Estou tendo problemas para fazer o sFTP funcionar enquanto não há problemas com o ssh. Basicamente, estou construindo zlib, openssl e openssh para um processador ARM usando um sistema de arquivos Linux incorporado existente. Depois de procurar ideias, isso parecia um problema comum, mas não fiz nenhum progresso. Só tenho um usuário definido, que é root com senha vazia.
Estou usando o openssh versão 4.7p1 e modifiquei o sshd_config com as seguintes configurações:
PermitRootLogin yes
PermitEmptyPasswords yes
UseDNS yes
UsePrivilegeSeparation no
SyslogFacility AUTH
LogLevel DEBUG3
Subsystem sftp /usr/local/libexec/sftp-server -f AUTH -l DEBUG3
O servidor sftp está localizado em /usr/local/libexec e possui as seguintes permissões:
root@arm:/usr/local/libexec# ls -l
-rwxr-xr-x 1 root root 65533 Oct 3 22:12 sftp-server
-rwx--x--x 1 root root 233539 Oct 3 22:12 ssh-keysign
Eu sei que o sftp-server está sendo encontrado (o caminho está definido em sshd_config) porque se eu renomear o executável sftp_server, recebo o seguinte erro:
auth.err sshd[1698]: error: subsystem: cannot stat /usr/local/libexec/sftp-server: No such file or directory
auth.info sshd[1698]: subsystem request for sftp failed, subsystem not found
Além disso, os scripts de inicialização de login do alvo são muito simples e consistem em um único arquivo (etc/profile.d/local.sh), que contém apenas definições para LD_LIBRARY_PATH, PATH e PYTHONPATH conforme mostrado abaixo:
#!/bin/sh
export LD_LIBRARY_PATH="/usr/local/lib"
export PATH="/usr/local/bin:/usr/local/libexec:${PATH}"
export PYTHONPATH="/home/root/python"
Como você pode ver, .bashrc, .profile, etc não existem no diretório inicial do root:
root@arm:~# ls -la
drwxr-xr-x 2 root root 4096 Oct 4 14:57 .
drwxr-xr-x 3 root root 4096 Oct 4 01:11 ..
-rw------- 1 root root 120 Oct 4 01:21 .bash_history
Aqui está a saída do log do sistema ao usar o FileZilla para conectar-se ao servidor sftp no destino. No log, parece que o executável do servidor sftp foi encontrado, mas os processos filhos foram encerrados imediatamente. Estou usando argumentos de depuração ao chamar sftp-server em sshd_config (Subsistema sftp /usr/local/libexec/sftp-server -f AUTH -l DEBUG3), mas nenhum log foi capturado.
Oct 4 14:29:45 arm auth.info sshd[2070]: Connection from 192.168.1.12 port 45888
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug1: Client protocol version 2.0; client software version PuTTY_Local:_Mar_28_2012_12:33:05
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug1: no match: PuTTY_Local:_Mar_28_2012_12:33:05
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug1: Enabling compatibility mode for protocol 2.0
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug1: Local version string SSH-2.0-OpenSSH_4.7
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: fd 3 setting O_NONBLOCK
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug1: list_hostkey_types: ssh-rsa,ssh-dss
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug1: SSH2_MSG_KEXINIT sent
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug1: SSH2_MSG_KEXINIT received
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellma1
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysr
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysr
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: none,[email protected]
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: none,[email protected]
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit:
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit:
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: first_kex_follows 0
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: reserved 0
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellma1
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: aes256-ctr,aes256-cbc,[email protected],aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfish-ctr,blowfi8
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: aes256-ctr,aes256-cbc,[email protected],aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfish-ctr,blowfi8
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: none,zlib
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: none,zlib
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit:
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit:
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: first_kex_follows 0
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: reserved 0
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: mac_setup: found hmac-sha1
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug1: kex: client->server aes256-ctr hmac-sha1 none
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: mac_setup: found hmac-sha1
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug1: kex: server->client aes256-ctr hmac-sha1 none
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug1: SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: dh_gen_key: priv key bits set: 277/512
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: bits set: 2052/4096
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: bits set: 2036/4096
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_derive_keys
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: set_newkeys: mode 1
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: cipher_init: set keylen (16 -> 32)
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug1: SSH2_MSG_NEWKEYS sent
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug1: expecting SSH2_MSG_NEWKEYS
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: set_newkeys: mode 0
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: cipher_init: set keylen (16 -> 32)
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: SSH2_MSG_NEWKEYS received
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: KEX done
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: userauth-request for user root service ssh-connection method none
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: attempt 0 failures 0
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug3: Trying to reverse map address 192.168.1.12.
