1

I use a server as a jump host (Host A) to ssh to machine on an internal network (Host B).

I use this ssh command and it works OK.

ssh -J user@hostA_IP.com root@hostB_IP.com

Similarly I can scp files to Host B with:

scp -o 'ProxyCommand ssh user@hostA_IP.com -W %h:%p' file.txt root@hostB_IP.com:~/

I am trying to write a c program to do the same using libssh. The closest example that I can find in libssh documentation is port forwarding. Which I understand may be the same thing as jump host. I am using the sftp function in libssh to transfer the files.

I have c program below and it successfully connects to Host A. And I believe that is successfully opening an sftp connection to Host B [Log below]. But when it tries to open a file on Host B it errors with "permission denied".

I have the following questions.

  1. Is the port forwarding being done correctly to Host B? [See the log below - it has an error]

  2. Is this the correct function call to forward the port to Host B? is argument 2 user@IP address?

    rc = ssh_channel_open_forward(channel, "root@hostB_IP.com", 22, "localhost", 5555);

  3. I think the port forwarding is being done correctly as the opening of the sftp session after the portforwarding seems to be successful from the log.

  4. Assuming that the port forwarding and sftp session creation is OK and because the error is "SFTP server: Permission denied", should I be opening the file differently in the sftp session.

This is the code and the full log is below the code:

thank you

Code:

#include <libssh/sftp.h>
int main(int argc, char* argv[]) {

    // Create SSH session
    ssh_session session;
    ssh_channel channel;
    int rc, port = 22;
    char buffer[1024];
    unsigned int nbytes;
    int verbosity = SSH_LOG_PROTOCOL;

    printf("Session...\n");
    session = ssh_new();
    if (session == NULL)
        exit(-1);

    ssh_options_set(session, SSH_OPTIONS_HOST, hostA_IP.com);
    ssh_options_set(session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
    ssh_options_set(session, SSH_OPTIONS_PORT, &port);
    ssh_options_set(session, SSH_OPTIONS_USER, "user");

    printf("Connecting...\n");
    rc = ssh_connect(session);
    if (rc != SSH_OK)
        error(session);

    printf("Password Autentication...\n");
    rc = ssh_userauth_password(session, "user", "userpassword");
    if (rc != SSH_AUTH_SUCCESS)
        error(session);

    printf("Channel...\n");
    channel = ssh_channel_new(session);
    if (channel == NULL)
        exit(-1);

    printf("Port forwarding to Host B...\n");
    rc = ssh_channel_open_forward(channel, "root@hostB_IP.com", 22, "localhost", 5555);
    if (rc != SSH_OK) {
        error(session);
        exit(1);
    }
    printf("Port forwarding done...\n");

    // Open SFTP session
    sftp_session sftp0;
    printf("Opening sftp session...\n");
    sftp0 = sftp_new(session);

    if (sftp0 == NULL) {
        fprintf(stderr, "Error allocating SFTP session: %s\n", ssh_get_error(session));
        return SSH_ERROR;
    }
    // Initialize the SFTP session
    rc = sftp_init(sftp0);
    if (rc != SSH_OK) {
        fprintf(stderr, "Error initializing SFTP session: %s.\n", sftp_get_error(sftp0));
        sftp_free(sftp0);
        return rc;
    }
    printf("SFTP session opened...\n");

    sftp_file file0;
    printf("Openign file on Host B...\n");
    file0 = sftp_open(sftp0, "/home/root/test.blob", O_WRONLY | O_CREAT | O_TRUNC, S_IRWXU);
    if (file0 == NULL) {
        fprintf(stderr, "Can't open test.blob for writing: %s\n", ssh_get_error(session));
        return SSH_ERROR;
        exit(1);
    }
}

Full Log:

Session...
Connecting...
[2021/02/13 10:59:22.044331, 2] ssh_connect:  libssh 0.7.0 (c) 2003-2014 Aris Adamantiadis, Andreas Schneider, and libssh contributors. Distributed under the LGPL, please refer to COPYING file for information about your rights, using threading threads_noop
[2021/02/13 10:59:22.063292, 2] ssh_socket_connect:  Nonblocking connection socket: 3
[2021/02/13 10:59:22.063313, 2] ssh_connect:  Socket connecting, now waiting for the callbacks to work
[2021/02/13 10:59:22.077165, 1] socket_callback_connected:  Socket connection callback: 1 (0)
[2021/02/13 10:59:22.099055, 1] ssh_client_connection_callback:  SSH server banner: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
[2021/02/13 10:59:22.099081, 1] ssh_analyze_banner:  Analyzing banner: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
[2021/02/13 10:59:22.099095, 1] ssh_analyze_banner:  We are talking to an OpenSSH client version: 7.6 (70600)
[2021/02/13 10:59:22.197188, 2] ssh_packet_dh_reply:  Received SSH_KEXDH_REPLY
[2021/02/13 10:59:22.201442, 2] ssh_client_curve25519_reply:  SSH_MSG_NEWKEYS sent
[2021/02/13 10:59:22.201466, 2] ssh_packet_newkeys:  Received SSH_MSG_NEWKEYS
[2021/02/13 10:59:22.210742, 2] ssh_packet_newkeys:  Signature verified and valid
Password Autentication...
Channel...
Port forwarding to Host B...
[2021/02/13 10:59:22.315060, 2] channel_open:  Creating a channel 43 with 64000 window and 32768 max packet
[2021/02/13 10:59:22.465235, 2] ssh_packet_global_request:  Received SSH_MSG_GLOBAL_REQUEST packet
[2021/02/13 10:59:22.465290, 2] ssh_packet_global_request:  UNKNOWN SSH_MSG_GLOBAL_REQUEST hostkeys-00@openssh.com 0
[2021/02/13 10:59:22.465305, 1] ssh_packet_process:  Couldn't do anything with packet type 80
[2021/02/13 10:59:22.709942, 1] ssh_packet_channel_open_fail:  Channel opening failure: channel 43 error (2) Name or service not known
rc is 0
Port forwarding done...
Opening sftp session...
[2021/02/13 10:59:22.710034, 2] channel_open:  Creating a channel 44 with 64000 window and 32768 max packet
[2021/02/13 10:59:22.725936, 2] ssh_packet_channel_open_conf:  Received a CHANNEL_OPEN_CONFIRMATION for channel 44:0
[2021/02/13 10:59:22.725981, 2] ssh_packet_channel_open_conf:  Remote window : 0, maxpacket : 32768
[2021/02/13 10:59:22.742666, 2] channel_rcv_change_window:  Adding 2097152 bytes to channel (44:0) (from 0 bytes)
[2021/02/13 10:59:22.742715, 2] channel_request:  Channel request subsystem success
[2021/02/13 10:59:22.760308, 2] grow_window:  growing window (channel 44:0) to 1280000 bytes
[2021/02/13 10:59:22.760368, 1] sftp_init:  SFTP server version 3
[2021/02/13 10:59:22.760390, 1] sftp_init:  SFTP server extension: posix-rename@openssh.com, version: 1
[2021/02/13 10:59:22.760405, 1] sftp_init:  SFTP server extension: statvfs@openssh.com, version: 2
[2021/02/13 10:59:22.760419, 1] sftp_init:  SFTP server extension: fstatvfs@openssh.com, version: 2
[2021/02/13 10:59:22.760433, 1] sftp_init:  SFTP server extension: hardlink@openssh.com, version: 1
[2021/02/13 10:59:22.760447, 1] sftp_init:  SFTP server extension: fsync@openssh.com, version: 1
SFTP session opened...
Openign file on Host B...
[2021/02/13 10:59:22.842023, 1] sftp_open:  SFTP server: Permission denied
Can't open test.blob for writing: SFTP server: Permission denied
tommy
  • 51
  • 1
  • 5
  • The `remote**host**` parameter of the `ssh_channel_open_forward` should be **host**, so `hostB_IP.com`, not `root@hostB_IP.com` + Your `sftp_new` still opens SFTP on A, not on B. You need to start a new session that connects to `localhost:5555` and start SFTP on top of that. (Btw, I'd expect that libssh can start a session on top of another session, without using a physical forwarded port. But I do not know the API for that). – Martin Prikryl Feb 16 '21 at 09:05

0 Answers0