itnifl
asked on
Open SSH server permitting sftp connection for one user but not the other
I have a Open SSH server permitting sftp connection for one user but not the other. I don't know why this is happening. Both are regular users and both work fine logging on via ssh. Here is the config:
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 768
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin no
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
X11Forwarding no
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Here is the difference in group memberships:
Or this way if you like:
I am testing for both users using WinSCP. File protocol chosen in both cases is the same, SFTP.
user1@Ubu-DR1:~$ more /etc/group | grep user1
adm:x:4:user1
cdrom:x:24:user1
sudo:x:27:user1
dip:x:30:user1
plugdev:x:46:user1
sambashare:x:112:user1
user1:x:1000:
lpadmin:x:114:user1
sftpusers:x:1003:user2,user1
LocalSSHGroup:x:1004:user1
user1@Ubu-DR1:~$ more /etc/group | grep user2
users:x:100:user2
sftpusers:x:1003:user2,user1
user2:x:1002:
Or this way if you like:
user1@Ubu-DR1:~$ id user1
uid=1000(user1) gid=1000(user1) groups=1000(user1),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),112(sambashare),114(lpadmin),1003(sftpusers),1004(LocalSSHGroup)
user1@Ubu-DR1:~$ id user2
uid=1001(user2) gid=1002(user2) groups=1002(user2),100(users),1003(sftpusers)
I am testing for both users using WinSCP. File protocol chosen in both cases is the same, SFTP.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
WinSCP is version 5.1.3.2881. There is no Plink.exe under the WinSCP installation folder or subfolders. I found the file randomly on my system under some homework files from when I was in school, but doupt that the path to this location is in my environment variable paths. The version of that file is 0.60. If the version was the problem it should fail no matter what user I connect with, but that is not the case.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Pageant.exe and puttygen.exe under WinSCP\PuTTY is version 0.62
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
C:\Windows\system32>plink -v c:\fileA.txt host:/tmp/xxx
'plink' is not recognized as an internal or external command,
operable program or batch file.
Like I told you, plink.exe is not in my paths variable on my windows client and is not under the WinSCP installation.
ASKER
I have a terrible confession to make. The real source of the problem is that user1's real username is terribly long, and in this long username was a typo :) the typo was only in the WinSCP profile, that is why everything was working fine with SSH where the username as typed correctly.
Sorry about that guys. You are all receiving points for participating.
Sorry about that guys. You are all receiving points for participating.
Is there any reason you cannot download it to confirm it is not a client issue? It is tough to know what is going on without logging.
ASKER
Typo again, user2's user name is terribly long - not user1.
No problem, didn't see your previous post.
ASKER
savone: I log in with password, but if there are keys, how would I check this? The user that cannot connect via sftp is a new user by the way, just added to the system.