Topic: connection refused
Hello, I can't connect and I don't know why... Password is right. I am running updated Archlinuxarm with to-date openssh (openssh-6.4p1-1). I can connect to web server and to shell through ssh. Only sftp have some problems.
[root@alarmpi ~]# cat /etc/ssh/sftp_config
## MySecureShell Configuration File ##
#Default rules for everybody
<Group sftp>
GlobalDownload 3m #total speed download for all clients
# o -> bytes k -> kilo bytes m -> mega bytes
GlobalUpload 3m #total speed download for all clients (0 for unlimited)
Download 0 #limit speed download for each connection
Upload 0 #unlimit speed upload for each connection
StayAtHome true #limit client to his home
VirtualChroot true #fake a chroot to the home account
LimitConnection 10 #max connection for the server sftp
LimitConnectionByUser 1 #max connection for the account
LimitConnectionByIP 2 #max connection by ip for the account
Home /mnt/data/homes/$USER #overrite home of the user but if you want you can use
# environment variable (ie: Home /home/$USER)
IdleTimeOut 300 #(in second) deconnect client is idle too long time
ResolveIP true #resolve ip to dns
# IgnoreHidden true #treat all hidden files as if they don't exist
# DirFakeUser true #Hide real file/directory owner (just change displayed permissions)
# DirFakeGroup true #Hide real file/directory group (just change displayed permissions)
# DirFakeMode 0400 #Hide real file/directory rights (just change displayed permissions)
#Add execution right for directory if read right is set
HideNoAccess true #Hide file/directory which user has no access
# MaxOpenFilesForUser 20 #limit user to open x files on same time
# MaxWriteFilesForUser 10 #limit user to x upload on same time
# MaxReadFilesForUser 10 #limit user to x download on same time
DefaultRights 0640 0750 #Set default rights for new file and new directory
# MinimumRights 0400 0700 #Set minimum rights for files and dirs
ShowLinksAsLinks false #show links as their destinations
# ConnectionMaxLife 1d #limits connection lifetime to 1 day
# Charset "ISO-8859-15" #set charset of computer
</Group>
#Rules only for group ftp
#<Group ftp>
# Download 25 k/s
# LogFile /var/log/sftp-server_ftp.log #Change logfile
# ExpireDate "2007-02-28 18:31:01"
#</Group>
#<Group sftp_administrator>
# IsAdmin true #can admin the server
# VirtualChroot false #you must disable chroot to have a full support of admin
# StayAtHome true
# IdleTimeOut 0
#</Group>
#<Group old_client>
# SftpProtocol 3 #force protocol SFTP
# DisableAccount true #disable account
#</Group>
#Rules only for group ftpnolimit
#<Group ftpnolimit>
# Download 0 #0 = unlimited
# IdleTimeOut 0 #no timeout
# DirFakeUser false #show real user on file/directory
# DirFakeGroup false #show real group on file/directory
# DirFakeMode 0 #show real rights on file/directory
# MaxReadFilesForUser 0 #0 = unlimited but still have the restriction MaxOpenFilesForUser
#</Group>
#<IpRange 192.168.0.1-192.168.0.5>
# ByPassGlobalDownload true #bypass GlobalDownload restriction
# ByPassGlobalUpload true #bypass GlobalUpload restriction
# Download 0
# DisableAccount false #enable account
# IdleTimeOut 0 #disable timeout
# LimitConnectionByIP 0 #no limit
#</IpRange>
#<Group trusted_users>
# Shell /bin/tcsh #give a shell access to TRUSTED clients !!!
#</Group>
#<VirtualHost *:22>
# DirFakeUser false #show real user on file/directory
# DirFakeGroup false #show real group on file/directory
# DirFakeMode 0 #show real rights on file/directory
# HideNoAccess false
# IgnoreHidden false
#</VirtualHost>
#Include /etc/my_sftp_config_file #include this valid configuration file
[root@alarmpi ~]# cat /etc/ssh/sshd_config
# $OpenBSD: sshd_config,v 1.90 2013/05/16 04:09:14 dtucker Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# The default requires explicit activation of protocol 1
#Protocol 2
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024
# Ciphers and keying
#RekeyLimit default none
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#RSAAuthentication yes
#PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
PrintMotd no # pam does that
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
UsePrivilegeSeparation sandbox # Default for new installations.
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# override default of no subsystems
# Subsystem sftp /usr/lib/ssh/sftp-server
Subsystem sftp /bin/MySecureShell -c sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server
[root@alarmpi ~]# sftp-verif
################################################################################
MySecureShell Verification Tool
################################################################################
### Verifing file existance ###
/usr/bin/MySecureShell [ OK ]
/usr/bin/sftp-who [ OK ]
/usr/bin/sftp-kill [ OK ]
/usr/bin/sftp-state [ OK ]
/usr/bin/sftp-admin [ OK ]
/usr/bin/sftp-verif [ OK ]
/usr/bin/sftp-user [ OK ]
### Verifing rights ###
Verifing file rights of /etc/ssh/sftp_config [ OK ]
Verifing file rights of /usr/bin/sftp-who [ OK ]
Verifing file rights of /usr/bin/sftp-verif [ OK ]
Verifing file rights of /usr/bin/sftp-user [ OK ]
Verifing file rights of /usr/bin/sftp-kill [ OK ]
Verifing file rights of /usr/bin/sftp-state [ OK ]
Verifing file rights of /usr/bin/sftp-admin [ OK ]
Verifing file rights of /usr/bin/MySecureShell [ OK ]
### Verifing rotation logs ###
Rotation logs have been found [ OK ]
### Verifing server status ###
Verifing server status (ONLINE) [ OK ]
### Verifing server dependencies ###
Show only error(s) :
### Verifing server configuration ###
Show only error(s) :
Trying user: root
Checking user : karolina
Checking user : marca
Checking user : guest
### All tests dones ###
Status: Connecting to 192.168.1.2...
Response: fzSftp started
Command: open "guest@192.168.1.2" 22
Command: Pass: *****
Error: Authentication failed.
Error: Critical error
Error: Could not connect to server