[BlueOnyx:24580] Re: Issues with jailed sftp on 5210R

David Hahn blueonyx at sb9.com
Wed Dec 9 15:12:12 -05 2020 

  It seems to work inside the network but using WinSCP it does not.

Does something need to be changed in the remote client that customers use?

[root at ds1 ~]# sftp -v user at user.com
OpenSSH_8.0p1, OpenSSL 1.1.1g FIPS  21 Apr 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug1: Reading configuration data 
/etc/crypto-policies/back-ends/openssh.config
debug1: configuration requests final Match pass
debug1: re-parsing configuration
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug1: Reading configuration data 
/etc/crypto-policies/back-ends/openssh.config
debug1: Connecting to user.com [208.67.252.148] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.0
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.0
debug1: match: OpenSSH_8.0 pat OpenSSH* compat 0x04000000
debug1: Authenticating to user.com:22 as 'horseshow1'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: aes256-gcm at openssh.com MAC: 
<implicit> compression: none
debug1: kex: client->server cipher: aes256-gcm at openssh.com MAC: 
<implicit> compression: none
debug1: kex: curve25519-sha256 need=32 dh_need=32
debug1: kex: curve25519-sha256 need=32 dh_need=32
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 
SHA256:d5qa+yJQ1F/4sGZeqtVPaWdhUooc2nfp2akvON6FYu8
The authenticity of host 'user.com (208.67.252.148)' can't be established.
ECDSA key fingerprint is SHA256:d5qa+yJQ1F/4sGZeqtVPaWdhUooc2nfp2akvON6FYu8.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'user.com,208.67.252.148' (ECDSA) to the list 
of known hosts.
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: /root/.ssh/id_rsa
debug1: Will attempt key: /root/.ssh/id_dsa
debug1: Will attempt key: /root/.ssh/id_ecdsa
debug1: Will attempt key: /root/.ssh/id_ed25519
debug1: Will attempt key: /root/.ssh/id_xmss
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: 
server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: 
publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:0)


debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:0)


debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: Trying private key: /root/.ssh/id_ed25519
debug1: Trying private key: /root/.ssh/id_xmss
debug1: Next authentication method: password
user at user.com's password:
debug1: Authentication succeeded (password).
Authenticated to user.com ([208.67.252.148]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions at openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype hostkeys-00 at openssh.com 
want_reply 0
debug1: Sending environment.
debug1: Sending subsystem: sftp
Received message too long 173238373
Ensure the remote shell produces no output for non-interactive sessions.
[root at ds1 ~]# debug1: client_input_channel_req: channel 0 rtype 
exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow at openssh.com reply 0
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
Transferred: sent 1904, received 2468 bytes, in 0.5 seconds
Bytes per second: sent 3690.4, received 4783.5
debug1: Exit status 0

On 12/9/2020 1:25 PM, Michael Stauber wrote:
> sftptest_user at 5210r1.smd.net

-- 
Thank you
David Hahn
----

More information about the Blueonyx mailing list