Connection closed when trying to connect to sftp server. Match group issue?
Exit status 127 is command not found.
Your sshd_config shows: Subsystem sftp internal- sftp
The line is supposed to be Subsystem sftp internal-sftp (no space between internal and sftp) or else your sshd tries to execute it as an external command and fails.
Related videos on Youtube
11 : 35
07 : 45
07 : 48
02 : 13
58 : 21
01 : 23
03 : 08
Parsijn
Currently I am a novice in programming and have taken my first steps in learning Java. I've finished the Stanford CS106A course and would like to learn more about Python and MySql. Hopefully one day I will be able to develop my skills further in a software company. I'm very interested in making processes run smoother with the help of computers.
Updated on September 18, 2022Comments
-
Parsijn over 1 year
I'm trying to connect to an Ubuntu server 14.04 LTS with the following command:
sftp -P xx user@host(the ssh-server is configured to listen to a different port). The user I'm trying to login with, is the main user account on the server (the one I gave up during the installation of the server). Everytime I try to connect to the server usingsftpI get the messageConnection closed.I'm pretty sure it has got something to do with some additions I made in
sshd_config, but I don't see where it is going wrong. Here's the wholesshd_config:# Package generated configuration file # See the sshd_config(5) manpage for details # What ports, IPs and protocols we listen for Port 2222 # Use these options to restrict which interfaces/protocols sshd will bind to #ListenAddress :: #ListenAddress 0.0.0.0 Protocol 2 # HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key HostKey /etc/ssh/ssh_host_ecdsa_key HostKey /etc/ssh/ssh_host_ed25519_key #Privilege Separation is turned on for security UsePrivilegeSeparation yes # Lifetime and size of ephemeral version 1 server key KeyRegenerationInterval 3600 ServerKeyBits 1024 # Logging SyslogFacility AUTH LogLevel INFO # Authentication: LoginGraceTime 120 PermitRootLogin without-password StrictModes yes RSAAuthentication yes PubkeyAuthentication yes #AuthorizedKeysFile %h/.ssh/authorized_keys # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes # To enable empty passwords, change to yes (NOT RECOMMENDED) PermitEmptyPasswords no # Change to yes to enable challenge-response passwords (beware issues with # some PAM modules and threads) ChallengeResponseAuthentication no # Change to no to disable tunnelled clear text passwords PasswordAuthentication no # Kerberos options #KerberosAuthentication no #KerberosGetAFSToken no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes X11Forwarding yes X11DisplayOffset 10 PrintMotd no PrintLastLog yes TCPKeepAlive yes #UseLogin no #MaxStartups 10:30:60 #Banner /etc/issue.net # Allow client to pass locale environment variables AcceptEnv LANG LC_* Subsystem sftp internal- sftp # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass # the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. UsePAM yes Match Group sftpusers ChrootDirectory /var/www/Vassens # XllForwarding no AllowTcpForwarding no ForceCommand internal-sftpThe main user account I'm trying to login with is not a member of the 'sftpusers' group. I've been able to login as another user who is a member of 'sftpusers'.
This is what happens after a successful authentication when I'm trying to connect:
debug1: channel 0: new [client-session] debug1: Requesting [email protected] debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LC_PAPER = nl_NL.UTF-8 debug1: Sending env LC_ADDRESS = nl_NL.UTF-8 debug1: Sending env LC_MONETARY = nl_NL.UTF-8 debug1: Sending env LC_NUMERIC = nl_NL.UTF-8 debug1: Sending env LC_TELEPHONE = nl_NL.UTF-8 debug1: Sending env LC_IDENTIFICATION = nl_NL.UTF-8 debug1: Sending env LANG = en_US.UTF-8 debug1: Sending env LC_MEASUREMENT = nl_NL.UTF-8 debug1: Sending env LC_TIME = nl_NL.UTF-8 debug1: Sending env LC_NAME = nl_NL.UTF-8 debug1: Sending subsystem: sftp debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 debug1: client_input_channel_req: channel 0 rtype [email protected] reply 0 debug1: channel 0: free: client-session, nchannels 1 debug1: fd 0 clearing O_NONBLOCK Transferred: sent 4672, received 2772 bytes, in 0.6 seconds Bytes per second: sent 7385.2, received 4381.8 debug1: Exit status 127 Connection closedIdeally I could login with
sftpwith the main user account, so I could transfer files from my laptop to my server to whatever directory I wish and at the same time keep the 'sftpusers' group who are only able to login to/var/www/.Does anyone know how I could do this? I appreciate your help very much! Btw, I am able to login to the server into the main user account using
ssh.-
muru almost 9 yearsOk, the server configuration seems fine. Try using verbose mode:sftp -v user@host -P ...(add morevs to get more detailed output). -
Parsijn almost 9 yearsI've added some of the results of verbose mode into the original question. And I'm looking into the
Exit status 127at the moment, but haven't found anything yet...
-
-
Parsijn over 7 yearsI totally forgot about his problem, but props for finding the solution. Thanks!