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: parse_server_config: config reprocess config len 302
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: input_userauth_request: setting up authctxt for root
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: input_userauth_request: try method none
Oct 4 14:29:46 arm auth.info sshd[2070]: Accepted none for root from 192.168.1.12 port 45888 ssh2
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: Entering interactive session for SSH2.
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: fd 4 setting O_NONBLOCK
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: fd 5 setting O_NONBLOCK
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: server_init_dispatch_20
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: server_input_channel_open: ctype session rchan 256 win 2147483647 max 16384
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: input_session_request
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: channel 0: new [server-session]
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: session_new: init
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: session_new: session 0
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: session_open: channel 0
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: session_open: session 0: link with channel 0
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: server_input_channel_open: confirm session
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: server_input_channel_req: channel 0 request [email protected] reply 0
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: session_by_channel: session 0 channel 0
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: session_input_channel_req: session 0 req [email protected]
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: server_input_channel_req: channel 0 request subsystem reply 1
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: session_by_channel: session 0 channel 0
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: session_input_channel_req: session 0 req subsystem
Oct 4 14:29:46 arm auth.info sshd[2070]: subsystem request for sftp
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: subsystem: exec() /usr/local/libexec/sftp-server -f AUTH -l DEBUG3
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: fd 3 setting TCP_NODELAY
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: fd 7 setting O_NONBLOCK
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug3: fd 7 is O_NONBLOCK
Oct 4 14:29:46 arm auth.debug sshd[2073]: debug1: permanently_set_uid: 0/0
Oct 4 14:29:46 arm auth.debug sshd[2073]: debug3: channel 0: close_fds r -1 w -1 e -1 c -1
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: read<=0 rfd 7 len -1
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: read failed
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: close_read
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: input open -> drain
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: ibuf empty
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: send eof
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: input drain -> closed
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: notify_done: reading
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: Received SIGCHLD.
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: session_by_pid: pid 2073
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: session_exit_message: session 0 channel 0 pid 2073
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: request exit-status confirm 0
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: session_exit_message: release channel 0
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: write failed
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: close_write
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: output open -> closed
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: send close
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug3: channel 0: will not send data after close
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: rcvd close
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug3: channel 0: will not send data after close
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: is dead
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: gc: notify user
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: session_by_channel: session 0 channel 0
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: session_close_by_channel: channel 0 child 0
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: session_close: session 0 pid 0
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: gc: user detached
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: is dead
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: garbage collecting
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: channel 0: free: server-session, nchannels 1
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug3: channel 0: status: The following connections are open:\r\n #0 server-session (t4 r256 i3/0 o3/0 fd 7/7 cfd -1)\r\n
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug3: channel 0: close_fds r 7 w 7 e -1 c -1
Oct 4 14:29:46 arm auth.info sshd[2070]: Connection closed by 192.168.1.12
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: do_cleanup
Oct 4 14:29:46 arm auth.info sshd[2070]: Closing connection to 192.168.1.12
Responder1
Embora esta seja mais uma solução alternativa do que uma resposta direta ao seu problema, eu tentaria usar o servidor SFTP interno em vez de um externo. Como este é um sistema embarcado, provavelmente faz mais sentido fazer isso de qualquer maneira.
No seu sshd_config
, basta adicionar:
Subsystem sftp internal-sftp
Dessa forma, você pode deixar de fora o binário sftp e economizar espaço.