sftp

sftp

Post by Lee Ha » Tue, 28 Aug 2001 02:22:18



I am trying to set up and use sftp.

I uncommented the line in /etc/ssh/sshd_config:
Subsystem    sftp    /usr/libexec/sftp-server

and then built the sftp port.
But when I try to connect, I get an error after I enter my password:

select: Bad file descriptor
select: Interrupted system call

I thought maybe the sftp port does not really go with the
sftp-server mentioned in the sshd_config,
so I tried regular ftp through an ssh tunnel as so:


then

ftp localhost 5021

It seems to connect, but I get errors when I try to transfer files:

ftp: connect: Connection refused

There is precious little information around about setting this up.
Anyone have any pointers?

 
 
 

sftp

Post by Lee Ha » Tue, 28 Aug 2001 02:39:04



> I am trying to set up and use sftp.

> I uncommented the line in /etc/ssh/sshd_config:
> Subsystem    sftp    /usr/libexec/sftp-server

> and then built the sftp port.
> But when I try to connect, I get an error after I enter my password:

> select: Bad file descriptor
> select: Interrupted system call

> I thought maybe the sftp port does not really go with the
> sftp-server mentioned in the sshd_config,
> so I tried regular ftp through an ssh tunnel as so:


> then

> ftp localhost 5021

> It seems to connect, but I get errors when I try to transfer files:

> ftp: connect: Connection refused

> There is precious little information around about setting this up.
> Anyone have any pointers?

Ok, I got this working by installing the sftp port on both client
and server, but I am still confused about the sftp-server configuration
in sshd_config. It seems that it would be unneccessary the way that I
have it set up.

In fact, I just commented out that line again, and it works fine.

So. Is that part of sshd just not ready for prime time, and the right
way to do this is use the sftp port on both ends? Or is there more
to this story?

 
 
 

sftp

Post by Kade » Tue, 28 Aug 2001 04:49:49


On Sun, 26 Aug 2001 17:39:04 +0000 (UTC), Lee Harr


> On Sun, 26 Aug 2001 17:22:18 +0000 (UTC), Lee Harr

>> I am trying to set up and use sftp.

>> I uncommented the line in /etc/ssh/sshd_config:
>> Subsystem    sftp    /usr/libexec/sftp-server
> Ok, I got this working by installing the sftp port on both client
> and server, but I am still confused about the sftp-server configuration
> in sshd_config. It seems that it would be unneccessary the way that I
> have it set up.

It is if you only want to transfer files in one direction.

Quote:> In fact, I just commented out that line again, and it works fine.

Yes, but did you try and connect going the opposite direction?

Quote:> So. Is that part of sshd just not ready for prime time, and the right
> way to do this is use the sftp port on both ends? Or is there more
> to this story?

Everything is the way it should be.

What happens is this..  You install sftp on the system you want to give
others access to.  You uncomment the line in sshd_config so that sshd
knows to give others access to the sftp server when they request it.

You install sftp on the other machine so that you can get the client side
of the setup.  You leave line in sshd_config commented because you don't
want others to be able to download your files.  You still need the sftp
port, though so that you can get the client part.

Make better sense now?

 
 
 

sftp

Post by Lee Ha » Tue, 28 Aug 2001 05:13:16



> On Sun, 26 Aug 2001 17:39:04 +0000 (UTC), Lee Harr

>> On Sun, 26 Aug 2001 17:22:18 +0000 (UTC), Lee Harr

>>> I am trying to set up and use sftp.

>>> I uncommented the line in /etc/ssh/sshd_config:
>>> Subsystem    sftp    /usr/libexec/sftp-server

>> Ok, I got this working by installing the sftp port on both client
>> and server, but I am still confused about the sftp-server configuration
>> in sshd_config. It seems that it would be unneccessary the way that I
>> have it set up.

> It is if you only want to transfer files in one direction.

Well, I want to be able to transfer in both directions, but I only
want to be able to connect from the client end to the server.

Quote:>> In fact, I just commented out that line again, and it works fine.

> Yes, but did you try and connect going the opposite direction?

No.

- Show quoted text -

Quote:>> So. Is that part of sshd just not ready for prime time, and the right
>> way to do this is use the sftp port on both ends? Or is there more
>> to this story?

> Everything is the way it should be.

> What happens is this..  You install sftp on the system you want to give
> others access to.  You uncomment the line in sshd_config so that sshd
> knows to give others access to the sftp server when they request it.

