Hello,
we use WS_FTP Professional to connect to our Linux Debian 9 server for file transfer.
We find following error message in the journal:
sftp-server[]: error: Unknown extended request "check-file-name"
How can we configure Debian to accept this type of SSH_FXP_EXTENDED message?
Thanks for advice.
Cheers mike
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
sftp Server Error Message
-
ruwolf
- Posts: 639
- Joined: 2008-02-18 05:04
- Location: Banovce nad Bebravou
- Has thanked: 40 times
- Been thanked: 28 times
Re: sftp Server Error Message
SSH_FXP_EXTENDED is vendor-specific extension: https://tools.ietf.org/id/draft-ietf-se ... fer-02.txt
Re: sftp Server Error Message
Hi ruwolf,
thanks for your reply.
Ofcourse this is vendor specific.
The question is, how these requests are handled by sftp-server module in debian 9.
I also found some posts about the sftp subsystem configuration in sshd_config
#Subsystem sftp /usr/lib/openssh/sftp-server
#Subsystem sftp internal-sftp
BTW what is the difference of these two entries, if anybody knows?
However, if somebody could help me with the SSH_FXP_EXTENDED,
this would be great.
cheers mike
thanks for your reply.
Ofcourse this is vendor specific.
The question is, how these requests are handled by sftp-server module in debian 9.
I also found some posts about the sftp subsystem configuration in sshd_config
#Subsystem sftp /usr/lib/openssh/sftp-server
#Subsystem sftp internal-sftp
BTW what is the difference of these two entries, if anybody knows?
However, if somebody could help me with the SSH_FXP_EXTENDED,
this would be great.
cheers mike
Re: sftp Server Error Message
The online manual is always a good resource to consult, using a keyword:It's obvious which one is of interest, so "man sftp-server" reveals:
So using the -Q option from the command line tells you what requests must be preserved:Apparently it's a simple matter of including your proprietary request in the comma-separated list within /etc/ssh/sshd_config Caution the line-wrap here, constructed using "/usr/lib/openssh/sftp-server -Q requests | paste -s -d, ":It remains to be seen whether such a proprietary protocol request will be recognized by the Linux sftp-server in a way that the client expects, however.
Regarding your second question, "internal-sftp" can be answered in "man sshd_config".
Code: Select all
$ man -k sftp
sftp (1) - secure file transfer program
sftp-server (8) - SFTP server subsystem
Code: Select all
...
-p whitelisted_requests
Specify a comma-separated list of SFTP protocol requests that are permitted by the server. All request types that are not on the whitelist will be logged and replied to with a failure message.
Care must be taken when using this feature to ensure that requests made implicitly by SFTP clients are permitted.
...
-Q protocol_feature
Query protocol features supported by sftp-server. At present the only feature that may be queried is “requests”, which may be used for black or whitelisting (flags -P and -p respectively).
...Code: Select all
$ /usr/lib/openssh/sftp-server -Q requests
open
close
read
write
lstat
fstat
setstat
fsetstat
opendir
readdir
remove
mkdir
rmdir
realpath
stat
rename
readlink
symlink
posix-rename
statvfs
fstatvfs
hardlink
fsync
Code: Select all
Subsystem sftp /usr/lib/openssh/sftp-server -p \ open,close,read,write,lstat,fstat,setstat,fsetstat,opendir,readdir,remove,mkdir,rmdir,realpath,stat,rename,readlink,symlink,posix-rename,statvfs,fstatvfs,hardlink,fsync,check-file-nameRegarding your second question, "internal-sftp" can be answered in "man sshd_config".
Last edited by techsavvy on 2019-08-08 16:46, edited 2 times in total.
