 10:11:01 mod_sftp/0.9.6[27502]:  + Session server-to-client compression: zlib
Sep 17 10:11:01 mod_sftp/0.9.6[27502]: WARNING: unable to read SFTPDHParamFile '/usr/local/proftpd/etc/dhparams.pem': Permission denied
Sep 17 10:11:01 mod_sftp/0.9.6[27502]: WARNING: using fixed modulus for DH group exchange
Sep 17 10:11:03 mod_sftp/0.9.6[27502]: sending userauth success
Sep 17 10:11:03 mod_sftp/0.9.6[27502]: user 'user1' authenticated via 'password' method
Sep 17 10:11:03 mod_sftp/0.9.6[27502]: 'subsystem' channel request for 'sftp' subsystem
Sep 17 10:11:04 mod_sftp/0.9.6[27502]: client sent SSH_MSG_IGNORE message (145 bytes)
Sep 17 10:11:09 mod_sftp/0.9.6[27502]: disconnecting client (received EOF)
++++++


Regards

Offline castaglia

  • Administrator
  • Support Hero
  • *****
  • Posts: 5160
    • View Profile
    • http://www.castaglia.org/
Re: sftp problem with specific FTP client
« Reply #3 on: September 17, 2009, 03:11:11 pm »
Hrm.  Doesn't look like it's an error on mod_sftp's part; the client is disconnecting for some reason.  Is there a way to configure WS_FTP Pro to have more verbose logging?

As for mod_sftp, you can get even more information (which might help) by configuring a TraceLog, like so:

  # Log this to the same place as the SFTPLog
  TraceLog /var/log/sftp.log
  Trace ssh2:10 sftp:10

Offline castaglia

  • Administrator
  • Support Hero
  • *****
  • Posts: 5160
    • View Profile
    • http://www.castaglia.org/
Re: sftp problem with specific FTP client
« Reply #4 on: September 17, 2009, 03:25:24 pm »
Could you also supply all of the WS_FTP Pro output leading up to the problem, not just the last few lines?

Offline suhas!

  • Regular User
  • **
  • Posts: 34
    • View Profile
Re: sftp problem with specific FTP client
« Reply #5 on: September 17, 2009, 06:48:00 pm »
1) proftpd-cvs-20090915 Logs --

Trace Log : 

++++++++
18:12 mod_sftp/0.9.7[28789]: using '/etc/ssh/ssh_host_rsa_key' as RSA hostkey
Sep 18 01:18:12 mod_sftp/0.9.7[28789]: using '/etc/ssh/ssh_host_dsa_key' as DSA hostkey
Sep 18 01:18:12 [28789] <ssh2:3>: unable to use 'none' cipher: Must be explicitly requested via SFTPCiphers
Sep 18 01:18:12 [28789] <ssh2:3>: unable to use 'none' digest: Must be explicitly requested via SFTPDigests
Sep 18 01:18:12 [28789] <ssh2:9>: sending KEXINIT message to client
Sep 18 01:18:12 [28789] <ssh2:3>: sent SSH_MSG_KEXINIT (20) packet
Sep 18 01:19:18 mod_sftp/0.9.7[28789]: disconnecting client (received EOF)
++++++++

Debug Log from WS_FTP

++++++++
{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fnil MS Shell Dlg;}}{\colortbl ;\red0\green0\blue0;\red0\green128\blue0;\red128\green128\blue0;\red255\green0\blue0;\red0\green0\blue128;\red255\green255\blue255;}\viewkind4\uc1\pard\f0\fs17
\cf2 Connecting to 192.168.0.100:2222
\par\cf2 Connected to 192.168.0.100:2222 in 0.015625 seconds, Waiting for Server Response
\par\cf1 SSH-2.0-mod_sftp/0.9.7
\par\cf4 Error result 80042003 reading response line
\par\cf4 Connection closed by remote host.
\par\cf1 Host type (1): AUTO
\par}
+++++++

2) ProFTPD Version 1.3.2a Stable Logs

Trace Log : 

++++++++
Sep 17 18:29:49 mod_sftp/0.9.6[23666]: using '/etc/ssh/ssh_host_rsa_key' as RSA hostkey
Sep 17 18:29:49 mod_sftp/0.9.6[23666]: using '/etc/ssh/ssh_host_dsa_key' as DSA hostkey
Sep 17 18:29:49 [23666] <ssh2:3>: unable to use 'none' cipher: Must be explicitly requested via SFTPCiphers
Sep 17 18:29:49 [23666] <ssh2:3>: unable to use 'none' digest: Must be explicitly requested via SFTPDigests
Sep 17 18:29:49 [23666] <ssh2:9>: sending KEXINIT message to client
Sep 17 18:29:49 [23666] <ssh2:3>: sent SSH_MSG_KEXINIT (20) packet
Sep 17 18:30:55 mod_sftp/0.9.6[23666]: error reading from client rfd 0: No such file or directory
Sep 17 18:30:55 mod_sftp/0.9.6[23666]: disconnecting client (received EOF)
++++++++

Debug Logs from WS_FTP :

