ssh2_sftp failing - Page 2
Page 2 of 2 FirstFirst 12
Results 16 to 23 of 23

Thread: ssh2_sftp failing

  1. #16
    High Energy Magic Dept. NogDog's Avatar
    Join Date
    Aug 2006
    Location
    Ankh-Morpork
    Posts
    13,949
    "Verbose" may be an understatement, but hopefully useful?
    Code:
    $ sftp -vvv nogdog@foo.bar.com:1022
    Connecting to foo.bar.com...
    OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug2: ssh_connect: needpriv 0
    debug1: Connecting to foo.bar.com [208.21.37.8] port 22.
    debug1: Connection established.
    debug3: Not a RSA1 key file /home/fubar/.ssh/id_rsa.
    debug2: key_type_from_name: unknown key type '-----BEGIN'
    debug3: key_read: missing keytype
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug2: key_type_from_name: unknown key type '-----END'
    debug3: key_read: missing keytype
    debug1: identity file /home/fubar/.ssh/id_rsa type 1
    debug1: identity file /home/fubar/.ssh/id_dsa type -1
    debug1: Remote protocol version 2.0, remote software version 3.2.3 F-Secure SSH Windows NT Server
    debug1: no match: 3.2.3 F-Secure SSH Windows NT Server
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_5.3
    debug2: fd 3 setting O_NONBLOCK
    debug1: SSH2_MSG_KEXINIT sent
    debug3: Wrote 792 bytes for a total of 813
    debug3: Received SSH2_MSG_IGNORE
    debug1: SSH2_MSG_KEXINIT received
    debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
    debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: kex_parse_kexinit: diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa
    debug2: kex_parse_kexinit: aes128-cbc
    debug2: kex_parse_kexinit: aes128-cbc
    debug2: kex_parse_kexinit: hmac-sha1,hmac-md5
    debug2: kex_parse_kexinit: hmac-sha1,hmac-md5
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: mac_setup: found hmac-md5
    debug1: kex: server->client aes128-cbc hmac-md5 none
    debug2: mac_setup: found hmac-md5
    debug1: kex: client->server aes128-cbc hmac-md5 none
    debug2: dh_gen_key: priv key bits set: 131/256
    debug2: bits set: 521/1024
    debug1: sending SSH2_MSG_KEXDH_INIT
    debug1: expecting SSH2_MSG_KEXDH_REPLY
    debug3: Wrote 144 bytes for a total of 957
    debug3: Received SSH2_MSG_IGNORE
    debug3: check_host_in_hostfile: filename /home/fubar/.ssh/known_hosts
    debug3: check_host_in_hostfile: match line 8
    debug3: check_host_in_hostfile: filename /home/fubar/.ssh/known_hosts
    debug3: check_host_in_hostfile: match line 9
    debug1: Host 'foo.bar.com' is known and matches the RSA host key.
    debug1: Found key in /home/fubar/.ssh/known_hosts:8
    debug2: bits set: 506/1024
    debug1: ssh_rsa_verify: signature correct
    debug2: kex_derive_keys
    debug2: set_newkeys: mode 1
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug3: Wrote 16 bytes for a total of 973
    debug3: Received SSH2_MSG_IGNORE
    debug2: set_newkeys: mode 0
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug3: Wrote 48 bytes for a total of 1021
    debug3: Received SSH2_MSG_IGNORE
    debug2: service_accept: ssh-userauth
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug2: key: /home/fubar/.ssh/id_rsa (0x7fde5e390fb0)
    debug2: key: /home/fubar/.ssh/id_dsa ((nil))
    debug3: Wrote 64 bytes for a total of 1085
    debug3: Received SSH2_MSG_IGNORE
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug3: start over, passed a different list publickey,password,keyboard-interactive
    debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
    debug3: authmethod_lookup publickey
    debug3: remaining preferred: keyboard-interactive,password
    debug3: authmethod_is_enabled publickey
    debug1: Next authentication method: publickey
    debug1: Offering public key: /home/fubar/.ssh/id_rsa
    debug3: send_pubkey_test
    debug2: we sent a publickey packet, wait for reply
    debug3: Wrote 368 bytes for a total of 1453
    debug3: Received SSH2_MSG_IGNORE
    debug1: Authentications that can continue: password,keyboard-interactive
    debug3: start over, passed a different list password,keyboard-interactive
    debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
    debug3: authmethod_lookup keyboard-interactive
    debug3: remaining preferred: password
    debug3: authmethod_is_enabled keyboard-interactive
    debug1: Next authentication method: keyboard-interactive
    debug2: userauth_kbdint
    debug2: we sent a keyboard-interactive packet, wait for reply
    debug3: Wrote 96 bytes for a total of 1549
    debug3: Received SSH2_MSG_IGNORE
    debug1: Authentications that can continue: password,keyboard-interactive
    debug3: userauth_kbdint: disable: no info_req_seen
    debug2: we did not send a packet, disable method
    debug3: authmethod_lookup password
    debug3: remaining preferred:
    debug3: authmethod_is_enabled password
    debug1: Next authentication method: password
    nogdog@foo.bar.com's password:
    debug3: packet_send2: adding 64 (len 58 padlen 6 extra_pad 64)
    debug2: we sent a password packet, wait for reply
    debug3: Wrote 144 bytes for a total of 1693
    debug3: Received SSH2_MSG_IGNORE
    debug1: Authentications that can continue: password,keyboard-interactive
    Permission denied, please try again.
    nogdog@foo.bar.com's password:
    ^C
    $
    Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be." ~ from Nation, by Terry Pratchett

