Sftp ~~not~~ working

rcfa · Jun 23, 2012, 1:02 PM

Hi,

tried to sftp into the pfSense box with the admin user and password, and this is what I get:

myHost:~ $ sftp admin@123.45.67.89
Password:
Received message too long 707406368
myHost:~ $

[IP address modified, of course]

slogin works just fine, however. I need sftp to upload files for vhosts…

mrzaz · Jun 23, 2012, 11:23 AM

I think it may have to do with a welcoming message popping up after the successful login.
sftp doesn't like welcoming messages. (/etc/motd)

I originally had this problem at work and what I did was to insert a
detection-function that detected if this was a sftp-session and skipped the "motd" file.
(renaming the "motd" and the load i manually in script later)

I will get back with a solution within short.

Here are a few links
http://autosys.us/misc/sftp_received_message_too_long.html
http://www.snailbook.com/faq/sftp-corruption.auto.html
http://ubuntuforums.org/showthread.php?t=1656869
http://www.linuxquestions.org/questions/slackware-14/sftp-received-message-too-long-887856/

Just google "sftp Received message too long" and you will get a lot of hits.

As someone suggested in a linux-forum (which I don't know if works on BSD)


if [ ${TERM} != "dumb" ]; then
  test -s ~/.bashrc-local && . ~/.bashrc-local
 fi

//Dan

rcfa · Jun 23, 2012, 11:48 AM

Ok, thanks for pointing me in the right direction. The issue is the menu system gets activated when I try to sftp in as admin.

So I created a new user named after the web site, made a new group called webmaster, with one privilege, which is to login with a shell. So that user now can sftp in just fine. May have to work on the access privileges a bit such that the user can write into the proper folder, that's pretty much standard stuff, just depends on if/how vhosts works, which is what the whole exercise is all about: having a user that can sftp web site content.

stephenw10 · Jun 23, 2012, 12:11 PM

This has always been the case.
You can log in as root via sftp no problems. No good in your scenario though.

Steve

rcfa · Jun 23, 2012, 1:01 PM

@stephenw10:

This has always been the case.
You can log in as root via sftp no problems. No good in your scenario though.

Wouldn't have mattered to use root, since there are only three people ever working with this: me, myself and I ;)

But yes, it's better to separate things, it's easy that a bug in a tool creates a lot of damage, when it accesses the file system with root privileges. But I was just thrown off by the error that I didn't get. In hindsight it all makes sense, as usual…

cmb · Jun 23, 2012, 3:16 PM

@rcfa:

But yes, it's better to separate things, it's easy that a bug in a tool creates a lot of damage, when it accesses the file system with root privileges.

Then you don't want to use admin. admin==root

Create another user that has shell privileges to accomplish that.

rcfa · Jun 23, 2012, 9:18 PM

@cmb:

@rcfa:

But yes, it's better to separate things, it's easy that a bug in a tool creates a lot of damage, when it accesses the file system with root privileges.

Then you don't want to use admin. admin==root

Create another user that has shell privileges to accomplish that.

I did that :)

@rcfa:

So I created a new user named after the web site, made a new group called webmaster, with one privilege, which is to login with a shell. So that user now can sftp in just fine. May have to work on the access privileges a bit such that the user can write into the proper folder, that's pretty much standard stuff, just depends on if/how vhosts works, which is what the whole exercise is all about: having a user that can sftp web site content.