我已经通知SFTP访问不再在运行Ubuntu的Amazon EC2服务器上工作。 我已经做了一些工作,创build此服务器上的其他用户的SFTP访问。 有限的用户访问仍在工作。 但是,从我们拥有.pem密钥文件的“ubuntu”用户开始的SFTP根访问不再有效。
我从debugging输出中获得退出状态126。 FireFTP报告:
Connected (version 2.0, client OpenSSH_5.9p1NaNDebian-5ubuntu1.3) Authentication (publickey) successful! Secsh channel 1 opened. Error message= uncaught exception: EOFError: "undefined" URL= Line Number= 0 我设法通过将以下内容添加到/ etc / ssh / sshd_config来允许SFTP访问:
Match user ubuntu ForceCommand internal-sftp
但是,这将禁用SSH访问!
我也确保在sshd_config中设置“PermitRootLogin yes”。
我也尝试使root:root拥有的ubuntu主文件夹,但它似乎没有区别..
我不知道我可能会无意中更改导致此错误。
提前致谢
auth.log条目:
> Jun 24 10:21:26 ip-**** sshd[24096]: Accepted publickey for > ubuntu from **** port 63696 ssh2 Jun 24 10:21:26 > ip-**** sshd[24096]: pam_unix(sshd:session): session opened > for user ubuntu by (uid=0) Jun 24 10:21:26 ip-**** > sshd[24182]: subsystem request for sftp by user ubuntu Jun 24 10:21:27 > ip-**** sshd[24182]: Received disconnect from ****: > 11: disconnected by user Jun 24 10:21:27 ip-172-31-30-50 sshd[24096]: > pam_unix(sshd:session): session closed for user ubuntu
下面的SFTPdebugging输出:
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011 debug1: Reading configuration data /Users/<user>/.ssh/config debug1: Reading configuration data /etc/ssh_config debug1: /etc/ssh_config line 20: Applying options for * debug1: /etc/ssh_config line 102: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to ****** port 22. debug1: Connection established. debug1: identity file ****.pem type -1 debug1: identity file ****.pem-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.2 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.3 debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.3 pat OpenSSH_5* debug2: fd 3 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: [email protected],[email protected],ssh-rsa,[email protected],[email protected],ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,[email protected],zlib debug2: kex_parse_kexinit: none,[email protected],zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,[email protected] debug2: kex_parse_kexinit: none,[email protected] debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: found hmac-md5 debug1: kex: server->client aes128-ctr hmac-md5 none debug2: mac_setup: found hmac-md5 debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 128/256 debug2: bits set: 513/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Server host key: RSA **** debug1: Host '****' is known and matches the RSA host key. debug1: Found key in /Users/adamelemental/.ssh/known_hosts:36 debug2: bits set: 505/1024 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /Users/adamelemental/work/e247-admin/aws/e247-main-eu.pem (0x0), explicit debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Trying private key: ****.pem debug1: read PEM private key done: type RSA debug2: we sent a publickey packet, wait for reply debug1: Authentication succeeded (publickey). Authenticated to **** ([****]:22). debug2: fd 4 setting O_NONBLOCK debug1: channel 0: new [client-session] debug2: channel 0: send open debug1: Requesting [email protected] debug1: Entering interactive session. debug2: callback start debug2: fd 3 setting TCP_NODELAY debug2: client_session2_setup: id 0 debug1: Sending environment. debug1: Sending env LANG = en_GB.UTF-8 debug2: channel 0: request env confirm 0 debug1: Sending subsystem: sftp debug2: channel 0: request subsystem confirm 1 debug2: callback done debug2: channel 0: open confirm rwindow 0 rmax 32768 debug2: channel 0: rcvd adjust 2097152 debug2: channel_input_status_confirm: type 99 id 0 debug2: subsystem request accepted on channel 0 debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 debug1: client_input_channel_req: channel 0 rtype [email protected] reply 0 debug2: channel 0: rcvd eow debug2: channel 0: close_read debug2: channel 0: input open -> closed debug2: channel 0: rcvd eof debug2: channel 0: output open -> drain debug2: channel 0: obuf empty debug2: channel 0: close_write debug2: channel 0: output drain -> closed debug2: channel 0: rcvd close debug2: channel 0: almost dead debug2: channel 0: gc: notify user debug2: channel 0: gc: user detached debug2: channel 0: send close debug2: channel 0: is dead debug2: channel 0: garbage collecting debug1: channel 0: free: client-session, nchannels 1 debug1: fd 0 clearing O_NONBLOCK Transferred: sent 2768, received 2160 bytes, in 0.4 seconds Bytes per second: sent 7600.3, received 5930.8 debug1: Exit status 126 Connection closed
退出代码126是find但无法执行的命令的bash错误代码。 看到这里和这里 。 例如:
$ /dev/null -bash: /dev/null: Permission denied $ echo $? 126
当你不强迫internal-sftp, OpenSSH服务器使用一个名为sftp-server的程序来处理远程的SFTP会话。 我的猜测是这个系统上的sftp-server程序被标记为不可执行,或者SSHDconfiguration不正确。
sshd_config文件应该有一个类似于以下的SFTP subsystem行(注意我不清楚Ubuntu上的文件在哪里):
Subsystem sftp /path/to/sftp-server
find这一行,validation它是否引用了sftp-server程序的有效副本,并validation程序本身是否可执行:
-rwxr-xr-x 1 root root 63552 Apr 11 2013 /path/to/sftp-server ^ ^ ^