Menu
▾
▴
[Proftpd-docs] CVS: www.proftpd.org/docs/contrib mod_sftp.html, 1.2, 1.3
|
From: TJ S. <cas...@us...> - 2010-06-21 17:38:35
|
Update of /cvsroot/pdd/www.proftpd.org/docs/contrib In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv27946 Modified Files: mod_sftp.html Log Message: Updating website's copy of the mod_sftp doc. Index: mod_sftp.html =================================================================== RCS file: /cvsroot/pdd/www.proftpd.org/docs/contrib/mod_sftp.html,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -r1.2 -r1.3 *** mod_sftp.html 21 Apr 2010 18:16:28 -0000 1.2 --- mod_sftp.html 21 Jun 2010 17:38:24 -0000 1.3 *************** *** 88,91 **** --- 88,93 ---- <li>SFTP extensions: check-file, copy-file, vendor-id, version-select, pos...@op..., st...@op..., fst...@op... </ul> + This module supports the SFTP and SCP file transfer protocols; it does + <b>not</b> support shell access. <p> *************** *** 1195,1200 **** <li><a href="http://www.enterprisedt.com/products/edtftpj/">edtFTPj</a> </ul> ! For these clients, use this configuration (supported in ProFTPD 1.3.4rc1 and ! later) to disable the optimization: <pre> <font color=green># Disable the KEXINIT optimization at the cost of latency</font> --- 1197,1201 ---- <li><a href="http://www.enterprisedt.com/products/edtftpj/">edtFTPj</a> </ul> ! For these clients, use this configuration to disable the optimization: <pre> <font color=green># Disable the KEXINIT optimization at the cost of latency</font> *************** *** 1604,1607 **** --- 1605,1666 ---- of the session. + <p><a name="SFTPShell"> + <font color=red>Question</font>: Why can't I use <code>ssh</code> to connect + to my proftpd+mod_sftp server? When I try, I see: + <pre> + # ssh <i>user</i>@<i>host</i> + Enter passphrase for key '/home/<i>user</i>/.ssh/id_rsa': + PTY allocation request failed on channel 0 + shell request failed on channel 0 + </pre> + <font color=blue>Answer</font>: The <code>mod_sftp</code> module supports + file transfers via SFTP and SCP. It does <b>not</b> support shell access, + which is what the <code>ssh</code> command-line client tries to use. The + above error messages from <code>ssh</code> show that <code>mod_sftp</code> + refused the shell access requests. + + <p><a name="SFTPTectiaHostKey"> + <font color=red>Question</font>: When I try to start proftpd with + <code>mod_sftp</code> configured to use my existing host key, it fails with + one of the following error messages: + <pre> + error reading passphrase for SFTPHostKey '<i>hostkey</i>': Invalid argument + error reading passphrase for SFTPHostKey '<i>hostkey</i>': (unknown) + </pre> + The permissions on my hostkey are fine, and it is not passphrase-protected. + Is this a bug?<br><br> + <font color=blue>Answer</font>: You are probably trying to use a host key + generated by Tectia's SSH software (or an older <code>ssh.com</code> host key). + + <p> + The <code>mod_sftp</code> module expects the configured + <code>SFTPHostKey</code> file to be in the same format as used by OpenSSH. + To check the format, run this command: + <pre> + # grep BEGIN <i>hostkey</i> + </pre> + If you see either of the following lines: + <pre> + -----BEGIN RSA PRIVATE KEY----- + -----BEGIN DSA PRIVATE KEY----- + </pre> + then the format should be correct. If instead you see: + <pre> + ---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ---- + </pre> + then the format is incorrect. The above line indicates that your host key + was generated by Tectia (<i>nee</i> <code>ssh.com</code>), and needs to + be converted to a different format. + + <p> + To convert the format of your Tectia host key, use OpenSSH's + <code>ssh-keygen</code> (<b>not</b> Tectia's <code>ssh-keygen</code>) and + do the following: + <pre> + # ssh-keygen -i -f <i>hostkey</i> > /path/to/new-file + </pre> + The configure your <code>SFTPHostKey</code> directive with the path to the + new file. + <p> <hr><br> |
