Unable To Access Ssh Anywhere On Port 22

Is there an sftp package that can be used which is more flexible then the ssh internal ftp server. I have been tasked with providing an /srv/ftp/ directory which includes

mount -bind other_directory1 /srv/ftp/d1
mount -bind other_driectory2 /srv/ftp/q2

...etc

Since sftp via ssh demands that all directories be owned by root I have a problem. The 'other directories' are owned by different sets of groups. We have engineers who will have carte blanche access. I have another group 'manufacturing' who will need to be chrooted to /var/ftp/. They will need to see directories underneath /var/ftp/ and nothing else. We don't want them to be able to cd to any other part of the system. Manufacturing does not have any account on the machine. My last group sales has an account on the server. I have been able to chroot them to there home folder where they also have the same mount --binded directories. Management would like sales to be able to ftp as well as sftp with read only access to the sub directories under their home directory. It is allowable to have them sftp to /srv/ftp/ and ftp to /home/sale/. I would suppose that this may mean that I use a different tool to implement sftp rather then use ssh. Here are my setup files for ssh

Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 1024
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
UseDNS no
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
UseLogin yes
Banner /etc/issue.net
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM no

Match group ftpgroup
ChrootDirectory /srv/ftp
X11Forwarding no
AllowTcpForwarding no
ForceCommand /usr/lib/openssh/sftp-server
PasswordAuthentication yes

Hello all,

I´m in trouble trying to access a server via ssh and root access but had no success so far.
The interesting thing is when I do /usr/sbin/sshd -d -p 2222 and try to connect on 2222 port I can do that. But if I try on port 22 no success.

following my sshd_conf. Any help will be appreciated:


# ChallengeResponseAuthentication=no
#UsePAM no
UsePAM yes

# Accept locale-related environment variables
AcceptEnv LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
#ChrootDirectory none

# no default banner path
#Banner /some/path

# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server

Hello,
I am using my raspberry pi with Linux 3.18+ installed. I changed the default ssh port from 22 to 16022. This is my sshd_config file:
Code:

# Package generated configuration file
# See the sshd_config(5) manpage for details

# What ports, IPs and protocols we listen for
#Port 22
Port 16022
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2

PAM auth is disabled and I only login using password. Now, I checked the authentication log file: /var/log/auth.log. This is a snippet of what it contains:
Quote:
Apr 23 23:44:55 raspberrypi sshd[6473]: Accepted password for pi from 50.252.93.50 port 51978 ssh2
Apr 23 23:52:22 raspberrypi sshd[6477]: Received disconnect from 50.252.93.50: 11: Normal Shutdown
May 5 01:51:02 raspberrypi sshd[4551]: Accepted password for pi from 50.153.109.28 port 30222 ssh
May 5 09:43:47 raspberrypi sshd[6033]: Accepted password for pi from 50.153.110.150 port 21551 ssh2
May 5 09:43:53 raspberrypi sshd[6039]: Received disconnect from 50.153.110.150: 11: Normal Shutdown
May 5 14:09:23 raspberrypi sshd[6783]: Accepted password for pi from 50.153.109.23 port 28684 ssh
May 5 14:32:43 raspberrypi sshd[7008]: Accepted password for pi from 50.153.109.23 port 28689 ssh
May 5 14:37:21 raspberrypi sshd[7014]: Received disconnect from 50.153.109.23: 11: Normal Shutdow
May 8 02:01:41 raspberrypi sshd[24468]: Accepted password for pi from 50.153.110.150 port 30862 ssh2
How is this possible? Why is it showing these random ports for ssh?

This is what 'sudo netstat -nlp' gives:
Code:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:6010          0.0.0.0:*               LISTEN      7923/0
tcp        0      0 0.0.0.0:16022           0.0.0.0:*               LISTEN      2501/sshd
udp        0      0 0.0.0.0:37851           0.0.0.0:*                           2019/dhclient
udp        0      0 0.0.0.0:68              0.0.0.0:*                           2192/dhclient
udp        0      0 0.0.0.0:68              0.0.0.0:*                           2019/dhclient
udp        0      0 192.168.1.82:123        0.0.0.0:*                           2419/ntpd
udp        0      0 192.168.1.78:123        0.0.0.0:*                           2419/ntpd
udp        0      0 127.0.0.1:123           0.0.0.0:*                           2419/ntpd
udp        0      0 0.0.0.0:123             0.0.0.0:*                           2419/ntpd
udp        0      0 0.0.0.0:44953           0.0.0.0:*                           2192/dhclient
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node   PID/Program name    Path
unix  2      [ ACC ]     SEQPACKET  LISTENING     3880     168/udevd           /run/udev/control
unix  2      [ ACC ]     STREAM     LISTENING     8018     2341/dbus-daemon    /var/run/dbus/system_bus_socket

Plus, I am accessing my machine from outside my home network. My router is configured to block all ports, except 16022, whose tcp traffic is forwarded to my raspberry pi. So I don't understand why the log file has these weird ports listed.

proftpd is running in port 2222. Vendor user "ABC" logs in successfully. When I check the /var/log/proftpd/sftpd.log file I see strange things, time stamp changes from 11:xx to 10:xx during user ABC login..!

