ONTAP Discussions

sftp connection hang after login

Hi to all,

 

we configured an FAS2240 with sftp protocol, when we try to access with a client like winscp receive a warning about Diffie-Helman alghoritm then the connection was broken with authentication error, while if i try from linux host with debug mode enabled we received this error:

 

[root@eslgbatbs tina]# sftp root@10.147.146.168
root@10.147.146.168's password:
Connection closed
[root@eslgbatbs tina]# sftp -v root@10.147.146.168
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: Connecting to 10.147.146.168 [10.147.146.168] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2 FreeBSD-20160310
debug1: match: OpenSSH_7.2 FreeBSD-20160310 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 10.147.146.168:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: aes128-ctr MAC: umac-64-etm@openssh.com compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: umac-64-etm@openssh.com compression: none
debug1: kex: curve25519-sha256@libssh.org need=16 dh_need=16
debug1: kex: curve25519-sha256@libssh.org need=16 dh_need=16
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:QsmNgeGkvZnQSNZ4MmCksUdcTDAfQ2IOTY+mvex1qkg
debug1: Host '10.147.146.168' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:2
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: Trying private key: /root/.ssh/id_ed25519
debug1: Next authentication method: password
root@10.147.146.168's password:
debug1: Authentication succeeded (password).
Authenticated to 10.147.146.168 ([10.147.146.168]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: Sending subsystem: sftp
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
Transferred: sent 2064, received 3312 bytes, in 0.1 seconds
Bytes per second: sent 25613.0, received 41099.9
debug1: Exit status 255
Connection closed

 

 

Have you some ideas.

 

Thanks for support.

2 REPLIES 2

Re: sftp connection hang after login

Sorry - this post got caught up in the spam filter. It's been released.

Community Manager \\ NetApp

Re: sftp connection hang after login

Hi Ale,

 

The user "root" is not allowed for SFTP access. SFTP utilizes SSHv2, therefore both SSHv2 and SFTP must be enabled.

 

Below are 7-mode commands to check your SSH configuration:

> secureadmin status

> secureadmin setup

> secureadmin enable

> options ssh

 

You can view all of the SFTP configuration parameters using:

> options sftp

 

To modify a value in "options" follow this example:

View current setting:

> options sftp.enable

OUTPUT>> sftp.enable off

 

To modify, run:

> options sftp.enable on

 

View setting again to confirm:

> options sftp.enable

OUTPUT>> sftp.enable on

 

Here are some documentation that explains SFTP and how to configure:

Managing SFTP 

KB: How to configure SFTP on 7-Mode 

 

 

Regards,

 

Team NetApp

Team NetApp
Cloud Volumes ONTAP
Review Banner
All Community Forums
Public