SFTP Issue



  • @kpa:

    It's supposedly an easy to use file manager (for being an ncurses application) but since there are better ones like Filezilla, WinSCP and others that can use an SFTP connection and offer a proper GUI on your workstation I don't see why you would want to install it on pfSense.

    Is SFTP supposed to work out of the box on pfsense? (Assuming a ssh key is added for the client).

    I had to use winscp which I hate using because if I use a ftp client with SFTP I get the following message.

    [23:15:20] [R] Auth Type: Public Key
    [23:15:20] [R] Authentication succeeded
    [23:15:20] [R] SSH Connection open
    [23:15:20] [R] SSH Error: 101 Invalid Packet
    [23:15:20] [R] [info] subsystem request for sftp failed, subsystem not found.
    [23:15:20] [R] [execute] /usr/lib/openssh/sftp-server
    [23:15:20] [R] SSH Error: 101 Invalid Packet
    [23:15:20] [R] [execute] /usr/lib/sftp-server
    

    If it is supposed to work maybe a bug should be filed? This is on pfsense 2.4.

    Also I dont see the harm of making a pkg for mc providing the dependencies are low, as everyone has their favourite tools.

    confirmed adding this line to /etc/ssh/sshd_config makes it work

    Subsystem sftp internal-sftp
    ```pfsense 2.4

  • Rebel Alliance Developer Netgate

    Filezilla and WinSCP work fine with any user that is not "admin" (root works, as will any other user with proper privileges). Also assuming you enabled SSH…



  • Jim I added some more info

    adding this line to sshd_config makes sftp work, it would be nice if this was made the default, thanks.

    Subsystem sftp internal-sftp
    
    [23:22:03] [R] Auth Type: Public Key
    [23:22:03] [R] Authentication succeeded
    [23:22:03] [R] SSH Connection open
    [23:22:03] [R] Connection established with OpenSSH_7.2 (SFTP v3)
    [23:22:03] [R] SFTP Connection Ready
    [23:22:04] [R] Retrieving directory listing...
    [23:22:04] [R] List Complete: 1,825 bytes in 0.03 seconds (1.8 KB/s)
    


  • an update.  I hold my hands up here, the issue is I was using the admin account which is stated on the pfsense documentation as not compatible with sftp, once I tested with other accounts then sftp works fine on the out of the box config, so in short the patch is not needed.

    For the curious, the reason internal-sftp worked and why the admin account doesnt work out of the box is the sftp binary will fail when there is a large amount of output text during the login process such as a large motd, in the case of pfsense admin's shell is set to rc.initial (the shell menu) and thats why it only worked with internal-sftp.  I am now correctly using the root uid for sftp login.