6

I'm running an sftp server on port 10022 using openssh-server on debian, hosted on EC2/AWS. I have configured password-based authentication for a single user, but the server connection is closed immediately after I submit the correct password. Here is the output from the sftp client:

steve@localhost's password: 
debug2: we sent a password packet, wait for reply
debug1: Authentication succeeded (password).
Authenticated to localhost ([127.0.0.1]:10022).
debug2: fd 4 setting O_NONBLOCK
debug1: channel 0: new [client-session]
debug2: channel 0: send open
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
Connection to localhost closed by remote host.
Transferred: sent 1972, received 1644 bytes, in 0.0 seconds
Bytes per second: sent 1281358.2, received 1068231.7
debug1: Exit status -1
Couldn't read packet: Connection reset by peer

I have the server running inside a docker container, the really weird thing is that if I run the docker container locally on my Mac I can connect just fine, but when I run it on the AWS server I get the problem above. The above output was produced by running the sftp client on the AWS server (trying to connect to localhost) so I don't think this is anything to do with network access to AWS

codebox
  • 177
  • 1
  • 2
  • 8

1 Answers1

4

I would set LogLevel VERBOSE in /etc/ssh/sshd_config then restart sshd and check /var/log/auth.log to get more details.

Fabian
  • 397
  • 3
  • 17
  • 1
    Thanks, I already have this set but no output is produced in any log file - auth.log doesn't exist – codebox Dec 23 '17 at 09:26
  • In `/etc/ssh/sshd_config` you can set `SyslogFacility AUTH`. After restart of sshd auth.log should be available. – Fabian Dec 23 '17 at 09:42
  • Ok, I managed to get hold of logging information by having docker start sshd in debug mode - this told me that the permissions for the chroot jail were incorrect. Despite me having run chown root:root command in the Dockerfile the owner/group were set to '500'. Manually changing these to root fixed the problem. Thanks for your help! – codebox Dec 23 '17 at 10:09
  • Thank you a lot! Your suggest change log level was brilliant! I've tried to set `ChrootDirectory` to directory which is located deep into other user's home. This is not work, OpenSSH requires that all chrooted directory components have correct ownership and permissions (root.root 755) – Geradlus_RU Aug 25 '20 at 19:15