++++++++
{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fnil MS Shell Dlg;}}{\colortbl ;\red0\green0\blue0;\red0\green128\blue0;\red128\green128\blue0;\red255\green0\blue0;\red0\green0\blue128;\red255\green255\blue255;}\viewkind4\uc1\pard\f0\fs17
\cf2 Finding Host internal.server.com ...
\par\cf2 Connecting to 192.168.0.200:2222
\par\cf2 Connected to 192.168.0.200:2222 in 0.312502 seconds, Waiting for Server Response
\par\cf1 SSH-2.0-mod_sftp/0.9.6
\par\cf4 Error result 80042003 reading response line
\par\cf4 Connection closed by remote host.
\par\cf1 Host type (1): AUTO
\par}
++++++++

Regards

Offline castaglia

  • Administrator
  • Support Hero
  • *****
  • Posts: 5160
    • View Profile
    • http://www.castaglia.org/
Re: sftp problem with specific FTP client
« Reply #6 on: September 17, 2009, 06:56:57 pm »
Weird; that shows that WS_FTP Pro didn't even make it to the point of requesting the 'sftp' subsystem.  What changed??

Offline suhas!

  • Regular User
  • **
  • Posts: 34
    • View Profile
Re: sftp problem with specific FTP client
« Reply #7 on: September 18, 2009, 06:59:17 am »

can you please try to replicate the error at your end?

Regards

Offline castaglia

  • Administrator
  • Support Hero
  • *****
  • Posts: 5160
    • View Profile
    • http://www.castaglia.org/
Re: sftp problem with specific FTP client
« Reply #8 on: September 18, 2009, 08:30:53 pm »
Unfortunately, I cannot; I do not have any Windows machines available for testing (and WS_FTP Pro is a Windows app, yes?)

Offline suhas!

  • Regular User
  • **
  • Posts: 34
    • View Profile
Re: sftp problem with specific FTP client
« Reply #9 on: September 25, 2009, 07:52:33 am »
so is it a problem with ws_ftp professional client only? nothing can be done with proftpd itself?

Regards

Offline castaglia

  • Administrator
  • Support Hero
  • *****
  • Posts: 5160
    • View Profile
    • http://www.castaglia.org/
Re: sftp problem with specific FTP client
« Reply #10 on: October 02, 2009, 05:49:01 pm »
Well, another issue might be the version of OpenSSL in use.  What does `openssl version -a' show on the machine running proftpd?

Offline suhas!

  • Regular User
  • **
  • Posts: 34
    • View Profile
Re: sftp problem with specific FTP client
« Reply #11 on: October 02, 2009, 06:09:24 pm »
Here is the output --

OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
built on: Tue Dec 16 11:05:20 EST 2008
platform: linux-x86_64
options:  bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,16,int) blowfish(ptr2)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -I/usr/kerberos/include -DL_ENDIAN -DTERMIO -Wall -DMD32_REG_T=int -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -Wa,--noexecstack -DOPENSSL_USE_NEW_FUNCTIONS -fno-strict-aliasing -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM
OPENSSLDIR: "/etc/pki/tls"
engines:  dynamic


Regards

Offline castaglia

  • Administrator
  • Support Hero
  • *****
  • Posts: 5160
    • View Profile
    • http://www.castaglia.org/
Re: sftp problem with specific FTP client
« Reply #12 on: October 02, 2009, 10:07:41 pm »
For testing, what happens if you add the following to your proftpd.conf:

  <IfModule mod_sftp.c>
    ...
    SFTPCiphers blowfish-cbc 3des-cbc
    ...
  </IfModule>

Offline castaglia

  • Administrator
  • Support Hero
  • *****
  • Posts: 5160
    • View Profile
    • http://www.castaglia.org/
Re: sftp problem with specific FTP client
« Reply #13 on: October 03, 2009, 01:54:52 am »
Actually, I have a different config to try.  (Some searching via Google turned up the tidbit that the "Error result 80042003 reading response line" WS_FTP message indicates a timeout; the timestamps in the log excerpts you provided indicate that that client-side timeout is around 60 seconds.)

  <IfModule mod_sftp.c>
    ...
    SFTPCompression none
    ...
  </IfModule>

The Ipswitch forums have indicated that WS_FTP has had issues with its SSH compression in the past; apparently there's a way to uncheck "zlib compression" in the WS_FTP menus.

Offline suhas!

  • Regular User
  • **
  • Posts: 34
    • View Profile
Re: sftp problem with specific FTP client
« Reply #14 on: October 05, 2009, 11:48:55 am »
I tried unchecking "zlib compression" in ws_ftp, with SFTPCompression set to all possible values (on/off/delayed) on server. Still getting same error.

+++++
{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fnil MS Shell Dlg;}}{\colortbl ;\red0\green0\blue0;\red0\green128\blue0;\red128\green128\blue0;\red255\green0\blue0;\red0\green0\blue128;\red255\green255\blue255;}\viewkind4\uc1\pard\f0\fs17
\cf2 Connecting to 192.168.0.100:2222
\par\cf2 Connected to 192.168.0.100:2222 in 0.000000 seconds, Waiting for Server Response
\par\cf1 SSH-2.0-mod_sftp/0.9.7
\par\cf4 Error result 80042003 reading response line
\par\cf4 Connection closed by remote host.
\par\cf1 Host type (1): AUTO
\par}
++++++