Topic: Cannot initialize SFTP protocol....

[Synquest]

Hi everyone,
FTP'ing is no problem, but I would like to do so in a secure fashion. I've tried several ftp clients including the latest WS_FTP. None can connect securely. When I try to connect using Winscp I get the error "Cannot initialize SFTP protocol, is the host running a SFTP server?" In remote access settings I have secure shell enabled and ftp access from the internet enabled. Any ideas?

[kmccarn]

I get that error when I haven't enabled ssh in the remote access panel...

Can you ssh into the box ??

Hope that helps.

[Synquest]

ssh is enabled, also I have since discovered that I can sftp with winscp if I log in as root, but not as admin or any of the user accounts....

[cc_skavenger]

only root has ssh or sftp access....for security reasons.  
That is what I have been told.

[kmccarn]

Ahh yes - the shell access problem.

Try this:

http://www.dungog.net/sme/files/shellaccess/

You can install the shell access rpm and grant users access.

 

[Synquest]

Cool. Now I can't FTP at all.   I have a new option in server-manager to enable user shell access. And it seems to work.....but after installing e-smith-usershellaccess-0.1-3.noarch.rpm and rssh-2.2.1-2.0.rh7.dag.i386.rpm all ftp connections are refused, whether secure or not, for all users (even root). I'm gonna reinstall SME and try again.

Here we go....

[cc_skavenger]

Just curious, what version of SME are you trying this on??  If 6.5Beta2, this contrib might not work on it.

[Synquest]

It's version 6.0.

[kmccarn]

Gee - it works fine for me on one of my 6.0 systems.

[Synquest]

Hey...thanks for all the help! I sure appreciate it. Ok, I've reinstalled SME 6.0 and ftp works again. But I can only ftp securely from the internet as root. I am told if I install e-smith-usershellaccess-0.1-3.noarch.rpm I can enable sftp for users as well. This, I think is where I screwed the works. Ftp did not work at all after I did this. In what folder should I place this file, and what is the syntax to execute and install e-smith-usershellaccess-0.1-3.noarch.rpm? I believe the syntax to be "rpm -Uvh e-smith-usershellaccess-0.1-3.noarch.rpm", is this correct?

Jeff

[egerards]

Those of you using rssh-2.2.1-2.0.rh7.dag.i386.rpm be aware of the following (taken from http://www.pizzashack.org/rssh/ ):

Important Security Notice:

All releases of rssh prior to v2.2.2 contain a format string vulnerability in log.c, the syslog() logging module. Ironic, since one of the main reasons I wrote this module, instead of just using syslog() directly, was to prevent format string vulnerabilities... Sigh. Sorry guys. Please see the security page for more details. All users are urged to upgrade to the latest release immediately!

I realize that rssh 2.2.2 might not be available (yet) for RH 7.X systems, but just thought that I should let everybody know...

[kmccarn]

Yeah - the rpm -Uvh is correct.

Then access server manager and give the user in question bash as a shell access.

Then use winSCP or gftp (ssh2) and login as that person.

Shouldn't need ftp turned on at all.

[Synquest]

Thanks for the help! SME is doing what I need it to do.