我在 sFTP 工作時遇到問題,而 ssh 沒有問題。我基本上是使用現有的嵌入式 Linux 檔案系統為 ARM 處理器建立 zlib、openssl 和 openssh。在尋找想法後,這似乎是一個常見問題,但我還沒有任何進展。我只定義了一個用戶,即 root,密碼為空。
我使用 openssh 版本 4.7p1,並使用以下設定修改了 sshd_config:
PermitRootLogin yes
PermitEmptyPasswords yes
UseDNS yes
UsePrivilegeSeparation no
SyslogFacility AUTH
LogLevel DEBUG3
Subsystem sftp /usr/local/libexec/sftp-server -f AUTH -l DEBUG3
sftp-server 位於 /usr/local/libexec 並具有以下權限:
root@arm:/usr/local/libexec# ls -l
-rwxr-xr-x 1 root root 65533 Oct 3 22:12 sftp-server
-rwx--x--x 1 root root 233539 Oct 3 22:12 ssh-keysign
我知道正在找到 sftp-server(路徑在 sshd_config 中設定),因為如果我重命名 sftp_server 可執行文件,則會收到以下錯誤:
auth.err sshd[1698]: error: subsystem: cannot stat /usr/local/libexec/sftp-server: No such file or directory
auth.info sshd[1698]: subsystem request for sftp failed, subsystem not found
此外,目標的登入初始化腳本非常簡單,由單一檔案(etc/profile.d/local.sh)組成,其中僅包含 LD_LIBRARY_PATH、PATH 和 PYTHONPATH 的定義,如下所示:
#!/bin/sh
export LD_LIBRARY_PATH="/usr/local/lib"
export PATH="/usr/local/bin:/usr/local/libexec:${PATH}"
export PYTHONPATH="/home/root/python"
如你所看到的,root 的主目錄中不存在 .bashrc、.profile 等:
root@arm:~# ls -la
drwxr-xr-x 2 root root 4096 Oct 4 14:57 .
drwxr-xr-x 3 root root 4096 Oct 4 01:11 ..
-rw------- 1 root root 120 Oct 4 01:21 .bash_history
以下是使用 FileZilla 連接到目標上的 sftp 伺服器時的系統日誌輸出。從日誌來看,似乎找到了 sftp-server 可執行文件,但子進程立即退出。我在 sshd_config 中呼叫 sftp-server (子系統 sftp /usr/local/libexec/sftp-server -f AUTH -l DEBUG3)時使用偵錯參數,但沒有擷取任何日誌。
Oct 4 14:29:45 arm auth.info sshd[2070]: Connection from 192.168.1.12 port 45888
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug1: Client protocol version 2.0; client software version PuTTY_Local:_Mar_28_2012_12:33:05
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug1: no match: PuTTY_Local:_Mar_28_2012_12:33:05
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug1: Enabling compatibility mode for protocol 2.0
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug1: Local version string SSH-2.0-OpenSSH_4.7
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: fd 3 setting O_NONBLOCK
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug1: list_hostkey_types: ssh-rsa,ssh-dss
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug1: SSH2_MSG_KEXINIT sent
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug1: SSH2_MSG_KEXINIT received
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellma1
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysr
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysr
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: none,[email protected]
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: none,[email protected]
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit:
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit:
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: first_kex_follows 0
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: reserved 0
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellma1
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: aes256-ctr,aes256-cbc,[email protected],aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfish-ctr,blowfi8
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: aes256-ctr,aes256-cbc,[email protected],aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfish-ctr,blowfi8
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: none,zlib
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: none,zlib
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit:
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit:
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: first_kex_follows 0
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: reserved 0
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: mac_setup: found hmac-sha1
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug1: kex: client->server aes256-ctr hmac-sha1 none
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: mac_setup: found hmac-sha1
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug1: kex: server->client aes256-ctr hmac-sha1 none
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug1: SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: dh_gen_key: priv key bits set: 277/512
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: bits set: 2052/4096
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: bits set: 2036/4096
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_derive_keys
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: set_newkeys: mode 1
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug2: cipher_init: set keylen (16 -> 32)
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug1: SSH2_MSG_NEWKEYS sent
Oct 4 14:29:45 arm auth.debug sshd[2070]: debug1: expecting SSH2_MSG_NEWKEYS
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: set_newkeys: mode 0
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: cipher_init: set keylen (16 -> 32)
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: SSH2_MSG_NEWKEYS received
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: KEX done
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: userauth-request for user root service ssh-connection method none
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: attempt 0 failures 0
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug3: Trying to reverse map address 192.168.1.12.
