태그 보관물: sftp

sftp

sFTP 서버가 시작되지 않습니다 14:29:45 arm auth.debug sshd[2070]:

ssh에 문제가없는 동안 sFTP가 작동하는 데 문제가 있습니다. 기본적으로 기존 임베디드 Linux 파일 시스템을 사용하여 ARM 프로세서 용 zlib, openssl 및 openssh를 빌드하고 있습니다. 아이디어를 검색 한 후에는 일반적인 문제인 것처럼 보였지만 아직 진전이 없었습니다. 빈 비밀번호를 가진 루트 인 한 명의 사용자 만 정의했습니다.

openssh 버전 4.7p1을 사용하고 있으며 다음 설정으로 sshd_config를 수정했습니다.

PermitRootLogin yes
PermitEmptyPasswords yes
UseDNS yes
UsePrivilegeSeparation no
SyslogFacility AUTH
LogLevel DEBUG3
Subsystem sftp /usr/local/libexec/sftp-server -f AUTH -l DEBUG3

sftp-server는 / usr / local / libexec에 있으며 다음 권한이 있습니다.

root@arm:/usr/local/libexec# ls -l
-rwxr-xr-x    1 root     root         65533 Oct  3 22:12 sftp-server
-rwx--x--x    1 root     root        233539 Oct  3 22:12 ssh-keysign

sftp_server 실행 파일의 이름을 바꾸면 다음 오류가 발생하기 때문에 sftp-server를 찾을 수 있습니다 (경로가 sshd_config에 설정되어 있음).

auth.err sshd[1698]: error: subsystem: cannot stat /usr/local/libexec/sftp-server: No such file or directory
auth.info sshd[1698]: subsystem request for sftp failed, subsystem not found

또한 대상의 로그인 초기화 스크립트는 매우 단순하며 단일 파일 (etc / profile.d / local.sh)로 구성되며 아래에 표시된 것처럼 LD_LIBRARY_PATH, PATH 및 PYTHONPATH에 대한 정의 만 포함됩니다.

#!/bin/sh
export LD_LIBRARY_PATH="/usr/local/lib"
export PATH="/usr/local/bin:/usr/local/libexec:${PATH}"
export PYTHONPATH="/home/root/python"

보시다시피 .bashrc, .profile 등은 루트의 홈 디렉토리에 없습니다.

root@arm:~# ls -la
drwxr-xr-x    2 root     root          4096 Oct  4 14:57 .
drwxr-xr-x    3 root     root          4096 Oct  4 01:11 ..
-rw-------    1 root     root           120 Oct  4 01:21 .bash_history

다음은 FileZilla를 사용하여 대상의 sftp 서버에 연결할 때 시스템 로그 출력입니다. 로그에서 sftp-server 실행 파일을 찾은 것으로 보이지만 자식 프로세스는 즉시 종료됩니다. sshd_config (서브 시스템 sftp / usr / local / libexec / sftp-server -f AUTH -l DEBUG3)에서 sftp-server를 호출 할 때 디버그 인수를 사용하고 있지만 로그가 캡처되지 않았습니다.

