[eside-ghost] El sftp no me tira, el ssh si :S

Ender eduvedder en terra.es
Vie Ene 23 17:22:28 CET 2004 

Hola Malk!

Olvida lo que he dicho antes del usuario ftp!!!
Eso seria por si intentas tunelizar ftp sobre ssh, en cuyo caso tambien 
tendrias que permitir en el ftpaccess la ip 127.0.0.1

Un saludo,
  Ender

Malkavian (MHVSS) :[ wrote:
> Wenas, si activo el servidor de ssh puedo conectarme normalmente pero si 
> intento conectarme por sftp, tras autentificarme da un error y se cierra 
> la conexión. Y no, no encuentro nada en los logs... A ver si alguien me 
> puede echar una manita...
> 
> Esto es lo que ocurre (he ocultado la IP :D):
> 
> 	Normal:
> 	
> 
> root en beavis:/home/malkavian# sftp malkavian en WWW.XXX.YYY.ZZZ
> Connecting to WWW.XXX.YYY.ZZZ...
> malkavian en WWW.XXX.YYY.ZZZ's password: 
> Received message too long 1092643937
> 
> 
> ************************************************************************
> 
> 	Con -v para que mueste más info (como se el numerito ese 
> 	cambia):
> 
> 
> root en beavis:/home/malkavian# sftp -v malkavian en WWW.XXX.YYY.ZZZ
> Connecting to WWW.XXX.YYY.ZZZ...
> OpenSSH_3.6.1p2 Debian 1:3.6.1p2-10, SSH protocols 1.5/2.0, OpenSSL 
> 0x0090703f
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Rhosts Authentication disabled, originating port will not be 
> trusted.
> debug1: Connecting to WWW.XXX.YYY.ZZZ [WWW.XXX.YYY.ZZZ] port 22.
> debug1: Connection established.
> debug1: identity file /root/.ssh/id_rsa type -1
> debug1: identity file /root/.ssh/id_dsa type 2
> debug1: Remote protocol version 2.0, remote software version 
> OpenSSH_3.6.1p2 Deb
> ian 1:3.6.1p2-10
> debug1: match: OpenSSH_3.6.1p2 Debian 1:3.6.1p2-10 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2 Debian 1:3.6.1p2-10
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug1: Host 'WWW.XXX.YYY.ZZZ' is known and matches the RSA host key.
> debug1: Found key in /root/.ssh/known_hosts:2
> debug1: ssh_rsa_verify: signature correct
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue: 
> publickey,password,keyboard-interacti
> ve
> debug1: Next authentication method: publickey
> debug1: Trying private key: /root/.ssh/id_rsa
> debug1: Offering public key: /root/.ssh/id_dsa
> debug1: Authentications that can continue: 
> publickey,password,keyboard-interacti
> ve
> debug1: Next authentication method: keyboard-interactive
> debug1: Authentications that can continue: 
> publickey,password,keyboard-interacti
> ve
> debug1: Next authentication method: password
> malkavian en WWW.XXX.YYY.ZZZ's password: 
> debug1: Authentication succeeded (password).
> debug1: fd 4 setting O_NONBLOCK
> debug1: channel 0: new [client-session]
> debug1: Entering interactive session.
> debug1: Sending subsystem: sftp
> debug1: channel 0: request subsystem
> debug1: channel 0: open confirm rwindow 0 rmax 32768
> Received message too long 1164714083
> debug1: channel 0: read<=0 rfd 4 len -1
> debug1: channel 0: read failed
> debug1: channel 0: close_read
> debug1: channel 0: input open -> drain
> debug1: channel 0: ibuf empty
> debug1: channel 0: send eof
> debug1: channel 0: input drain -> closed
> root en beavis:/home/malkavian# debug1: client_input_channel_req: channel 0 
> rtype exit-status reply 0
> debug1: channel 0: rcvd eof
> debug1: channel 0: output open -> drain
> debug1: channel 0: obuf empty
> debug1: channel 0: close_write
> debug1: channel 0: output drain -> closed
> debug1: channel 0: rcvd close
> debug1: channel 0: almost dead
> debug1: channel 0: gc: notify user
> debug1: channel 0: gc: user detached
> debug1: channel 0: send close
> debug1: channel 0: is dead
> debug1: channel 0: garbage collecting
> debug1: channel_free: channel 0: client-session, nchannels 1
> debug1: fd 0 clearing O_NONBLOCK
> debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 1.3 seconds
> debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
> debug1: Exit status 0
> 
> ***************************************************************************
> 
> 
> 
> Mi configuración de ssh (acabo de mirar el manual que escribió split 
> para la web del ghost por si veía ahí algo que yo tuviera mal):
> 
> 
> 
> # Package generated configuration file
> # See the sshd(8) manpage for defails
> 
> # What ports, IPs and protocols we listen for
> Port 22
> # Use these options to restrict which interfaces/protocols sshd will bind to
> #ListenAddress ::
> #ListenAddress 0.0.0.0
> Protocol 2
> # HostKeys for protocol version 2
> HostKey /etc/ssh/ssh_host_rsa_key
> HostKey /etc/ssh/ssh_host_dsa_key
> #Privilege Separation is turned on for security
> #UsePrivilegeSeparation yes
> 
> # ...but breaks Pam auth via kbdint, so we have to turn it off
> # Use PAM authentication via keyboard-interactive so PAM modules can
> # properly interface with the user (off due to PrivSep)
> PAMAuthenticationViaKbdInt yes
> # Lifetime and size of ephemeral version 1 server key
> KeyRegenerationInterval 3600
> ServerKeyBits 768
> 
> # Logging
> SyslogFacility AUTH
> LogLevel INFO
> 
> # Authentication:
> LoginGraceTime 600
> PermitRootLogin no
> StrictModes yes
> 
> RSAAuthentication yes
> PubkeyAuthentication yes
> #AuthorizedKeysFile	%h/.ssh/authorized_keys
> 
> # rhosts authentication should not be used
> RhostsAuthentication no
> # Don't read the user's ~/.rhosts and ~/.shosts files
> IgnoreRhosts yes
> # For this to work you will also need host keys in /etc/ssh_known_hosts
> RhostsRSAAuthentication no
> # similar for protocol version 2
> HostbasedAuthentication no
> # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
> #IgnoreUserKnownHosts yes
> 
> # To enable empty passwords, change to yes (NOT RECOMMENDED)
> PermitEmptyPasswords no
> 
> # Uncomment to disable s/key passwords 
> #ChallengeResponseAuthentication no
> 
> # To disable tunneled clear text passwords, change to no here!
> PasswordAuthentication yes
> 
> 
> # To change Kerberos options
> #KerberosAuthentication no
> #KerberosOrLocalPasswd yes
> #AFSTokenPassing no
> #KerberosTicketCleanup no
> 
> # Kerberos TGT Passing does only work with the AFS kaserver
> #KerberosTgtPassing yes
> 
> X11Forwarding no
> X11DisplayOffset 10
> PrintMotd no
> #PrintLastLog no
> KeepAlive yes
> #UseLogin no
> 
> #MaxStartups 10:30:60
> #Banner /etc/issue.net
> #ReverseMappingCheck yes
> 
> # Servidor ftp por ssh
> Subsystem	sftp	/usr/lib/sftp-server
> 
> 
> 
>