Mar 17 11:44:34 mod_sftp/0.9.7[49192]: sending acceptable userauth methods: keyboard-interactive,password
Mar 17 10:44:34 mod_sftp/0.9.7[49192]: sending userauth success
Mar 17 10:44:34 mod_sftp/0.9.7[49192]: user 'ABC' authenticated via 'keyboard-interactive' method
Mar 17 11:44:35 mod_sftp/0.9.7[49193]: using '/etc/ssh/ssh_host_rsa_key' as RSA hostkey
Mar 17 11:44:35 mod_sftp/0.9.7[49193]: using '/etc/ssh/ssh_host_dsa_key' as DSA hostkey
Mar 17 11:44:35 mod_sftp/0.9.7[49193]: disconnecting client (received EOF)
Mar 17 10:44:35 mod_sftp/0.9.7[49192]: 'subsystem' channel request for 'sftp' subsystem
Mar 17 10:44:35 mod_sftp/0.9.7[49192]: using SFTP protocol version 3 for this session (channel ID 0)
Mar 17 10:44:35 mod_sftp/0.9.7[49192]: client set permissions on '/12345_FULL' to 0666



Any thougs on this?

Hi guys,
I have a problem using scp within following verbose statements:

debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Offering public key: /root/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Next authentication method: password
user@remote_machine1IP's password:
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: Sending command: scp -v httpd_ip_change2.conf. user2@remote_machine2IP:/usr/local/apache/conf
Executing: program /usr/bin/ssh host remote_machine2IP, user user2, command scp -v -t /usr/local/apache/conf
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Applying options for *
debug1: Connecting to remote_machine2IP [remote_machine2IP] port 44.
debug1: Connection established.
debug1: identity file /home/user1/.ssh/identity type -1
debug1: identity file /home/user1/.ssh/id_rsa type 1
debug1: identity file /home/user1/.ssh/id_dsa type -1
debug1: loaded 3 keys
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'remote_machine2IP' is known and matches the RSA host key.
debug1: Found key in /home/user1/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received


debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/user1/.ssh/identity
debug1: Offering public key: /home/user1/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Trying private key: /home/user1/.ssh/id_dsa
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-with-mic,password).
lost connection
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.1 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 1

I have been trying to copy files between two remote machines. (RHEL 5.7 on Windows by Mremote).

Thank you !

Hey Guys!

Using RHEL v5.7, I am trying to make a connection between two servers with rsa key auth. I need to connect directly to the root as it's privileges are needed for changing password. RSA key is working for normal users but I cannot connect to root. I changed the sshd_config file as

PermitRootLogin without-password
RSAAuthentication yes
PubkeyAuthentication yes

and restart it (on both sides). Files permissions are below:

(Sender server=> /root/.ssh directory's permission is 700)

-rw------- 1 root root 1675 May 25 15:14 id_rsa
-rw-r--r-- 1 root root 392 May 25 15:14 id_rsa.pub
-rw------- 1 root root 2743 May 21 09:13 known_hosts
-rw-r--r-- 1 root root 1177 Mar 30 09:38 known_hosts.old

(Remote server to connect)

-rw------- 1 root root 392 Apr 20 15:35 authorized_keys
-rw------- 1 root root 668 Mar 30 10:08 id_dsa
-rw-r--r-- 1 root root 601 Mar 30 10:08 id_dsa.pub
-rw------- 1 root root 1675 Apr 28 11:09 id_rsa
-rw-r--r-- 1 root root 393 Apr 14 14:40 id_rsa.pub
-rw-r--r-- 1 root root 1178 Apr 28 08:58 known_hosts

Also I provide the verbose output when I run the ssh connection:

Username: user_of_remote_server
New Password: OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to remote_IP [remote_IP] port 44.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug3: Not a RSA1 key file /root/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: loaded 3 keys
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 118/256
debug2: bits set: 512/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug1: Host 'remote_IP' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug2: bits set: 498/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /root/.ssh/id_rsa (0x2b9f25eb6cf0)
debug2: key: /root/.ssh/identity ((nil))
debug2: key: /root/.ssh/id_dsa ((nil))
debug3: input_userauth_banner

debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-with-mic,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /root/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Trying private key: /root/.ssh/identity
debug3: no such identity: /root/.ssh/identity
debug1: Trying private key: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
root@remote_IP's password:
debug3: packet_send2: adding 64 (len 60 padlen 4 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
Permission denied, please try again.
root@remote_IP's password:

Where is the problem ? I do not want to be asked password for root during rsa connection. That's why I am using without-password mode for PermitRootLogin. Thanks for your helps!

Hi all,

I understand that Linux by default will limit its Ephemeral port allocation between 32768 to 61000.

I need to identify the applications running on my box (around 500 of them) which are intentionally using a port which happens to be in Ephemeral port range. Objective is to get a list of those apps and flag it so that the developers get to know of it and change their application port.

When I run netstat -nap to get a list of listen ports, I am unable to figure out if the port in Ephemeral range is actually allocated by OS or one of my apps has done it.


Thanks,
linux_it_is

I set up a Ubuntu on a Virtualbox VM instance, using bridged network. External SSH to it is very slow. I am not sure if it's a Ubuntu problem or a Virtualbox problem. I labeled some delay gaps in a debug ssh session:

ssh -v mybox.mydomain.xxx -l myid

OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to mybox.mydomain.xxx [129.186.142.168] port 22.
debug1: Connection established.
debug1: identity file /home/hu/.ssh/identity type -1
debug1: identity file /home/hu/.ssh/id_rsa type 1
debug1: identity file /home/hu/.ssh/id_dsa type -1
debug1: loaded 3 keys
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6p1 Ubuntu-2ubuntu1
debug1: match: OpenSSH_6.6p1 Ubuntu-2ubuntu1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'mybox.mydomain.xxx' is known and matches the RSA host key.
debug1: Found key in /home/eded/.ssh/known_hosts:23
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
(-----pause 12 seconds------)
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/hu/.ssh/identity
debug1: Offering public key: /home/hu/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: read PEM private key done: type RSA
(-----pause 5 seconds------)
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US
(-----pause 31 seconds------)
Welcome to Ubuntu 14.04 LTS (GNU/Linux 3.13.0-24-generic i686)

Any suggestions? Thanks in advance.

joe

I am trying to allow local users to us the ftp for my site (really, any user would work, I just thought this would be easiest). I am trying to make it so that I can upload themes, install plugins, etc on a WordPress site hosted on my Ubuntu 14.04 machine. Here is the contents of my vsftpd.conf file from /etc/

# Example config file /etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
#
# Run standalone? vsftpd can run either from an inetd or as a standalone
# daemon started from an initscript.
listen=YES
#
# Run standalone with IPv6?
# Like the listen parameter, except vsftpd will listen on an IPv6 socket
# instead of an IPv4 one. This parameter and the listen parameter are mutually
# exclusive.
#listen_ipv6=YES
#
# Allow anonymous FTP? (Disabled by default)
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# If enabled, vsftpd will display directory listings with the time
# in your local time zone. The default is to display GMT. The
# times returned by the MDTM FTP command are also affected by this
# option.
use_localtime=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
#xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#
# You may restrict local users to their home directories. See the FAQ for
# the possible risks in this before using chroot_local_user or
# chroot_list_enable below.
#chroot_local_user=YES
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
#chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# Customization
#
# Some of vsftpd's settings don't fit the filesystem layout by
# default.
#
# This option should be the name of a directory which is empty. Also, the
# directory should not be writable by the ftp user. This directory is used
# as a secure chroot() jail at times vsftpd does not require filesystem
# access.
secure_chroot_dir=/var/run/vsftpd/empty
#
# This string is the name of the PAM service vsftpd will use.
pam_service_name=vsftpd
#
# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
# This option specifies the location of the RSA key to use for SSL
# encrypted connections.
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key

I have been asked to setup an SFTP which uses RSA public key authentication.

AS it was already in use I have opted to use CygWin and I can get it to work with passwords fine.

we are going to be hosting the SFTP server with users from the clients office connecting to it. The client has sent me their public key.

Having done LOts of reading and even more attempting to configure the server I just cant get it to work. Most of thetime I get..
ebug1: Host '127.0.0.1' is known and matches the ECDSA host key.
debug1: Found key in /home/ColoniAdmin/.ssh/known_hosts:1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/ColoniAdmin/.ssh/id_rsa
debug1: Trying private key: /home/ColoniAdmin/.ssh/id_dsa
debug1: Trying private key: /home/ColoniAdmin/.ssh/id_ecdsa
debug1: Trying private key: /home/ColoniAdmin/.ssh/id_ed25519
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: No more authentication methods to try.
Permission denied (publickey,keyboard-interactive).

I have once managed to get it to the point of asking for a passphrase for the private key but I don't have a private key (that I know of) just the public key the client sent us. and I certainly don't want to have to use passphrases

Their public key is in the authorized_key file on our server within the .ssh folder of their home folder. I have amended paswd and sshd_config to set home location and to allow RSA authentication.

All and any advice is super welcome, I have been doing this for 2 weeks now and i just wont work.

HELP HELP HELP!!!!!! ;-)
Thanks