Solved

SFP on Synology

Posted on 2011-09-23
8
1,587 Views
Last Modified: 2012-05-12
Hi,

I tried to install/run SFTP on my Synolgy NAS DS 210J (latest version of OS, don't know which Linux version is under the hood).
Therefore I followed this article: http://forum.synology.com/wiki/index.php/How_to_setup_an_sftp-server

I can ssh with putty but not sftp. Config of server should be ok, this is most important line:
Subsystem      sftp    /usr/libexec/sftp-server
But it does not work. Can you assist me in troubleshooting?


This is the connection log:
--------------------------------

Status:      Connecting to 192.168.1.6:22...
Response:      fzSftp started
Command:      open "root@192.168.1.6" 22
Command:      Pass: *********
Status:      Connected to 192.168.1.6
Error:      Fatal: unable to initialise SFTP on server: could not connect
Error:      Could not connect to server
Status:      Waiting to retry...
Error:      Connection attempt interrupted by user

This is the config of the server:
--------------------------------------
/etc/ssh/sshd_config

#       $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#RSAAuthentication yes
#PubkeyAuthentication yes

#ListenAddress ::

# The default requires explicit activation of protocol 1
#Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2

#PubkeyAuthentication yes
#AuthorizedKeysFile     .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
#UsePAM no

#AllowAgentForwarding yes
#AllowTcpForwarding yes
# no default banner path
#Banner none

# override default of no subsystems
Subsystem      sftp    /usr/libexec/sftp-server
#Subsystem       sftp    internal-sftp -f DAEMON -l VERBOSE
#Subsystem       sftp    /usr/syno/sbin/sftp-server -l DEBUG3

# Example of overriding settings on a per-user basis
#Match User anoncvs
#       X11Forwarding no
#       AllowTcpForwarding no
#       ForceCommand cvs server
~

0
Comment
Question by:janhoedt
  • 4
  • 2
  • 2
8 Comments
 
LVL 9

Expert Comment

by:parparov
Comment Utility
Do you actually have an executable /usr/libexec/sftp-server ?
0
 
LVL 21

Accepted Solution

by:
Papertrip earned 500 total points
Comment Utility
comment out:
Subsystem      sftp    /usr/libexec/sftp-server

Open in new window

uncomment:
#Subsystem       sftp    internal-sftp -f DAEMON -l VERBOSE

Open in new window


reload sshd and try again.
0
 

Author Comment

by:janhoedt
Comment Utility
There is no sftp at the location you mention:

DS> cd libexec/
DS> ls
SynoindexShareCommon.sh  share_delete             share_set
But it should be installed as

DS> ipkg install openssh-sftp-server
Package openssh-sftp-server (5.9p1-1) installed in root is up to date.
Nothing to be done
Successfully terminated.
0
 
LVL 21

Expert Comment

by:Papertrip
Comment Utility
Did you try my suggestion?
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Author Comment

by:janhoedt
Comment Utility
I will
0
 
LVL 9

Expert Comment

by:parparov
Comment Utility
What does 'ipkg files openssh-sftp-server' output?
0
 

Author Comment

by:janhoedt
Comment Utility
Have to park this question since I cannot troubleshoot this for the time being. Will reopen/refer to it when timeslot would occur.
0
 

Author Closing Comment

by:janhoedt
Comment Utility
Please see latest remark, can't ask other question without closing this so I'll have to close. Will reopen/refer to this later.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Network Interface Card (NIC) bonding, also known as link aggregation, NIC teaming and trunking, is an important concept to understand and implement in any environment where high availability is of concern. Using this feature, a server administrator …
How many times have you wanted to quickly do the same thing to a list but found yourself typing it again and again? I first figured out a small time saver with the up arrow to recall the last command but that can only get you so far if you have a bi…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now