    "But the main reason that any programmer learning any new language thinks the new language is SO much better than the old one is because hes a better programmer now!" ~ http://www.oreillynet.com/ruby/blog/...ck_to_p_1.html


    eBookworm.us

  2. #17
    High Energy Magic Dept. NogDog's Avatar
    Join Date
    Aug 2006
    Location
    Ankh-Morpork
    Posts
    13,949
    And thanks so much for looking at this stuff!
    Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be." ~ from Nation, by Terry Pratchett

    "But the main reason that any programmer learning any new language thinks the new language is SO much better than the old one is because hes a better programmer now!" ~ http://www.oreillynet.com/ruby/blog/...ck_to_p_1.html


    eBookworm.us

  3. #18
    Settled 4 red convertible dalecosp's Avatar
    Join Date
    Jul 2002
    Location
    Accelerating Windows at 9.81 m/s....
    Posts
    7,715
    Not a big problem; everyone's in Vegas at a trade show except me, the part-time stats guy an an editorial assistant ;-)

    What does this command yield?
    Code:
    file /home/fubar/.ssh/id_rsa
    It should say something like:
    Code:
    file id_rsa
    id_rsa: PEM RSA private key
    And "file /home/fubar/.ssh/id_rsa.pub" should say:
    Code:
    id_rsa.pub: OpenSSH RSA public key
    Given that this has only recently started failing (see the OP ... which I've apparently forgotten about, (Sorry!)) ... I'm guessing we're looking for changes on the server. What have they upgraded there recently? Do you have an old copy of /etc/ssh/sshd_config you can compare with the current version? (Or is this not a box you "own" to that degree?)
    /!!\ mysql_ is deprecated --- don't use it! Tell your hosting company you will switch if they don't upgrade! /!!!\ ereg() is deprecated --- don't use it!

    dalecosp "God doesn't play dice." --- Einstein "Perl is hardly a paragon of beautiful syntax." --- Weedpacket

    Getting Help at All --- Collected Solutions to Common Problems --- Debugging 101 --- Unanswered Posts --- OMBE: Office Machines, Business Equipment

  4. #19
    High Energy Magic Dept. NogDog's Avatar
    Join Date
    Aug 2006
    Location
    Ankh-Morpork
    Posts
    13,949
    Code:
    $ file /home/fubar/.ssh/id_rsa
    /home/fubar/.ssh/id_rsa: ASCII text
    Code:
    $ file /home/fubar/.ssh/id_rsa.pub
    /home/fubar/.ssh/id_rsa.pub: ASCII text, with very long lines
    If I actually cat those two files, the first looks like:
    Code:
    -----BEGIN RSA PRIVATE KEY-----
    <a couple dozen lines of base-64 text>
    -----END RSA PRIVATE KEY-----
    And the second one:
    Code:
    ssh-rsa AAAAB3N<...a bunch more base-64 stuff...>fcZGUIMiQ== fubar@hostname_i_am_on.domain.com
    Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be." ~ from Nation, by Terry Pratchett

