F5F Stay Refreshed Power Users Networks Unable to determine the reason for the SFTP server connection failure.

Unable to determine the reason for the SFTP server connection failure.

Unable to determine the reason for the SFTP server connection failure.

J
JonathanDigger
Junior Member
Find
40
01-02-2018, 02:47 AM
#1
forgive me if this is the wrong place, somewhat of a newcomer here. I have a secondary PC acting as a server on Ubuntu 18.04 LTS. On it is a pi-hole, VPN, Plex, and a SFTP server. the pi-hole, VPN and Plex are working fine. the SFTP server is the problem. on this SFTP server, I have 3 users, all of which can only access specific folders which I assigned them. These folders are all on the primary drive, and all 3 of them works fine. I have a secondary drive, which is mounted at /mnt/secondary. When I try to setup a SFTP server which can only access a folder within the secondary drive, Filezilla throws me a "software caused connection abort" error. Full Filezilla log below. Status: Connecting to server.xyz:526... Response: fzSftp started, protocol_version=9 Command: open "[email protected]" 526 Command: Pass: **** Error: FATAL ERROR: Network error: Software caused connection abort Error: Could not connect to server Status: Waiting to retry... Trace: CControlSocket::SendNextCommand() Trace: CSftpConnectOpData::Send() in state 0 Status: Connecting to server.xyz:526... Trace: Going to execute C:\Program Files\FileZilla FTP Client\fzsftp.exe Response: fzSftp started, protocol_version=9 Trace: CSftpConnectOpData:TonguearseResponse() in state 0 Trace: CControlSocket::SendNextCommand() Trace: CSftpConnectOpData::Send() in state 3 Command: open "[email protected]" 526 Trace: Looking up host "server.xyz" for SSH connection Trace: Connecting to 192.168.0.3 port 526 Trace: We claim version: SSH-2.0-FileZilla_3.47.2.1 Trace: Remote version: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 Trace: Using SSH protocol version 2 Trace: Doing ECDH key exchange with curve Curve25519 and hash SHA-256 (SHA-NI accelerated) Trace: Server also has ecdsa-sha2-nistp256/ssh-rsa host keys, but we don't know any of them Trace: Host key fingerprint is: Trace: ssh-ed25519 255 b2:62:72:5a:22:9e:37:ab:75:51:03:f7:56:a9:4c:86 K7oLTDk7OZANh0RGQRvKEJNVdwbPBdn3KS1LpZW1wv8= Trace: Initialised AES-256 SDCTR (AES-NI accelerated) outbound encryption Trace: Initialised HMAC-SHA-256 (SHA-NI accelerated) outbound MAC algorithm Trace: Initialised AES-256 SDCTR (AES-NI accelerated) inbound encryption Trace: Initialised HMAC-SHA-256 (SHA-NI accelerated) inbound MAC algorithm Command: Pass: **** Trace: Sent password Trace: Access granted Trace: Opening main session channel Trace: Network error: Software caused connection abort Error: FATAL ERROR: Network error: Software caused connection abort Trace: CSftpControlSocket::OnTerminate without error Trace: CControlSocket:Big GrinoClose(66) Trace: CControlSocket::ResetOperation(66) Trace: CSftpConnectOpData::Reset(66) in state 3 Error: Could not connect to server Trace: CFileZillaEnginePrivate::ResetOperation(66) Status: Waiting to retry... Trace: CControlSocket:Big GrinoClose(66) Trace: CControlSocket::ResetOperation(66) Trace: CFileZillaEnginePrivate::ResetOperation(66) Trace: CControlSocket:Big GrinoClose(66) Trace: CControlSocket::ResetOperation(66) Trace: CFileZillaEnginePrivate::ResetOperation(66) Trace: CFileZillaEnginePrivate::ContinueConnect called without pending Command::connect Trace: CFileZillaEnginePrivate::ResetOperation(130) Trace: CFileZillaEnginePrivate::ResetOperation(130) Would appreciate any form of help, thank you!
Reply
Reply
J
JonathanDigger
01-02-2018, 02:47 AM #1