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: parse_server_config: config reprocess config len 302
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: input_userauth_request: setting up authctxt for root
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: input_userauth_request: try method none
Oct 4 14:29:46 arm auth.info sshd[2070]: Accepted none for root from 192.168.1.12 port 45888 ssh2
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: Entering interactive session for SSH2.
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: fd 4 setting O_NONBLOCK
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: fd 5 setting O_NONBLOCK
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: server_init_dispatch_20
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: server_input_channel_open: ctype session rchan 256 win 2147483647 max 16384
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: input_session_request
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: channel 0: new [server-session]
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: session_new: init
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: session_new: session 0
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: session_open: channel 0
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: session_open: session 0: link with channel 0
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: server_input_channel_open: confirm session
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: server_input_channel_req: channel 0 request [email protected] reply 0
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: session_by_channel: session 0 channel 0
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: session_input_channel_req: session 0 req [email protected]
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: server_input_channel_req: channel 0 request subsystem reply 1
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: session_by_channel: session 0 channel 0
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: session_input_channel_req: session 0 req subsystem
Oct 4 14:29:46 arm auth.info sshd[2070]: subsystem request for sftp
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: subsystem: exec() /usr/local/libexec/sftp-server -f AUTH -l DEBUG3
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: fd 3 setting TCP_NODELAY
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: fd 7 setting O_NONBLOCK
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug3: fd 7 is O_NONBLOCK
Oct 4 14:29:46 arm auth.debug sshd[2073]: debug1: permanently_set_uid: 0/0
Oct 4 14:29:46 arm auth.debug sshd[2073]: debug3: channel 0: close_fds r -1 w -1 e -1 c -1
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: read<=0 rfd 7 len -1
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: read failed
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: close_read
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: input open -> drain
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: ibuf empty
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: send eof
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: input drain -> closed
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: notify_done: reading
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: Received SIGCHLD.
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: session_by_pid: pid 2073
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: session_exit_message: session 0 channel 0 pid 2073
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: request exit-status confirm 0
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: session_exit_message: release channel 0
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: write failed
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: close_write
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: output open -> closed
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: send close
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug3: channel 0: will not send data after close
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: rcvd close
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug3: channel 0: will not send data after close
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: is dead
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: gc: notify user
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: session_by_channel: session 0 channel 0
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: session_close_by_channel: channel 0 child 0
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: session_close: session 0 pid 0
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: gc: user detached
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: is dead
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: garbage collecting
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: channel 0: free: server-session, nchannels 1
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug3: channel 0: status: The following connections are open:\r\n #0 server-session (t4 r256 i3/0 o3/0 fd 7/7 cfd -1)\r\n
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug3: channel 0: close_fds r 7 w 7 e -1 c -1
Oct 4 14:29:46 arm auth.info sshd[2070]: Connection closed by 192.168.1.12
Oct 4 14:29:46 arm auth.debug sshd[2070]: debug1: do_cleanup
Oct 4 14:29:46 arm auth.info sshd[2070]: Closing connection to 192.168.1.12
答案1
雖然這更多的是一種替代解決方案,而不是直接回答您的問題,但我會嘗試使用內部 sftp 伺服器而不是外部伺服器。由於這是一個嵌入式系統,因此無論如何這樣做可能更有意義。
在您的 中sshd_config,只需添加:
Subsystem sftp internal-sftp
這樣您就可以省略 sftp 二進位檔案並節省一些空間。