PDA

View Full Version : SSH Failed to open a secure file transfer session



hoiyi88
04-Dec-2011, 14:56
open tcp and udp 22 port.
use ssh client to download file got this error.
How can fix it?
Thanks.


--
hoiyi88
------------------------------------------------------------------------
hoiyi88's Profile: http://forums.novell.com/member.php?userid=107113
View this thread: http://forums.novell.com/showthread.php?t=449083

malcolmlewis
04-Dec-2011, 15:44
On Sun, 04 Dec 2011 13:56:02 GMT
hoiyi88 <hoiyi88@no-mx.forums.novell.com> wrote:

>
> open tcp and udp 22 port.
> use ssh client to download file got this error.
> How can fix it?
> Thanks.
>
>
Hi
Did you use YaST Firewall to allow the Secure Shell Server to open the
ports? What SLE version?

--
Cheers Malcolm °¿° (Linux Counter #276890)
openSUSE 11.4 (x86_64) Kernel 2.6.37.6-0.9-desktop
up 3 days 15:42, 5 users, load average: 0.09, 0.12, 0.14
GPU GeForce 8600 GTS Silent - Driver Version: 290.10

hoiyi88
04-Dec-2011, 15:56
suse internal firewall disable.
SLE version 10 SP4


--
hoiyi88
------------------------------------------------------------------------
hoiyi88's Profile: http://forums.novell.com/member.php?userid=107113
View this thread: http://forums.novell.com/showthread.php?t=449083

malcolmlewis
04-Dec-2011, 16:30
On Sun, 04 Dec 2011 14:56:01 GMT
hoiyi88 <hoiyi88@no-mx.forums.novell.com> wrote:

>
> suse internal firewall disable.
> SLE version 10 SP4
>
>
Hi
So are you using the command line of a GUI eg nautilus?

So if you connect vi command line with some debug, can you post the
output;


sftp -vv username@host

Please put the output around cod tags or on pastebin and post back the
URL (You might want to edit any security related items, ip address
etc).

--
Cheers Malcolm °¿° (Linux Counter #276890)
openSUSE 11.4 (x86_64) Kernel 2.6.37.6-0.9-desktop
up 3 days 16:25, 5 users, load average: 0.08, 0.14, 0.12
GPU GeForce 8600 GTS Silent - Driver Version: 290.10

hoiyi88
04-Dec-2011, 16:46
malcolmlewis;2158426 Wrote:
> On Sun, 04 Dec 2011 14:56:01 GMT
> hoiyi88 <hoiyi88@no-mx.forums.novell.com> wrote:
>
> >
> > suse internal firewall disable.
> > SLE version 10 SP4
> >
> >
> Hi
> So are you using the command line of a GUI eg nautilus?
>
> So if you connect vi command line with some debug, can you post the
> output;
> >
Code:
--------------------
> >
> sftp -vv username@host
>
--------------------
> >
> Please put the output around cod tags or on pastebin and post back
> the
> URL (You might want to edit any security related items, ip address
> etc).
>
> --
> Cheers Malcolm °¿° (Linux Counter #276890)
> openSUSE 11.4 (x86_64) Kernel 2.6.37.6-0.9-desktop
> up 3 days 16:25, 5 users, load average: 0.08, 0.14, 0.12
> GPU GeForce 8600 GTS Silent - Driver Version: 290.10



www:~ # sftp -vv root@127.0.0.1
Connecting to 127.0.0.1...
OpenSSH_5.1p1, OpenSSL 0.9.8a 11 Oct 2005
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version
OpenSSH_5.1
debug1: match: OpenSSH_5.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.1
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 129/256
debug2: bits set: 522/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug2: no key of type 0 for host 127.0.0.1
debug2: no key of type 2 for host 127.0.0.1
The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.


--
hoiyi88
------------------------------------------------------------------------
hoiyi88's Profile: http://forums.novell.com/member.php?userid=107113
View this thread: http://forums.novell.com/showthread.php?t=449083

malcolmlewis
04-Dec-2011, 16:57
On Sun, 04 Dec 2011 15:46:02 GMT
hoiyi88 <hoiyi88@no-mx.forums.novell.com> wrote:


www:~ # sftp -vv root@127.0.0.1
Connecting to 127.0.0.1...
OpenSSH_5.1p1, OpenSSL 0.9.8a 11 Oct 2005
........
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug2: no key of type 0 for host 127.0.0.1
debug2: no key of type 2 for host 127.0.0.1
The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
[CODE]
Hi
Is there an existing .ssh directory in /root?