forgive me if this is the wrong place, somewhat of a newcomer here. I have a secondary PC acting as a server on Ubuntu 18.04 LTS. On it is a pi-hole, VPN, Plex, and a SFTP server. the pi-hole, VPN and Plex are working fine. the SFTP server is the problem. on this SFTP server, I have 3 users, all of which can only access specific folders which I assigned them. These folders are all on the primary drive, and all 3 of them works fine. I have a secondary drive, which is mounted at /mnt/secondary. When I try to setup a SFTP server which can only access a folder within the secondary drive, Filezilla throws me a "software caused connection abort" error. Full Filezilla log below. Status: Connecting to server.xyz:526... Response: fzSftp started, protocol_version=9 Command: open "[email protected]" 526 Command: Pass: **** Error: FATAL ERROR: Network error: Software caused connection abort Error: Could not connect to server Status: Waiting to retry... Trace: CControlSocket::SendNextCommand() Trace: CSftpConnectOpData::Send() in state 0 Status: Connecting to server.xyz:526... Trace: Going to execute C:\Program Files\FileZilla FTP Client\fzsftp.exe Response: fzSftp started, protocol_version=9 Trace: CSftpConnectOpData:TonguearseResponse() in state 0 Trace: CControlSocket::SendNextCommand() Trace: CSftpConnectOpData::Send() in state 3 Command: open "[email protected]" 526 Trace: Looking up host "server.xyz" for SSH connection Trace: Connecting to 192.168.0.3 port 526 Trace: We claim version: SSH-2.0-FileZilla_3.47.2.1 Trace: Remote version: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 Trace: Using SSH protocol version 2 Trace: Doing ECDH key exchange with curve Curve25519 and hash SHA-256 (SHA-NI accelerated) Trace: Server also has ecdsa-sha2-nistp256/ssh-rsa host keys, but we don't know any of them Trace: Host key fingerprint is: Trace: ssh-ed25519 255 b2:62:72:5a:22:9e:37:ab:75:51:03:f7:56:a9:4c:86 K7oLTDk7OZANh0RGQRvKEJNVdwbPBdn3KS1LpZW1wv8= Trace: Initialised AES-256 SDCTR (AES-NI accelerated) outbound encryption Trace: Initialised HMAC-SHA-256 (SHA-NI accelerated) outbound MAC algorithm Trace: Initialised AES-256 SDCTR (AES-NI accelerated) inbound encryption Trace: Initialised HMAC-SHA-256 (SHA-NI accelerated) inbound MAC algorithm Command: Pass: **** Trace: Sent password Trace: Access granted Trace: Opening main session channel Trace: Network error: Software caused connection abort Error: FATAL ERROR: Network error: Software caused connection abort Trace: CSftpControlSocket::OnTerminate without error Trace: CControlSocket:Big GrinoClose(66) Trace: CControlSocket::ResetOperation(66) Trace: CSftpConnectOpData::Reset(66) in state 3 Error: Could not connect to server Trace: CFileZillaEnginePrivate::ResetOperation(66) Status: Waiting to retry... Trace: CControlSocket:Big GrinoClose(66) Trace: CControlSocket::ResetOperation(66) Trace: CFileZillaEnginePrivate::ResetOperation(66) Trace: CControlSocket:Big GrinoClose(66) Trace: CControlSocket::ResetOperation(66) Trace: CFileZillaEnginePrivate::ResetOperation(66) Trace: CFileZillaEnginePrivate::ContinueConnect called without pending Command::connect Trace: CFileZillaEnginePrivate::ResetOperation(130) Trace: CFileZillaEnginePrivate::ResetOperation(130) Would appreciate any form of help, thank you!

Reply
Reply
M
moosejr3
Member
Find
67
01-02-2018, 10:14 AM
#2
Review the server logs such as cat /var/log/auth.log and cat /var/log/syslog. Check if FileZilla is attempting to launch in a location the user lacks permissions for. Would you believe each user should have access to their personal home directory on the Linux system?
Reply
Reply
M
moosejr3
01-02-2018, 10:14 AM #2

Review the server logs such as cat /var/log/auth.log and cat /var/log/syslog. Check if FileZilla is attempting to launch in a location the user lacks permissions for. Would you believe each user should have access to their personal home directory on the Linux system?

Reply
Reply
M
Mel_Kawaii
Member
Find
182
01-02-2018, 01:01 PM
#3
The log indicates a permission error in the chroot directory component "/mnt/secondary/". It appears there may be an ownership or mode problem, but I'm not entirely confident about the solution.
Reply
Reply
M
Mel_Kawaii
01-02-2018, 01:01 PM #3

The log indicates a permission error in the chroot directory component "/mnt/secondary/". It appears there may be an ownership or mode problem, but I'm not entirely confident about the solution.

Reply
Reply
R
rmk1205
Junior Member
Find
30
01-02-2018, 01:51 PM
#4
The access rights on /mnt/secondary seem misconfigured. Refer to the article for details: https://serverfault.com/a/584993. Essentially, this path must be owned by root, with only root allowed write access. The subfolders would then belong to the user(s). Likely setup looks like: chown root:root /mnt, chmod 755 /mnt, and then chown root:root /mnt/secondary chmod 755 /mnt/secondary. This grants the owner full permissions (read, write, execute) and others read and execute.
Reply
Reply
R
rmk1205
01-02-2018, 01:51 PM #4

The access rights on /mnt/secondary seem misconfigured. Refer to the article for details: https://serverfault.com/a/584993. Essentially, this path must be owned by root, with only root allowed write access. The subfolders would then belong to the user(s). Likely setup looks like: chown root:root /mnt, chmod 755 /mnt, and then chown root:root /mnt/secondary chmod 755 /mnt/secondary. This grants the owner full permissions (read, write, execute) and others read and execute.

Reply
Reply
V
Venice_
Member
Find
61
01-03-2018, 03:18 AM
#5
Certainly! Here’s a revised version of your question:

Would it be possible to establish a more reliable way to set permissions so they’re owned by root, and then proceed from there?
Reply
Reply
V
Venice_
01-03-2018, 03:18 AM #5

Certainly! Here’s a revised version of your question:

Would it be possible to establish a more reliable way to set permissions so they’re owned by root, and then proceed from there?

Reply
Reply
T
tacgun
Member
Find
70
01-04-2018, 11:37 AM
#6
Default settings for root-owned files seem safer from a security standpoint. It might be simpler to determine the required permissions ahead of time.
Reply
Reply
T
tacgun
01-04-2018, 11:37 AM #6

Default settings for root-owned files seem safer from a security standpoint. It might be simpler to determine the required permissions ahead of time.

Reply
Reply
D
Danjobro
Member
Find
54
01-08-2018, 10:32 AM
#7
Sure thing!
Reply
Reply
D
Danjobro
01-08-2018, 10:32 AM #7

Sure thing!

Reply
Reply