应该跟sftp的版本没有关系。 不管我用windows下的winscp还是用linux下的sftp,root都没法连上去。 输入密码之后就得到Connection closed的信息。 我觉得一定是和.bashrc中的自动startx那段有关系。注释掉之后就可以sftp登录。 难道sftp用的是/dev/tty1?
>> 在/root/.bashrc中添加了 >> # Auto start X >> if [ -z "$DISPLAY" ] && [ $(tty) = /dev/tty1 ]; then >> while true >> do >> startx >> done >> fi 下面是DEBUG模式下的auth.log输出。 Jul 6 10:00:43 atom sshd[4029]: debug1: Forked child 4045. Jul 6 10:00:43 atom sshd[4045]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8 Jul 6 10:00:43 atom sshd[4045]: debug1: inetd sockets after dupping: 3, 3 Jul 6 10:00:43 atom sshd[4045]: Connection from 192.168.0.231 port 46875 Jul 6 10:00:43 atom sshd[4045]: debug1: Client protocol version 2.0; client software version OpenSSH_5.3p1 Debian-3ubuntu4 Jul 6 10:00:43 atom sshd[4045]: debug1: match: OpenSSH_5.3p1 Debian-3ubuntu4 pat OpenSSH* Jul 6 10:00:43 atom sshd[4045]: debug1: Enabling compatibility mode for protocol 2.0 Jul 6 10:00:43 atom sshd[4045]: debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-5 Jul 6 10:00:48 atom sshd[4045]: debug1: PAM: initializing for "root" Jul 6 10:00:48 atom sshd[4045]: debug1: PAM: setting PAM_RHOST to "192.168.0.231" Jul 6 10:00:48 atom sshd[4045]: debug1: PAM: setting PAM_TTY to "ssh" Jul 6 10:00:48 atom sshd[4045]: Failed none for root from 192.168.0.231 port 46875 ssh2 Jul 6 10:00:50 atom sshd[4045]: debug1: PAM: password authentication accepted for root Jul 6 10:00:50 atom sshd[4045]: debug1: do_pam_account: called Jul 6 10:00:50 atom sshd[4045]: Accepted password for root from 192.168.0.231 port 46875 ssh2 Jul 6 10:00:50 atom sshd[4045]: debug1: monitor_child_preauth: root has been authenticated by privileged process Jul 6 10:00:50 atom sshd[4045]: debug1: PAM: establishing credentials Jul 6 10:00:50 atom sshd[4045]: pam_unix(sshd:session): session opened for user root by (uid=0) Jul 6 10:00:50 atom sshd[4045]: debug1: Entering interactive session for SSH2. Jul 6 10:00:50 atom sshd[4045]: debug1: server_init_dispatch_20 Jul 6 10:00:50 atom sshd[4045]: debug1: server_input_channel_open: ctype session rchan 0 win 2097152 max 32768 Jul 6 10:00:50 atom sshd[4045]: debug1: input_session_request Jul 6 10:00:50 atom sshd[4045]: debug1: channel 0: new [server-session] Jul 6 10:00:50 atom sshd[4045]: debug1: session_new: session 0 Jul 6 10:00:50 atom sshd[4045]: debug1: session_open: channel 0 Jul 6 10:00:50 atom sshd[4045]: debug1: session_open: session 0: link with channel 0 Jul 6 10:00:50 atom sshd[4045]: debug1: server_input_channel_open: confirm session Jul 6 10:00:50 atom sshd[4045]: debug1: server_input_global_request: rtype [email protected] want_reply 0 Jul 6 10:00:50 atom sshd[4045]: debug1: server_input_channel_req: channel 0 request env reply 0 Jul 6 10:00:50 atom sshd[4045]: debug1: session_by_channel: session 0 channel 0 Jul 6 10:00:50 atom sshd[4045]: debug1: session_input_channel_req: session 0 req env Jul 6 10:00:50 atom sshd[4045]: debug1: server_input_channel_req: channel 0 request subsystem reply 1 Jul 6 10:00:50 atom sshd[4045]: debug1: session_by_channel: session 0 channel 0 Jul 6 10:00:50 atom sshd[4045]: debug1: session_input_channel_req: session 0 req subsystem Jul 6 10:00:50 atom sshd[4045]: subsystem request for sftp Jul 6 10:00:50 atom sshd[4045]: debug1: subsystem: exec() /usr/lib/openssh/sftp-server Jul 6 10:00:50 atom sshd[4047]: debug1: SELinux support disabled Jul 6 10:00:50 atom sshd[4047]: debug1: PAM: reinitializing credentials Jul 6 10:00:50 atom sshd[4047]: debug1: permanently_set_uid: 0/0 Jul 6 10:00:50 atom sshd[4045]: debug1: Received SIGCHLD. Jul 6 10:00:50 atom sshd[4045]: debug1: session_by_pid: pid 4047 Jul 6 10:00:50 atom sshd[4045]: debug1: session_exit_message: session 0 channel 0 pid 4047 Jul 6 10:00:50 atom sshd[4045]: debug1: session_exit_message: release channel 0 Jul 6 10:00:50 atom sshd[4045]: Received disconnect from 192.168.0.231: 11: disconnected by user Jul 6 10:00:50 atom sshd[4045]: debug1: do_cleanup Jul 6 10:00:50 atom sshd[4045]: debug1: PAM: cleanup Jul 6 10:00:50 atom sshd[4045]: debug1: PAM: deleting credentials Jul 6 10:00:50 atom sshd[4045]: debug1: PAM: closing session Jul 6 10:00:50 atom sshd[4045]: pam_unix(sshd:session): session closed for user root 2010/7/5 Dongsheng Song <[email protected]> > 改 LogLevel 为 VERBOSE 之后,也没有看到 sftp 的错误,看来需要改为 DEBUG。 > > 根据这里的信息,似乎是你的 sftp 客户端比较旧,不能理解非交互输出的内容。 > http://www.openssh.org/faq.html#2.9 > > 那么可以在 /root/.bashrc 开始增加: > > # If not running interactively, don't do anything > [ -z "$PS1" ] && return > > > > 2010/7/5 higeon <[email protected]> > >> 改LogLevel为VERBOSE 之后 >> 看到如下的log输出 >> >> Jul 5 17:57:09 atom sshd[3789]: Connection from 192.168.0.105 port 49681 >> Jul 5 17:57:09 atom sshd[3789]: Address 192.168.0.105 maps to >> atom.local, but this does not map back to the address - POSSIBLE >> BREAK-IN ATTEMPT! >> Jul 5 17:57:09 atom sshd[3789]: Failed none for root from >> 192.168.0.105 port 49681 ssh2 >> Jul 5 17:57:30 atom sshd[3789]: Accepted password for root from >> 192.168.0.105 port 49681 ssh2 >> Jul 5 17:57:30 atom sshd[3789]: pam_unix(sshd:session): session >> opened for user root by (uid=0) >> Jul 5 17:57:30 atom sshd[3789]: subsystem request for sftp >> Jul 5 17:57:30 atom sshd[3789]: Connection closed by 192.168.0.105 >> Jul 5 17:57:30 atom sshd[3789]: pam_unix(sshd:session): session >> closed for user root >> Jul 5 17:57:30 atom sshd[3789]: Transferred: sent 1960, received 1424 >> bytes >> Jul 5 17:57:30 atom sshd[3789]: Closing connection to 192.168.0.105 port >> 49681 >> >> >> 问题在哪? >> >> >> 2010/7/5 Dongsheng Song <[email protected]>: >> > 我用普通用户没有问题。 >> > 你修改 sshd 的日志级别,再登录 sftp,看看 sshd 的日志报告什么问题? >> > >> > Syslog Facility AUTH >> > LogLevel VERBOSE 或 DEBUG >> > >> > tail -f /var/log/auth.log >> > >> > 2010/7/5 higeon <[email protected]> >> >> >> >> 在debian 5.04 lenny下我按照下面的方法设定了root的自动登录和自动startx。 >> >> 后 来发现用root用户sftp登录登不进去。但是ssh却没问题。 >> >> 我发现只要去掉root用户的.bashrc中的自动startx设定,sftp就可以正常登录。 >> >> >> >> root自动登录和自动startx的设定如下: >> >> >> >> 修改/etc/inittab >> >> 把 >> >> 1:2345:respawn:/sbin/getty 38400 tty1 >> >> 修改为 >> >> 1:2345:respawn:/sbin/rungetty tty1 --autologin root >> >> >> >> 在/root/.bashrc中添加 >> >> # Auto start X >> >> if [ -z "$DISPLAY" ] && [ $(tty) = /dev/tty1 ]; then >> >> while true >> >> do >> >> startx >> >> done >> >> fi >> >> >> >> ※以上设定我参考了 >> >> http://forums.debian.net/viewtopic.php?t=29333 >> >> >> >> ※PermitRootLogin 设定为 yes,没有改过。 >> >> >> >> 谁能帮忙解决这个问题? >> >> >> >> 谢谢! >> > >> > >> > >