Oct  4 14:29:45 arm auth.info sshd[2070]: Connection from 192.168.1.12 port 45888
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug1: Client protocol version 2.0; client software version PuTTY_Local:_Mar_28_2012_12:33:05
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug1: no match: PuTTY_Local:_Mar_28_2012_12:33:05
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug1: Enabling compatibility mode for protocol 2.0
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug1: Local version string SSH-2.0-OpenSSH_4.7
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug2: fd 3 setting O_NONBLOCK
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug1: list_hostkey_types: ssh-rsa,ssh-dss
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug1: SSH2_MSG_KEXINIT sent
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug1: SSH2_MSG_KEXINIT received
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellma1
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysr
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysr
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: none,zlib@openssh.com
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: none,zlib@openssh.com
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit:
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit:
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: first_kex_follows 0
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: reserved 0
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellma1
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfish-ctr,blowfi8
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfish-ctr,blowfi8
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: none,zlib
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: none,zlib
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit:
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit:
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: first_kex_follows 0
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_parse_kexinit: reserved 0
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug2: mac_setup: found hmac-sha1
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug1: kex: client->server aes256-ctr hmac-sha1 none
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug2: mac_setup: found hmac-sha1
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug1: kex: server->client aes256-ctr hmac-sha1 none
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug1: SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug2: dh_gen_key: priv key bits set: 277/512
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug2: bits set: 2052/4096
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug2: bits set: 2036/4096
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug2: kex_derive_keys
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug2: set_newkeys: mode 1
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug2: cipher_init: set keylen (16 -> 32)
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug1: SSH2_MSG_NEWKEYS sent
Oct  4 14:29:45 arm auth.debug sshd[2070]: debug1: expecting SSH2_MSG_NEWKEYS
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug2: set_newkeys: mode 0
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug2: cipher_init: set keylen (16 -> 32)
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug1: SSH2_MSG_NEWKEYS received
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug1: KEX done
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug1: userauth-request for user root service ssh-connection method none
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug1: attempt 0 failures 0
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug3: Trying to reverse map address 192.168.1.12.
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug2: parse_server_config: config reprocess config len 302
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug2: input_userauth_request: setting up authctxt for root
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug2: input_userauth_request: try method none
Oct  4 14:29:46 arm auth.info sshd[2070]: Accepted none for root from 192.168.1.12 port 45888 ssh2
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug1: Entering interactive session for SSH2.
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug2: fd 4 setting O_NONBLOCK
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug2: fd 5 setting O_NONBLOCK
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug1: server_init_dispatch_20
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug1: server_input_channel_open: ctype session rchan 256 win 2147483647 max 16384
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug1: input_session_request
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug1: channel 0: new [server-session]
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug1: session_new: init
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug1: session_new: session 0
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug1: session_open: channel 0
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug1: session_open: session 0: link with channel 0
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug1: server_input_channel_open: confirm session
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug1: server_input_channel_req: channel 0 request simple@putty.projects.tartarus.org reply 0
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug1: session_by_channel: session 0 channel 0
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug1: session_input_channel_req: session 0 req simple@putty.projects.tartarus.org
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug1: server_input_channel_req: channel 0 request subsystem reply 1
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug1: session_by_channel: session 0 channel 0
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug1: session_input_channel_req: session 0 req subsystem
Oct  4 14:29:46 arm auth.info sshd[2070]: subsystem request for sftp
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug1: subsystem: exec() /usr/local/libexec/sftp-server -f AUTH -l DEBUG3
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug2: fd 3 setting TCP_NODELAY
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug2: fd 7 setting O_NONBLOCK
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug3: fd 7 is O_NONBLOCK
Oct  4 14:29:46 arm auth.debug sshd[2073]: debug1: permanently_set_uid: 0/0
Oct  4 14:29:46 arm auth.debug sshd[2073]: debug3: channel 0: close_fds r -1 w -1 e -1 c -1
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: read<=0 rfd 7 len -1
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: read failed
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: close_read
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: input open -> drain
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: ibuf empty
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: send eof
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: input drain -> closed
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug2: notify_done: reading
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug1: Received SIGCHLD.
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug1: session_by_pid: pid 2073
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug1: session_exit_message: session 0 channel 0 pid 2073
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: request exit-status confirm 0
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug1: session_exit_message: release channel 0
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: write failed
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: close_write
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: output open -> closed
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: send close
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug3: channel 0: will not send data after close
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: rcvd close
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug3: channel 0: will not send data after close
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: is dead
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: gc: notify user
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug1: session_by_channel: session 0 channel 0
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug1: session_close_by_channel: channel 0 child 0
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug1: session_close: session 0 pid 0
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: gc: user detached
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: is dead
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug2: channel 0: garbage collecting
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug1: channel 0: free: server-session, nchannels 1
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug3: channel 0: status: The following connections are open:\r\n  #0 server-session (t4 r256 i3/0 o3/0 fd 7/7 cfd -1)\r\n
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug3: channel 0: close_fds r 7 w 7 e -1 c -1
Oct  4 14:29:46 arm auth.info sshd[2070]: Connection closed by 192.168.1.12
Oct  4 14:29:46 arm auth.debug sshd[2070]: debug1: do_cleanup
Oct  4 14:29:46 arm auth.info sshd[2070]: Closing connection to 192.168.1.12


답변

이것이 귀하의 문제에 대한 직접적인 대답보다 다른 대안이기는하지만 외부 서버 대신 내부 sftp 서버를 사용해보십시오. 이것은 임베디드 시스템이기 때문에 어쨌든 그렇게하는 것이 더 합리적입니다.

에 다음을 sshd_config추가하십시오.

Subsystem sftp internal-sftp

그렇게하면 sftp 바이너리를 생략하고 공간을 절약 할 수 있습니다.


답변