I see in (SLES 11 SP1);
[CODE]
# sftp -vv root@127.0.0.1

Connecting to 127.0.0.1...
OpenSSH_5.1p1, OpenSSL 0.9.8h 28 May 2008
......
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '127.0.0.1' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1

Your OpenSSL is at version a, SLE11 SP1 is at h, not sure if this may
be causing an issue or the RSA keys.

--
Cheers Malcolm °¿° (Linux Counter #276890)
openSUSE 11.4 (x86_64) Kernel 2.6.37.6-0.9-desktop
up 3 days 16:52, 5 users, load average: 0.09, 0.08, 0.15
GPU GeForce 8600 GTS Silent - Driver Version: 290.10

hoiyi88
05-Dec-2011, 08:06
malcolmlewis;2158428 Wrote:
> On Sun, 04 Dec 2011 15:46:02 GMT
> hoiyi88 <hoiyi88@no-mx.forums.novell.com> wrote:
> >
Code:
--------------------
> >
> www:~ # sftp -vv root@127.0.0.1
> Connecting to 127.0.0.1...
> OpenSSH_5.1p1, OpenSSL 0.9.8a 11 Oct 2005
> ........
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug2: no key of type 0 for host 127.0.0.1
> debug2: no key of type 2 for host 127.0.0.1
> The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
> >
Code:
--------------------
> >
> Hi
> Is there an existing .ssh directory in /root?
>
> I see in (SLES 11 SP1);
> >
Code:
--------------------
> >
> # sftp -vv root@127.0.0.1
>
> Connecting to 127.0.0.1...
> OpenSSH_5.1p1, OpenSSL 0.9.8h 28 May 2008
> ......
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug1: Host '127.0.0.1' is known and matches the RSA host key.
> debug1: Found key in /root/.ssh/known_hosts:1
>
--------------------
> >
> Your OpenSSL is at version a, SLE11 SP1 is at h, not sure if this may
> be causing an issue or the RSA keys.
>
> --
> Cheers Malcolm °¿° (Linux Counter #276890)
> openSUSE 11.4 (x86_64) Kernel 2.6.37.6-0.9-desktop
> up 3 days 16:52, 5 users, load average: 0.09, 0.08, 0.15
> GPU GeForce 8600 GTS Silent - Driver Version: 290.10 > >
>
> on /root/ have .ssh folder


--
hoiyi88
------------------------------------------------------------------------
hoiyi88's Profile: http://forums.novell.com/member.php?userid=107113
View this thread: http://forums.novell.com/showthread.php?t=449083

hoiyi88
05-Dec-2011, 08:46
malcolmlewis;2158428 Wrote:
> On Sun, 04 Dec 2011 15:46:02 GMT
> hoiyi88 <hoiyi88@no-mx.forums.novell.com> wrote:
> >
Code:
--------------------
> >
> www:~ # sftp -vv root@127.0.0.1
> Connecting to 127.0.0.1...
> OpenSSH_5.1p1, OpenSSL 0.9.8a 11 Oct 2005
> ........
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug2: no key of type 0 for host 127.0.0.1
> debug2: no key of type 2 for host 127.0.0.1
> The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
> >
Code:
--------------------
> >
> Hi
> Is there an existing .ssh directory in /root?
>
> I see in (SLES 11 SP1);
> >
Code:
--------------------
> >
> # sftp -vv root@127.0.0.1
>
> Connecting to 127.0.0.1...
> OpenSSH_5.1p1, OpenSSL 0.9.8h 28 May 2008
> ......
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug1: Host '127.0.0.1' is known and matches the RSA host key.
> debug1: Found key in /root/.ssh/known_hosts:1
>
--------------------
> >
> Your OpenSSL is at version a, SLE11 SP1 is at h, not sure if this may
> be causing an issue or the RSA keys.
>
> --
> Cheers Malcolm °¿° (Linux Counter #276890)
> openSUSE 11.4 (x86_64) Kernel 2.6.37.6-0.9-desktop
> up 3 days 16:52, 5 users, load average: 0.09, 0.08, 0.15
> GPU GeForce 8600 GTS Silent - Driver Version: 290.10 > >
>
> i found another version is OpenSSH_5.1p1, OpenSSL 0.9.8a 11 Oct 2005.
> but the SLES version same 10 SP4. can i downgrade?
> Thanks


--
hoiyi88
------------------------------------------------------------------------
hoiyi88's Profile: http://forums.novell.com/member.php?userid=107113
View this thread: http://forums.novell.com/showthread.php?t=449083

hoiyi88
05-Dec-2011, 10:46
Change /etc/ssh/sshd_config

Subsystem sftp /usr/lib64/ssh/sftp-server

successs


--
hoiyi88
------------------------------------------------------------------------
hoiyi88's Profile: http://forums.novell.com/member.php?userid=107113
View this thread: http://forums.novell.com/showthread.php?t=449083