    "But the main reason that any programmer learning any new language thinks the new language is SO much better than the old one is because hes a better programmer now!" ~ http://www.oreillynet.com/ruby/blog/...ck_to_p_1.html


    eBookworm.us

  5. #20
    Settled 4 red convertible dalecosp's Avatar
    Join Date
    Jul 2002
    Location
    Accelerating Windows at 9.81 m/s....
    Posts
    7,715
    Well, shucks. Linux's file(1) is a tad dumber than BSD's. apparently. From what you quote, the keys *look* right. That doesn't explain this to me:
    key_type_from_name: unknown key type '-----END'
    debug3: key_read: missing keytype
    What about the server config? Do you control that?
    /!!\ mysql_ is deprecated --- don't use it! Tell your hosting company you will switch if they don't upgrade! /!!!\ ereg() is deprecated --- don't use it!

    dalecosp "God doesn't play dice." --- Einstein "Perl is hardly a paragon of beautiful syntax." --- Weedpacket

    Getting Help at All --- Collected Solutions to Common Problems --- Debugging 101 --- Unanswered Posts --- OMBE: Office Machines, Business Equipment

  6. #21
    Senior Member
    Join Date
    Apr 2003
    Location
    Silver Lake
    Posts
    4,886
    those id_rsa and id_dsa files are your private keys. I've no idea if you ever use them but it would appear that ssh/sftp is trying to use them when you connect and they are failing so it sounds like they are not useful for connecting to the remote server of interest. They MIGHT solve your problem if you were to take one of the corresponding PUBLIC keys and put it in the right location on the server to which you are attempting to connect.

    From the verbose output, it looks to me like the ssh connection is first attempted using your private key(s) and, when that fails, it proceeds to prompt for a password. When you enter the password, it doesn't work.

    To summarize:
    * doesn't look like a firewall problem as you are able to connect to a server which denies entry
    * are you sure it's the RIGHT computer? I.e., are you sure there are no DNS or network issues which might have you attempting a connection on the wrong machine?
    * if you are connecting to the right machine and it refuses your connection attempt, it looks to me like it's because the password is failing or you are using the wrong user id or perhaps your *nix user on the target machine doesn't permit login sessions?
    IMPORTANT: STOP using the mysql extension. Use mysqli or pdo instead.
    World War One happened 100 years ago. Visit Old Grey Horror for the agony and irony.

  7. #22
    Senior Member
    Join Date
    Apr 2003
    Location
    Silver Lake
    Posts
    4,886
    What is this bit about windows?
    Code:
    debug1: Remote protocol version 2.0, remote software version 3.2.3 F-Secure SSH Windows NT Server
    debug1: no match: 3.2.3 F-Secure SSH Windows NT Server
    IMPORTANT: STOP using the mysql extension. Use mysqli or pdo instead.
    World War One happened 100 years ago. Visit Old Grey Horror for the agony and irony.

  8. #23
    High Energy Magic Dept. NogDog's Avatar
    Join Date
    Aug 2006
    Location
    Ankh-Morpork
    Posts
    13,949
    Quote Originally Posted by sneakyimp View Post
    What is this bit about windows?
    Code:
    debug1: Remote protocol version 2.0, remote software version 3.2.3 F-Secure SSH Windows NT Server
    debug1: no match: 3.2.3 F-Secure SSH Windows NT Server
    That may well be the target server? I'm 99.9999999% sure we don't run Window NT Server on anything in our shop or the server farm we use (should all be Centos VMs/servers).

    Guess I'll have to grab our network guy and convince him to help me (super smart/good at what he does, but snarky ). I was hoping it would just be a case of "Hey, NogDog, you just need to ... "
    Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be." ~ from Nation, by Terry Pratchett

    "But the main reason that any programmer learning any new language thinks the new language is SO much better than the old one is because hes a better programmer now!" ~ http://www.oreillynet.com/ruby/blog/...ck_to_p_1.html


    eBookworm.us

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •