We are experiencing unstable sftp connection to SUN solaris 8 server running OpenSSH_4.3p2, OpenSSL 0.9.8a 11 Oct 2005 when using sftp client made from jscape.ssh.dll. Interactively using filezilla (sftp SSH2) or putty we can connect to server1 fine and in multiple times.
>From sshd log below, we can see server suddenly closes connection while during the key exchange. Is there any setting in sshd_config to prevent server suddenly closes connection? I included sshd serverlog, sshd_config and debuglog from the client side. Thankyou in advance for any insights and help. Jul 11 12:58:20 server1 sshd[23240]: [ID 800047 auth.debug] debug2: channel 0: rcvd eof Jul 11 12:58:20 server1 sshd[23240]: [ID 800047 auth.debug] debug2: channel 0: output open -> drain Jul 11 12:58:20 server1 sshd[23240]: [ID 800047 auth.debug] debug2: channel 0: obuf empty Jul 11 12:58:20 server1 sshd[23240]: [ID 800047 auth.debug] debug2: channel 0: close_write Jul 11 12:58:20 server1 sshd[23240]: [ID 800047 auth.debug] debug2: channel 0: output drain -> closed Jul 11 12:58:20 server1 sshd[23240]: [ID 800047 auth.debug] debug2: channel 0: rcvd close Jul 11 12:58:20 server1 sshd[23240]: [ID 800047 auth.debug] debug2: channel 0: close_read Jul 11 12:58:20 server1 sshd[23240]: [ID 800047 auth.debug] debug2: channel 0: input open -> closed Jul 11 12:58:20 server1 sshd[23240]: [ID 800047 auth.debug] debug3: channel 0: will not send data after close Jul 11 12:58:20 server1 sshd[23240]: [ID 800047 auth.debug] debug2: channel 0: almost dead Jul 11 12:58:20 server1 sshd[23240]: [ID 800047 auth.debug] debug2: channel 0: gc: notify user Jul 11 12:58:20 server1 sshd[23240]: [ID 800047 auth.debug] debug1: session_by_channel: session 0 channel 0 Jul 11 12:58:20 server1 sshd[23240]: [ID 800047 auth.debug] debug1: session_close_by_channel: channel 0 child 23245 Jul 11 12:58:20 server1 sshd[23240]: [ID 800047 auth.debug] debug1: session_close_by_channel: channel 0: has child Jul 11 12:58:20 server1 sshd[23240]: [ID 800047 auth.debug] debug2: channel 0: almost dead Jul 11 12:58:20 server1 sshd[23240]: [ID 800047 auth.debug] debug2: channel 0: gc: notify user Jul 11 12:58:20 server1 sshd[23240]: [ID 800047 auth.debug] debug1: session_by_channel: session 0 channel 0 Jul 11 12:58:20 server1 sshd[23240]: [ID 800047 auth.debug] debug1: session_close_by_channel: channel 0 child 23245 Jul 11 12:58:20 server1 sshd[23240]: [ID 800047 auth.debug] debug1: session_close_by_channel: channel 0: has child Jul 11 12:58:20 server1 sshd[23240]: [ID 800047 auth.info] Connection closed by 10.13.157.46 Jul 11 12:58:20 server1 sshd[23240]: [ID 800047 auth.debug] debug1: channel 0: free: server-session, nchannels 1 Jul 11 12:58:20 server1 sshd[23240]: [ID 800047 auth.debug] debug3: channel 0: status: The following connections are open:\r\n #0 server-session (t4 r0 i3/0 o3/0 fd 9/9 cfd -1)\r Jul 11 12:58:20 server1 sshd[23240]: [ID 800047 auth.debug] debug3: channel 0: close_fds r 9 w 9 e -1 c -1 Jul 11 12:58:20 server1 sshd[23240]: [ID 800047 auth.debug] debug1: session_close: session 0 pid 23245 Jul 11 12:58:20 server1 sshd[23240]: [ID 800047 auth.debug] debug1: do_cleanup Jul 11 12:58:20 server1 sshd[23240]: [ID 800047 auth.info] Closing connection to 10.13.157.46 Jul 11 12:58:20 server1 sshd[23240]: [ID 800047 auth.debug] debug3: mm_request_send entering: type 58 Jul 11 12:58:20 server1 sshd[23226]: [ID 800047 auth.debug] debug3: monitor_read: checking request 58 Jul 11 12:58:20 server1 sshd[23226]: [ID 800047 auth.debug] debug3: mm_answer_term: tearing down sessions Here is copy of sshd_config: # $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options change a # default value. #Port 22 #Protocol 2,1 Protocol 2 #AddressFamily any AddressFamily inet #ListenAddress 0.0.0.0 #ListenAddress :: # HostKey for protocol version 1 #HostKey /usr/local/etc/ssh_host_key # HostKeys for protocol version 2 #HostKey /usr/local/etc/ssh_host_rsa_key #HostKey /usr/local/etc/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 1h #ServerKeyBits 768 # Logging # obsoletes QuietMode and FascistLogging #SyslogFacility AUTH #LogLevel INFO LogLevel DEBUG3 # Authentication: #LoginGraceTime 2m #PermitRootLogin yes PermitRootLogin no #StrictModes yes #MaxAuthTries 6 MaxAuthTries 5 #RSAAuthentication yes #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys # For this to work you will also need host keys in /usr/local/etc/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # RhostsRSAAuthentication and HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes PasswordAuthentication no #PermitEmptyPasswords no # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication mechanism. # Depending on your PAM configuration, this may bypass the setting of # PasswordAuthentication, PermitEmptyPasswords, and # "PermitRootLogin without-password". If you just want the PAM account and # session checks to run without PAM authentication, then enable this but set # ChallengeResponseAuthentication=no ChallengeResponseAuthentication=yes #UsePAM no UsePAM yes #AllowTcpForwarding yes AllowTcpForwarding no #GatewayPorts no #X11Forwarding no X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes PrintMotd no #PrintLastLog yes #TCPKeepAlive yes #UseLogin no #UsePrivilegeSeparation yes #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS yes #PidFile /var/run/sshd.pid #MaxStartups 10 #PermitTunnel no # no default banner path #Banner /some/path Banner /etc/issue # override default of no subsystems Subsystem sftp /usr/local/libexec/sftp-server Error log/debug from the client side: See the end of this message for details on invoking just-in-time (JIT) debugging instead of this dialog box. ************** Exception Text ************** Jscape.Sftp.SftpException: EOF reached ---> System.IO.IOException: EOF reached at Jscape.Ssh.Transport.Transport.x3082bf20d84bc49c(SshMsgKexInit xf4a3549d8fd2a393, SshMsgKexInit x3c8ee2ce4c13cbaf) at Jscape.Ssh.Transport.Transport.ExchangeKeys() at Jscape.Ssh.Transport.TransportClient..ctor(TcpClient socket, TransportConfiguration config) at Jscape.Ssh.Transport.TransportClient..ctor(ConnectionParameters parameters, TransportConfiguration config) at Jscape.Ssh.Connection.ConnectionClient.Create(ConnectionParameters parameters, User user, ConnectionConfiguration config) at Jscape.Sftp.SshTransport.Start() at Jscape.Sftp.Sftp.xdc18b880f827d608() --- End of inner exception stack trace --- at Jscape.Sftp.Sftp.xdc18b880f827d608() at Jscape.Sftp.Sftp.Connect() at SecureFTPTest.SecureFTP.btnConnect_Click(Object sender, EventArgs e) in C:\SecureFTPTest\SecureFTPTest\SecureFTP.cs:line 60 at System.Windows.Forms.Control.OnClick(EventArgs e) at System.Windows.Forms.Button.OnClick(EventArgs e) at System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent) at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks) at System.Windows.Forms.Control.WndProc(Message& m) at System.Windows.Forms.ButtonBase.WndProc(Message& m) at System.Windows.Forms.Button.WndProc(Message& m) at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m) at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m) at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam) This email, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. If the reader of this email is not the intended recipient or his or her authorized agent, the reader is hereby notified that any dissemination, distribution or copying of this email is prohibited. If you have received this email in error, please notify the sender by replying to this message and delete this email immediately.
