ONTAP Discussions

sftp connection hang after login

ale

Hi to all,

 

we configured an FAS2240 with sftp protocol, when we try to access with a client like winscp receive a warning about Diffie-Helman alghoritm then the connection was broken with authentication error, while if i try from linux host with debug mode enabled we received this error:

 

[root@eslgbatbs tina]# sftp root@10.147.146.168
root@10.147.146.168's password:
Connection closed
[root@eslgbatbs tina]# sftp -v root@10.147.146.168
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: Connecting to 10.147.146.168 [10.147.146.168] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2 FreeBSD-20160310
debug1: match: OpenSSH_7.2 FreeBSD-20160310 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 10.147.146.168:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: aes128-ctr MAC: umac-64-etm@openssh.com compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: umac-64-etm@openssh.com compression: none
debug1: kex: curve25519-sha256@libssh.org need=16 dh_need=16
debug1: kex: curve25519-sha256@libssh.org need=16 dh_need=16
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:QsmNgeGkvZnQSNZ4MmCksUdcTDAfQ2IOTY+mvex1qkg
debug1: Host '10.147.146.168' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:2
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: Trying private key: /root/.ssh/id_ed25519
debug1: Next authentication method: password
root@10.147.146.168's password:
debug1: Authentication succeeded (password).
Authenticated to 10.147.146.168 ([10.147.146.168]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: Sending subsystem: sftp
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
Transferred: sent 2064, received 3312 bytes, in 0.1 seconds
Bytes per second: sent 25613.0, received 41099.9
debug1: Exit status 255
Connection closed

 

 

Have you some ideas.

 

Thanks for support.

2 REPLIES 2

ttran

Hi Ale,

 

The user "root" is not allowed for SFTP access. SFTP utilizes SSHv2, therefore both SSHv2 and SFTP must be enabled.

 

Below are 7-mode commands to check your SSH configuration:

> secureadmin status

> secureadmin setup

> secureadmin enable

> options ssh

 

You can view all of the SFTP configuration parameters using:

> options sftp

 

To modify a value in "options" follow this example:

View current setting:

> options sftp.enable

OUTPUT>> sftp.enable off

 

To modify, run:

> options sftp.enable on

 

View setting again to confirm:

> options sftp.enable

OUTPUT>> sftp.enable on

 

Here are some documentation that explains SFTP and how to configure:

Managing SFTP 

KB: How to configure SFTP on 7-Mode 

 

 

Regards,

 

Team NetApp

Team NetApp

Drew_C

Sorry - this post got caught up in the spam filter. It's been released.

Community Manager \\ NetApp
Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public