SSH login works but SFTP login doesn't
Solution 1
After looking over your iptables -L. I think you have a firewall issue on the server side. the
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate ESTABLISHED
The ESTABLISHED usually means for connections that are active or already established.
Add this line in your iptables
sudo iptables -A INPUT -p tcp --dport ssh -j ACCEPT
For easy guide to iptables I like this HOW TO and here is an explanation
or you can try a
sudo sh -c "iptables-save > /etc/iptables.rules"
sudo iptables -F
test your connection then you can restore your rules with
iptables-restore < /etc/iptables.rules
Solution 2
This can be caused by echo or other commands that write to the console during logon. For example I was trying to set environment variables for a complex build process, and had added echos into all my .profile files, including into .bashrc
All the sftp clients I tried: filezilla, Beyond Compare suddenly stopped working, but did not give helpful error messages. Beyond Compare said:
Connection failed: Failed to establish SFTP connection (error code is 103)
Failed to establish SFTP connection (error code is 103)
Finally corporate IT asked me to try WinSCP which gave a useful error message:
Received too large (1701737573 B) SFTP packet. Max supported packet size is 1024000 B.
The error is typically caused by message printed from startup script (like .profile).
The message may start with "ente".
Cannot initialize SFTP protocol.
Is the host running a SFTP server?
This gave me the clue I needed and after removing the line
echo 'entering .bashrc'
from my .bashrc
sftp worked fine again
The answer to a similar question also mentions this and how you can check the output from your startup scripts
Related videos on Youtube
qreon
François / deqyra Software engineer, 25, UTBM graduate (Belfort, France). I'm most proficient with C++, and I know my way around C# and Python. My main interests revolve around 3D graphics, cryptography and compilers. I sometimes make music and like to play video games.
Updated on September 18, 2022Comments
-
qreon over 1 year
I already saw this thread, but it didn't answer my question because it has been left for dead.
As the title says, when I log into my VPS with putty, everything works fine. But when connecting with FileZilla through SFTP, I always get an error :
Authentication failed, cannot establish connection to the server
(roughly translated).
I am using the right settings in FileZilla because I only got this error 3 days ago and it used to work fine before : SFTP through port 22.Here is an
iptables -L
:
(TL;DR : accept everything in and out on ports 20, 21 and 22, and passive inbound connections on ports 1024+)Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:ftp ctstate ESTABLISHED /* Allow ftp connections on port 21 */ ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data ctstate RELATED,ESTABLISHED /* Allow ftp connections on port 20 */ ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpts:1024:65535 ctstate ESTABLISHED /* Allow passive inbound connections */ ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate ESTABLISHED /* Allow ftp connections on port 22 */ Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:ftp ctstate NEW,ESTABLISHED /* Allow ftp connections on port 21 */ ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data ctstate ESTABLISHED /* Allow ftp connections on port 20 */ ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpts:1024:65535 ctstate RELATED,ESTABLISHED /* Allow passive inbound connections */ ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate ESTABLISHED /* Allow ftp connections on port 22 */
I did set this manually in case that was the source of my problems, but nothing changed.
I also set
PasswordAuthentication yes
andLogLevel DEBUG
as the previous thread suggested as well, but nothing changed neither after restarting sshd.
Here is what I get in/var/log/auth.log
when I try to connect with FileZilla : literally nothing related to SFTP login.
It only contains stuff about me doingsudo
s to access the file.I don't know whether it comes from FileZilla because
auth.log
shows nothing related to SFTP connection, or it comes from sshd configuration just ignoring SFTP requests.
I can't seem to find anything to help me, do you have any suggestions ?Thank you for your time reading this.
-
Halfgaar over 9 yearsDo you get the error instantly, or after a while? This will tell you if the connection receives some response that it can't handle or whether it times out.
-
qreon over 9 yearsHere is what I get in the FileZilla "log" window :
Command : open "[email protected]" 22
, 1s delay,Command : Pass: ******
, 1s delay,Error: authentication failed, cannot establish connection to the server
. Considering the only 1s delay, I'd go for the not handled response option. What could cause this ? -
Zoredache over 9 yearsI would be tempted to fire up tcpdump on the VPS and see if you can actually see the incoming sftp connection. Something like
tcpdump -qni any port 22
. Though you might have to add more filtering to exclude any active SSH connections. -
qreon over 9 yearsI ran this :
tcpdump -qni any port sftp or ftp-data
and tried to connect with FileZilla but nothing came out :0 packets captured, 0 packets received by filter, 0 packets dropped by kernel
. Is this even the right command ? -
Amin Hossain over 9 yearsTry using the PSFTP client. It's in the same package that PuTTY comes in (you can download it from the same page). It should work right out of the box, so you'll know if you have some misconfiguration with FileZilla, or if it's something server-side.
-
-
qreon over 9 yearsThanks alot for your detailed answer. I tried the command you gave, both with
--dport ssh
and--dport sftp
, andINPUT
andOUTPUT
, but it still doesn't work (I restarted sshd and rebooted the whole server). Besides that, thank you for the links, they may come useful because until then I could only partially understand what I did with iptables. -
qreon over 9 yearsOh, actually I mispelt your command and didn't see it at first. After retyping it, it is back working with FileZilla. Thanks again mate !
-
grag42 over 9 yearsNO problem. Glad I could help
-
roaima over 8 yearsYou could also have amended your
.bashrc
thus:test -t 1 && echo 'Entering .bashrc'
-
thoku about 4 yearsI stumbled into same thing, getting "(error code is 103)" after adding an echo to .bashrc. Why the heck this hinders SFTP (Password authorization successful, but then ...103)?
-
Matthew Goulart over 3 yearsThis has to be some kind of personal record for finding an extremely obscure solution in less than 30 seconds. Thanks man.