5

I am trying to connect to our remote server using winSCP. It was working before. But from today I am not able to connect to the server using SFTP. If I changed the protocol to SCP, then I am able to connect. Also I am able to connect using putty.

Following is the winSCP log. (removed host details)

. 2011-11-07 20:18:54.593 Using SFTP protocol.
. 2011-11-07 20:18:54.593 Doing startup conversation with host.
> 2011-11-07 20:18:54.593 Type: SSH_FXP_INIT, Size: 5, Number: -1
. 2011-11-07 20:18:54.593 Server sent command exit status 127
. 2011-11-07 20:18:54.593 Disconnected: All channels closed
* 2011-11-07 20:18:54.624 (ESshFatal) Connection has been unexpectedly closed. Server sent command exit status 127.
* 2011-11-07 20:18:54.624 Cannot initialize SFTP protocol. Is the host running a SFTP server?
. 2011-11-07 20:31:40.036 Looking up host <<host name>>
. 2011-11-07 20:31:40.052 Connecting to <<ip>> port 22
. 2011-11-07 20:31:40.630 Server version: SSH-2.0-OpenSSH_5.8
. 2011-11-07 20:31:40.630 We claim version: SSH-2.0-WinSCP_release_4.1.6
. 2011-11-07 20:31:40.630 SSPI: acquired credentials for: <<username>>
. 2011-11-07 20:31:40.630 Constructed service principal name 'host/<<hostname>>'
. 2011-11-07 20:31:40.802 GSSKEX disabled: The specified target is unknown or unreachable

. 2011-11-07 20:31:40.802 Using SSH protocol version 2
. 2011-11-07 20:31:40.927 Doing Diffie-Hellman group exchange
. 2011-11-07 20:31:41.224 Doing Diffie-Hellman key exchange with hash SHA-1
. 2011-11-07 20:31:41.787 Host key fingerprint is:
. 2011-11-07 20:31:41.787 ssh-rsa 2048 b9:2a:b8:56:a0:72:ff:10:11:d2:3e:55:95:5f:54:e2
. 2011-11-07 20:31:41.787 Initialised AES-256 SDCTR client->server encryption
. 2011-11-07 20:31:41.787 Initialised HMAC-SHA1 client->server MAC algorithm
. 2011-11-07 20:31:41.787 Initialised AES-256 SDCTR server->client encryption
. 2011-11-07 20:31:41.787 Initialised HMAC-SHA1 server->client MAC algorithm
! 2011-11-07 20:31:42.068 Using username <<username>>.
. 2011-11-07 20:31:42.677 Keyboard-interactive authentication refused
. 2011-11-07 20:31:42.677 Prompt (6, SSH password, , &Password: )
. 2011-11-07 20:31:46.568 Sent password
. 2011-11-07 20:31:46.865 Access granted
. 2011-11-07 20:31:47.162 Opened channel for session
. 2011-11-07 20:31:47.475 Started a shell/command
. 2011-11-07 20:31:47.475 Doing startup conversation with host.
> 2011-11-07 20:31:47.475 Type: SSH_FXP_INIT, Size: 5, Number: -1
. 2011-11-07 20:31:47.475 Server sent command exit status 127
. 2011-11-07 20:31:47.475 Disconnected: All channels closed
* 2011-11-07 20:31:47.506 (ESshFatal) Connection has been unexpectedly closed. Server sent command exit status 127.
* 2011-11-07 20:31:47.506 Cannot initialize SFTP protocol. Is the host running a SFTP server?

Recent happenings.

For some reason our site was not accessible yesterday. We informed our host and they rebooted the server. This problem is happening only after that.

I have issued "locate sftp-server", it returns two locations.

/usr/libexec/openssh/sftp-server /usr/local/libexec/sftp-server

It looks like the second folder (/usr/local/libexec/sftp-server) is created/updated the day before yesterday. Also sshd-config file got updated on the same day. From the rpmpkgs logs, it looks like vsftpd also updated on the same date.

I suspected some auto update had happened. I checked the yum-updatesd.conf, but auto updates disabled there.

How to make sftp-server work again? In sshd-config the Subsystem is pointing to /usr/libexec/openssh/sftp-server. Should I change that to /usr/local/libexec/sftp-server?

Can I restart sshd from putty? I don't want to screw up the ssh connection also. I would like to solve this without rebooting the system again.

Please let me know if you want any more info. Thanks in advance

Rilindo
  • 5,058
  • 5
  • 26
  • 46
Steve
  • 73
  • 1
  • 1
  • 3

4 Answers4

2

You can safely restart an ssh server whilst connected to it. It specifically keeps your connection open to help avoid locking you out. But you should always open a second connection and check that you can initialise a new connection before closing the first one!

It sounds to me like that's one of two problems:

  1. sftp-server falling over for some reason (missing libraries, segfault, etc).

  2. The server is running a non-openssh sftp-server instead of the openssh version. This always causes problems.

As a quick test, see if you can run the sftp-server binary by hand without it crashing. It should just sit there waiting for input (kill it with ctrl-c). If it complains about missing libraries or it segfaults you'll know what the problem is.

SystemParadox
  • 827
  • 9
  • 14
  • Thanks for the assurance about starting ssh. I changed the Subsystem entry to point to /usr/local/libexec/sftp-server and restarted ssh. Now SFTP works. But still don't know why this happened. – Steve Nov 08 '11 at 09:55
  • ``service ssh restart`` work for me. – Kishan Patel Jan 30 '18 at 18:18
1

I had a similar problem. If the sshd_config file permissions change then this is likely the problem. It should be 644.

see http://www-01.ibm.com/support/docview.wss?uid=isg3T1012888

yesuf
  • 11
  • 1
  • Just a quick note: I can remember one RPM update that phased off `Subsystem sftp /usr/sbin/sftp-server` from my config. And the outcome was just the same. – kworr Oct 01 '13 at 13:58
0

Check the rights on the two sftp-servers. Make sure the execute permssion exits for all owner, group and other. I've seen updates clobber permissions.

Jeffery Smith
  • 374
  • 1
  • 5
0

I had same problem. I finally found that I forgot to trust IP of remote ssh server on firewall settings (for allowing to connect using ssh port 22)

Mojtaba Rezaeian
  • 311
  • 3
  • 12