Aditro
asked on
SFTP Unix client to windows Server "Couldnt canonicalise"
Unfortunately im sitting in between two suppliers so i dont have all the necessary OS info to hand but hopefully it wont matter too much as this is an SFTP question.
The situation is such that we have a windows based SFTP server hosted at our supplier. We have a customer who needs to be able to copy and retrieve files from their unix based machine to our server.
We have tested the comunications using FTP and they workfine, as does their account when using FTP. However the nature of the file contents is sensitive so they wish to use SFTP command line shell and a script.
We cannot get the unix system to complete the login. I have tested to login to the windows based SFTP using WinSCP and initially reproduced the problem. Then realised that / must be specified to login to root directory. WinSCP logs in fine using the account details.
I then installed Cygwin and the SSH package to try to "simulate" using the SFTP command line from unix and it just will not log me in.
Trying to login with the command $ SFTP user@server:/
Have tried a few variations, such as no :/, ~/, //, \, \\
and receive the error "Couldn't canonicalise. Need CWD" everytime
I tried to access the file directly via SFTP and via SCP comand lines and get a "permission denied" message.
However I can access the file just fine using WinSCP client and exactly the same account details.
Im confused as I figured that SFTP, like FTP, is independant of platform and should allow transfer of files. I believed it to be a problem in the script on the customer side, but having spent the last couple of hours trying diferent syntax trying to get SFTP unix comand to login and not getting any joy, im beginning to wonder if that is so? Could it be a problem with cross platform communication. can it be a security problem betwen OS's that they cant read each others security settings?
Thanks in advance.
/Dan
The situation is such that we have a windows based SFTP server hosted at our supplier. We have a customer who needs to be able to copy and retrieve files from their unix based machine to our server.
We have tested the comunications using FTP and they workfine, as does their account when using FTP. However the nature of the file contents is sensitive so they wish to use SFTP command line shell and a script.
We cannot get the unix system to complete the login. I have tested to login to the windows based SFTP using WinSCP and initially reproduced the problem. Then realised that / must be specified to login to root directory. WinSCP logs in fine using the account details.
I then installed Cygwin and the SSH package to try to "simulate" using the SFTP command line from unix and it just will not log me in.
Trying to login with the command $ SFTP user@server:/
Have tried a few variations, such as no :/, ~/, //, \, \\
and receive the error "Couldn't canonicalise. Need CWD" everytime
I tried to access the file directly via SFTP and via SCP comand lines and get a "permission denied" message.
However I can access the file just fine using WinSCP client and exactly the same account details.
Im confused as I figured that SFTP, like FTP, is independant of platform and should allow transfer of files. I believed it to be a problem in the script on the customer side, but having spent the last couple of hours trying diferent syntax trying to get SFTP unix comand to login and not getting any joy, im beginning to wonder if that is so? Could it be a problem with cross platform communication. can it be a security problem betwen OS's that they cant read each others security settings?
Thanks in advance.
/Dan
ASKER
No the message isnt there. below i have pasted an extract from the log file. We have actually solved this now using a different protocol, but i am still interested to know the problem here. As said it seemed strange that it worked with a windows client. I expected SFTP to work independant of platform.
debug1: Connection established.
debug1: permanently_set_uid: 0/3
debug1: identity file /.root/.ssh/id_rsa type 1
debug1: identity file /.root/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version 3.2.3 F-Secure SSH Windows NT Server
debug1: no match: 3.2.3 F-Secure SSH Windows NT Server
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Host 'XXXXXXX' is known and matches the DSA host key.
debug1: Found key in /.root/.ssh/known_hosts:33
debug1: ssh_dss_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /.root/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /.root/.ssh/id_dsa
debug1: Next authentication method: password
XXXXXXXXXXXXXXX's password:
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending subsystem: sftp
Couldn't canonicalise: Failure
Need cwd
[root@XXXX:/tmp]
$ debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
debug1: fd 1 clearing O_NONBLOCK
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 4.6 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 0
/dan
debug1: Connection established.
debug1: permanently_set_uid: 0/3
debug1: identity file /.root/.ssh/id_rsa type 1
debug1: identity file /.root/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version 3.2.3 F-Secure SSH Windows NT Server
debug1: no match: 3.2.3 F-Secure SSH Windows NT Server
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Host 'XXXXXXX' is known and matches the DSA host key.
debug1: Found key in /.root/.ssh/known_hosts:33
debug1: ssh_dss_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /.root/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /.root/.ssh/id_dsa
debug1: Next authentication method: password
XXXXXXXXXXXXXXX's password:
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending subsystem: sftp
Couldn't canonicalise: Failure
Need cwd
[root@XXXX:/tmp]
$ debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
debug1: fd 1 clearing O_NONBLOCK
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 4.6 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 0
/dan
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This same issue occurred for me on SFTP from windows to UNIX.
Even though the home directory was readable to the login ID, the root file system was not and SFTP was not able to traverse up the tree.
# cd /
# ls -ld
drwx--x--x 20 root root 22 Oct 1 13:16 .
Solution:
# chmod a+r /
# ls -ld
drwxr-xr-x 20 root root 22 Oct 1 13:16 .
Even though the home directory was readable to the login ID, the root file system was not and SFTP was not able to traverse up the tree.
# cd /
# ls -ld
drwx--x--x 20 root root 22 Oct 1 13:16 .
Solution:
# chmod a+r /
# ls -ld
drwxr-xr-x 20 root root 22 Oct 1 13:16 .
There must be a 'Permission denied' message between "Couldn't canonicalise" and "Need CWD", too. Is it there?