Ubuntu
從 SFTP 退出程式碼 126
我收到通知,SFTP 訪問不再在執行 Ubuntu 的 Amazon EC2 伺服器上工作。我已經完成了一些工作,為該伺服器上的其他使用者創建 SFTP 訪問。有限的使用者訪問權限仍然有效。但是,我們擁有 .pem 密鑰文件的“ubuntu”使用者的根 SFTP 訪問不再有效。
我從調試輸出中獲得退出狀態 126。FireFTP 報告:
Connected (version 2.0, client OpenSSH_5.9p1NaNDebian-5ubuntu1.3) Authentication (publickey) successful! Secsh channel 1 opened. Error message= uncaught exception: EOFError: "undefined" URL= Line Number= 0
我設法通過將以下內容添加到 /etc/ssh/sshd_config 來允許 SFTP 訪問:
Match user ubuntu ForceCommand internal-sftp
但是,這會禁用 SSH 訪問!!
我還確保在 sshd_config 中設置了“PermitRootLogin yes”。
我也嘗試製作 root:root 擁有的 ubuntu 主文件夾,但它似乎沒有任何區別..
我不確定我可能無意中更改了什麼導致此錯誤。
提前致謝
auth.log 條目:
> Jun 24 10:21:26 ip-**** sshd[24096]: Accepted publickey for > ubuntu from **** port 63696 ssh2 Jun 24 10:21:26 > ip-**** sshd[24096]: pam_unix(sshd:session): session opened > for user ubuntu by (uid=0) Jun 24 10:21:26 ip-**** > sshd[24182]: subsystem request for sftp by user ubuntu Jun 24 10:21:27 > ip-**** sshd[24182]: Received disconnect from ****: > 11: disconnected by user Jun 24 10:21:27 ip-172-31-30-50 sshd[24096]: > pam_unix(sshd:session): session closed for user ubuntu
SFTP 調試輸出如下:
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011 debug1: Reading configuration data /Users/<user>/.ssh/config debug1: Reading configuration data /etc/ssh_config debug1: /etc/ssh_config line 20: Applying options for * debug1: /etc/ssh_config line 102: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to ****** port 22. debug1: Connection established. debug1: identity file ****.pem type -1 debug1: identity file ****.pem-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.2 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.3 debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.3 pat OpenSSH_5* debug2: fd 3 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa,ssh-dss-cert-v01@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib@openssh.com debug2: kex_parse_kexinit: none,zlib@openssh.com debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: found hmac-md5 debug1: kex: server->client aes128-ctr hmac-md5 none debug2: mac_setup: found hmac-md5 debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 128/256 debug2: bits set: 513/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Server host key: RSA **** debug1: Host '****' is known and matches the RSA host key. debug1: Found key in /Users/adamelemental/.ssh/known_hosts:36 debug2: bits set: 505/1024 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /Users/adamelemental/work/e247-admin/aws/e247-main-eu.pem (0x0), explicit debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Trying private key: ****.pem debug1: read PEM private key done: type RSA debug2: we sent a publickey packet, wait for reply debug1: Authentication succeeded (publickey). Authenticated to **** ([****]:22). debug2: fd 4 setting O_NONBLOCK debug1: channel 0: new [client-session] debug2: channel 0: send open debug1: Requesting no-more-sessions@openssh.com debug1: Entering interactive session. debug2: callback start debug2: fd 3 setting TCP_NODELAY debug2: client_session2_setup: id 0 debug1: Sending environment. debug1: Sending env LANG = en_GB.UTF-8 debug2: channel 0: request env confirm 0 debug1: Sending subsystem: sftp debug2: channel 0: request subsystem confirm 1 debug2: callback done debug2: channel 0: open confirm rwindow 0 rmax 32768 debug2: channel 0: rcvd adjust 2097152 debug2: channel_input_status_confirm: type 99 id 0 debug2: subsystem request accepted on channel 0 debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0 debug2: channel 0: rcvd eow debug2: channel 0: close_read debug2: channel 0: input open -> closed debug2: channel 0: rcvd eof debug2: channel 0: output open -> drain debug2: channel 0: obuf empty debug2: channel 0: close_write debug2: channel 0: output drain -> closed debug2: channel 0: rcvd close debug2: channel 0: almost dead debug2: channel 0: gc: notify user debug2: channel 0: gc: user detached debug2: channel 0: send close debug2: channel 0: is dead debug2: channel 0: garbage collecting debug1: channel 0: free: client-session, nchannels 1 debug1: fd 0 clearing O_NONBLOCK Transferred: sent 2768, received 2160 bytes, in 0.4 seconds Bytes per second: sent 7600.3, received 5930.8 debug1: Exit status 126 Connection closed
退出程式碼 126 是
bash
找到但無法執行的命令的錯誤程式碼。見這里和這裡。例如:$ /dev/null -bash: /dev/null: Permission denied $ echo $? 126
當你不強制
internal-sftp,
OpenSSH 伺服器使用一個程序sftp-server
來處理遠端 SFTP 會話。我的猜測是sftp-server
這個系統上的程序已被標記為不可執行,或者可能是 SSHD 配置不正確。該
sshd_config
文件應該有subsystem
類似於以下的 SFTP 行(注意我不知道文件在 Ubuntu 上的確切位置):Subsystem sftp /path/to/sftp-server
找到這一行,驗證它是否引用了
sftp-server
程序的有效副本,並驗證程序本身是否可執行:-rwxr-xr-x 1 root root 63552 Apr 11 2013 /path/to/sftp-server ^ ^ ^