Re: sftp Server Error Message
Hi techsavvy,
thanks lot for your great reply.
i have done exactly like you proposed.
in sshd_config file there is now the line:
Subsystem sftp /usr/lib/openssh/sftp-server -p check-file-name,open,close,read,write,lstat,fstat,setstat,fsetstat,opendir,readdir,remove,mkdir,rmdir,realpath,stat,rename,readlink,symlink,posix-rename,statvfs,fstatvfs,hardlink,fsync
But if i do the "q" request the check-file-name command is not listed yet.
I have also restarted the ssh service.
systemctl restart ssh
/usr/lib/openssh/sftp-server -Q requests
open
close
read
write
lstat
fstat
setstat
fsetstat
opendir
readdir
remove
mkdir
rmdir
realpath
stat
rename
readlink
symlink
posix-rename
statvfs
fstatvfs
hardlink
fsync
What am i doing wrong?
cheers mike
thanks lot for your great reply.
i have done exactly like you proposed.
in sshd_config file there is now the line:
Subsystem sftp /usr/lib/openssh/sftp-server -p check-file-name,open,close,read,write,lstat,fstat,setstat,fsetstat,opendir,readdir,remove,mkdir,rmdir,realpath,stat,rename,readlink,symlink,posix-rename,statvfs,fstatvfs,hardlink,fsync
But if i do the "q" request the check-file-name command is not listed yet.
I have also restarted the ssh service.
systemctl restart ssh
/usr/lib/openssh/sftp-server -Q requests
open
close
read
write
lstat
fstat
setstat
fsetstat
opendir
readdir
remove
mkdir
rmdir
realpath
stat
rename
readlink
symlink
posix-rename
statvfs
fstatvfs
hardlink
fsync
What am i doing wrong?
cheers mike
Re: sftp Server Error Message
"Apparently" you've done everything correctly, so I'm out of ideas ... maybe sftp-server is incapable of recognizing the protocol request.
Last edited by techsavvy on 2019-08-08 16:54, edited 2 times in total.
Re: sftp Server Error Message
still not in:
/usr/lib/openssh/sftp-server -Q requests
open
close
read
write
lstat
fstat
setstat
fsetstat
opendir
readdir
remove
mkdir
rmdir
realpath
stat
rename
readlink
symlink
posix-rename
statvfs
fstatvfs
hardlink
fsync
strange though.
does it refuse check-file-name?
the hyphen is also in posix-rename.
cheers mike
/usr/lib/openssh/sftp-server -Q requests
open
close
read
write
lstat
fstat
setstat
fsetstat
opendir
readdir
remove
mkdir
rmdir
realpath
stat
rename
readlink
symlink
posix-rename
statvfs
fstatvfs
hardlink
fsync
strange though.
does it refuse check-file-name?
the hyphen is also in posix-rename.
cheers mike
Re: sftp Server Error Message
Does the error still happen, even though "check-file-name" doesn't exist in the returned list?
Re: sftp Server Error Message
yes indeed,
unfortunately the error message still appears.
also check-file-name is still not displayed, when calling -Q protocol_feature.
this is a nightmare.
i'm sure there is an explanation for this.
i thought all the other commands, which are whitelisted by default, perhaps do not have to be in the -p command.
so i also tried only -p check-file-name.
but then i could not connect with my sftp program anymore.
i also ckecked to put check-file-name at the end of the command,
but that did not change anything.
cheers mike
unfortunately the error message still appears.
also check-file-name is still not displayed, when calling -Q protocol_feature.
this is a nightmare.
i'm sure there is an explanation for this.
i thought all the other commands, which are whitelisted by default, perhaps do not have to be in the -p command.
so i also tried only -p check-file-name.
but then i could not connect with my sftp program anymore.
i also ckecked to put check-file-name at the end of the command,
but that did not change anything.
cheers mike
Re: sftp Server Error Message
hi,
my impression is,
that you can only black/whitelist requests, which are already displayed, when you run the -Q command.
other requests, say new ones are not accepted.
cheers mike
my impression is,
that you can only black/whitelist requests, which are already displayed, when you run the -Q command.
other requests, say new ones are not accepted.
cheers mike