> You install sftp on the other machine so that you can get the client side
> of the setup.  You leave line in sshd_config commented because you don't
> want others to be able to download your files.  You still need the sftp
> port, though so that you can get the client part.

> Make better sense now?

Not really, no. I guess I should have been more clear.

I commented out the sshd_config sftp-server line on the ftp server.
In other words, it is commented out on _both_ machines. And the
server still allows connections.

The line in the server's sshd_config metions the program
/usr/libexec/sftp-server
so I figured when the sftp client tried to connect, that would be
the program that was started, but I believe that the sftp port comes
with its own sftp server called sftpserv, and that is the one being
started through an ssh tunnel.

So, I am still curious what sftp-server is for, and how it is used.

 
 
 

sftp

Post by Christian Weisgerb » Tue, 28 Aug 2001 07:12:55



> I am trying to set up and use sftp.

> I uncommented the line in /etc/ssh/sshd_config:
> Subsystem    sftp    /usr/libexec/sftp-server

> and then built the sftp port.

OpenSSH's sftp-server(8) and sftp(1) commands implement the SSH
File Transfer Protocol, draft-ietf-secsh-filexfer-00.txt.

The ftp/sftp port implements its own protocol which is completely
unrelated to anything above.  Calling that obscure program "sftp"
was a really bad idea.

If you run -STABLE your confusion will be compounded by the fact
that -STABLE still ships with OpenSSH 2.3 which doesn't include
sftp(1).  OpenSSH 2.9 is available as security/openssh, though.

--

 
 
 

sftp

Post by Lee Ha » Tue, 28 Aug 2001 08:43:52


Quote:

> If you run -STABLE your confusion will be compounded by the fact
> that -STABLE still ships with OpenSSH 2.3 which doesn't include
> sftp(1).  OpenSSH 2.9 is available as security/openssh, though.

Ah, Ok.

So, I installed the openssh port on the client, and now it works more
as I was expecting.

It sure is ugly though...  the sftp port looked and acted more like ftp.

On a related note, should I just be forgetting about this whole sftp
thing and using scp? Seems like it might be simpler and better.
Hmm. I think I need a howto on this one too. Is there some simple
way to scp a file from there to here without an error like:

You have no controlling tty.  Cannot read passphrase.
select: Bad file descriptor

Thanks for your help.

 
 
 

sftp

Post by Lee Ha » Tue, 28 Aug 2001 09:20:14


Quote:> On a related note, should I just be forgetting about this whole sftp
> thing and using scp? Seems like it might be simpler and better.
> Hmm. I think I need a howto on this one too. Is there some simple
> way to scp a file from there to here without an error like:

> You have no controlling tty.  Cannot read passphrase.
> select: Bad file descriptor

scp is cool.  Simple file transfer:


or whole directories:


Not interactive, but if you know exactly what you want, and
where it is... works like a charm.

 
 
 

sftp

Post by Christian Weisgerb » Tue, 28 Aug 2001 22:48:57



> It sure is ugly though...  the sftp port looked and acted more like ftp.

Yes, the sftp client is still a bit primitive.  Functional, though.
I think you are spoiled by modern versions of ftp.

Quote:> On a related note, should I just be forgetting about this whole sftp
> thing and using scp? Seems like it might be simpler and better.

Depends.  Originally I couldn't see the point of sftp either, but
what do you do if you don't know the exact path of a file?  slogin
and check?  Or use sftp?  It comes down to personal preference, I
guess.

Having an sftp server can be important if you need to deal with
MS-Windows users who have clients capabale of SFTP but no equivalent
to scp.

Quote:> You have no controlling tty.  Cannot read passphrase.
> select: Bad file descriptor

I don't know how you managed to get that one.

--

 
 
 

1. sftp only user account setup???

Is it possible to provide sftp only access to a user? I.e. ssh logins
are disabled for the given user. I thought this would be good for
providing a secure way to xfr files on the server.

I've looked through the documentation and have played around with
using a restricted shell but haven't gotten this to work yet. Any
pointers would be appreciated. BTW, I'm running Red Hat 8.0.

John

2. Automatically cycling desktops: is it possible?

3. sftp No interactive

4. fyi, tmpfs bug #1

5. sFTP log file

6. Modem works for [x] min. then NO CARRIER!!!

7. SFTP from script

8. minimal linux install???

9. Allowing sftp without remote shell

10. FileZilla: SFTP "unable to connect"; FTP can't CD above homedir

11. sftp problems

12. scripting sftp transfers

13. S: sftp/scp-client which can resume incomplete downloads