Network and Storage Protocols

SFTP login error

jameskuhlke
14,532 Views

Hi All,

apologies if i get this wrong but it is my first post, I am trying to setup a local user for SFTP to push a file into a CIFS share.  So I ran:

useradmin user add orbitfeet -g users

fas3020> useradmin user list orbitfeed
Name: orbitfeed
Info:
Rid: 131073
Groups: Users
Full Name:
Allowed Capabilities: api-snmp-get,api-snmp-get-next,api-system-api-*
Password min/max age in days: 0/4294967295
Status: enabled

I then placed the following entries in the usermap.cfg

FAS3020\orbitfeed => orbitfeed
FAS3020\orbitfeed <= orbitfeed

I then placed the following entry in /etc/passwd

orbitfeed:_J9../AsNpchihmSCXSQ:10:10::/vol/vol1/dump:

I created a volume /vol/vol1/ and set it to have NTFS permissions

I created a folder called dump and gave the local user FAS3020\orbitfeed full control

I set the following options in red:-

fas3020> options sftp
sftp.auth_style              mixed
sftp.bypass_traverse_checking on
sftp.dir_override            /vol/vol1/dump
sftp.dir_restriction         off
sftp.enable                  on
sftp.idle_timeout            900s
sftp.locking                 none
sftp.log_enable              on
sftp.log_filesize            512k
sftp.log_nfiles              6
sftp.max_connections         15
sftp.max_connections_threshold 75%
sftp.override_client_permissions off
fas3020>

however when the user trys to login I get the following error:-

Wed Jan 27 14:12:45 GMT [sftp.connection.request.failed:error]: SFTP (SSH File Transfer Protocol) connection request from client system 192.168.110.128, user orbitfeed failed, because the user is not permitted to do SFTP (SSH File Transfer Protocol) operations.
Wed Jan 27 14:12:45 GMT [sshd_2:error]: error: Disconnecting: SFTP connection creation failed

I get the same issue if try with root, if use FTP with either it works perfect my FTP settings are detailed below:-

fas3020> options ftp
ftpd.3way.enable             off
ftpd.anonymous.enable        off
ftpd.anonymous.home_dir
ftpd.anonymous.name          anonymous
ftpd.auth_style              mixed
ftpd.bypass_traverse_checking on
ftpd.dir.override            /vol/vol1/dump

ftpd.dir.restriction         off
ftpd.enable                  on
ftpd.explicit.allow_secure_data_conn on
ftpd.explicit.enable         off
ftpd.idle_timeout            900s
ftpd.implicit.enable         off
ftpd.ipv6.enable             off
ftpd.locking                 none
ftpd.log.enable              on
ftpd.log.filesize            512k
ftpd.log.nfiles              6
ftpd.max_connections         500
ftpd.max_connections_threshold 0%
ftpd.tcp_window_size         28960

One final thing to note is that is I use FAS3020\orbitfeed it works perfectly too with both protocols.  However I plan to use SSH keys which means I have to use the UNIX user format to enable the authorzed keys

I have tried the all the settings for sftp.auth_style but still get the same issue.

Any help much appreciated

Thanks,

James

7 REPLIES 7

kvinay
14,533 Views

Hi James,

               Please check the link http://now.netapp.com/NOW/knowledge/docs/ontap/rel732/html/ontap/filesag/GUID-B61B9FB7-BDDA-4F91-8FC5-CA4C39B43B7B.html  and make sure the settings you have done are all correct .And it also looks like you need to enable sshv2 for SFTP to work.

Also looks it does not support root user ,please check this link http://now.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=370800 .

Regards,

Vinay

jameskuhlke
14,533 Views

Thanks for you reply, There are very limited options with SFTP and I have tried nearly all of them that are listed in the manual.  I have SSH2 enabled as it works with fas3020\orbitfeed i.e. NTLM authentication just does not seem work with windows....  I have check the mapping below:-

fas3020> secureadmin status
ssh2    - active
ssh1    - active
ssl     - active
fas3020> useradmin user list orbitfeed
Name: orbitfeed
Info:
Rid: 131073
Groups: Users
Full Name:
Allowed Capabilities: *
Password min/max age in days: 0/4294967295
Status: enabled

fas3020> wcc -u orbitfeed
Wed Jan 27 19:56:32 GMT [auth.trace.authenticateUser.loginTraceMsg:info]: AUTH: LSA lookup: Located account "FAS3020\orbitfeed" in domain "FAS3020"..
(NT - UNIX) account name(s):  (FAS3020\orbitfeed - orbitfeed)
        ***************
        UNIX uid = 10

        NT membership
                FAS3020\orbitfeed
                BUILTIN\Users
        User is also a member of Everyone, Network Users,
        Authenticated Users
        ***************
fas3020> wcc -s orbitfeed
(NT - UNIX) account name(s):  (FAS3020\orbitfeed - orbitfeed)
        ***************
        UNIX uid = 10

        NT membership
                FAS3020\orbitfeed
                BUILTIN\Users
        User is also a member of Everyone, Network Users,
        Authenticated Users
        ***************
fas3020>

nicholas4704
14,533 Views

Hi

Did you resolve the issue?

I'm facing near the same problem. I want to setup sftp to put files on filer via sftp, but I get the same error (ONTAP 7.3.6)

I added a user:

ACDC> useradmin user list sftpadmin

Name: sftpadmin

Info:

Rid: 131080

Groups: Administrators

Full Name:

Allowed Capabilities: login-*,cli-*,api-*,security-*

Password min/max age in days: 0/4294967295

Status: enabled

enabled sftp:

ACDC> options sftp

sftp.auth_style              mixed

sftp.bypass_traverse_checking off

sftp.dir_override            /vol/vol0/etc

sftp.dir_restriction         off

sftp.enable                  on

sftp.idle_timeout            900s

sftp.locking                 none

sftp.log_enable              on

sftp.log_filesize            512k

sftp.log_nfiles              6

sftp.max_connections         15

sftp.max_connections_threshold 75%

sftp.override_client_permissions off

And I get the same error when I try to connect via WinSCP or Linux scp client:

[sftp.connection.request.failed:error]: SFTP (SSH File Transfer Protocol) connection request from client system x.x.x.x, user sftpadmin failed, because the user is not permitted to do SFTP (SSH File Transfer Protocol) operations.

[sshd_1:error]: error: Disconnecting: SFTP connection creation failed

Please advice.

Thank you.

Nick

jameskuhlke
14,533 Views

Hi Nick,

What does your usermap.cfg file and passwd file look like?

They are both in /etc

Also what user are you using?

Regards,

James

Please excuse my grammar sent from my iPhone

andersonch
14,532 Views

Did anyone solve the issue?  I am trying to use WinSCP client to upload some firmware but I am getting the same error.  I am not using a UNIX client or LDAP so the settings in those articles did not work for me.  I have an open ticket with NetApp and we went thought the KB step by step but it did not fix my issue. 

andersonch
14,532 Views

After spending a long time with support I finaly got a resolution.  The users I created had to have a password that was 8 characters long.  Once I changed the 11 character password to 8 it worked. 

Public