# SSH/SFTP using WS_FTP Pro [solved]

## marky9074

Hi there,

Just started from scratch again on my Sun Ultra 60 and the first thing I did after getting it up was install OpenSSH...

Now once this was emerged I tried to SFTP in using WS_FTP Pro (as this was what I was using before).  It didnt work reported authentication error.  I then tried to SSH in with Putty and it logged in fine.  Downloaded psftp and that logged in fine. Downloaded winscp and that logged in fine....

Now I know your going to say why use WS_FTP as the others are working!  But....it was working before, so why the hell doesnt it work now?  Is there anything else I should have done to the ssh config (as I havent done anything).

Any help would be much appreciated,

Thanks,

MarkLast edited by marky9074 on Mon Apr 03, 2006 5:12 pm; edited 1 time in total

----------

## fzimper

Do WS_FTP and your OpenSSH server talk the same flavors of SSH protocols?

----------

## marky9074

Yeah, like I said I was using it before I reinstalled Gentoo, so its not like it has never worked...

In WS_FTP Pro I used exactly the same config, so I know there is no errors there, it would seem to be at the Gentoo end, but I cant see why when WinSCP and PSFtp work ok...

Mark

----------

## marky9074

The only difference I can see is that before I had ftpd installed and now I dont as the OpenSSH site infers that it replaces FTP with SFTP....

Now elsewhere I read that all SSH/SFTP does is pass packets securely to ftpd....which I dont have installed now.

Conflicting information, can anyone advise?

----------

## marky9074

Can anyone tell me if I need ftpd / proftpd or equivalent or should this just work or with the sftp_server in OpenSSH?

Cheers,

Mark

....p.s. I also eventually want to set up a chroot jail so maybe it would be in my interest to use proftp?

----------

## marky9074

OK, I have just installed FileZilla client and Core FTP client and both of these connect up ok.....

It is easy to say that WS_FTP is goosed.....but it worked before....

Scratches head.....  :Confused: 

----------

## fzimper

Why don't you post the exact error messges you get from WS_FTP? Maybe that helps someone to analyse your problem.

But really, if all these clients are working with you SSHD and only WS_FTP is not, I'd definitely focus on the WS_FTP configuration, although you "didn't touch it".

And again my question: Have you checked your SSH protocol setup? Maybe the fresh installation only allows SSH version 2 to connect and your WS_FTP tries to connect with SSH 1.

----------

## marky9074

Below is the log from WS_FTP Pro, as I said before it reports an authentication error, but there is no difference in the username/password that I am using with the other clients that work OK.

Using WinSCP it says that it is using SSH-2 and SFTP3.  I changed the ssh_config on the server to be Protocol 1, but it still reported SSH-2 in WinSCP

Connecting to 192.168.8.125:22

Connected to 192.168.8.125:22 in 0.000000 seconds, Waiting for Server Response

Server Welcome: SSH-2.0-OpenSSH_4.2

Client Version: SSH-2.0-WS_FTP-9.0-2004.06.17

DSS Signature Verified

Session Keys Created

Ciphers Created

New Client->Server ciphers in place.

New Client->Server ciphers in place.

Completed SSH Key Exchange.  New Keys in place.

Failed SSH User Authentication

SSH Transport closed.

----------

## fzimper

is WS_FTP still using the old public key from you old installation? and did you try all the other clients only on the reinstall?

----------

## marky9074

All the new clients were only on the new installation.  My laptop WS-FTP Pro is definately on the old setup, though I did create a new 'site', but I guess you could be right that it might be the old keys.  The PC I cannot remember as I just installed MCE to try and get the damn link working with the xbox 360!  I will fire up virtual PC or VMware and install WS_FTP Pro on a new client and see what happens....

Thanks for all your help, I dont get a lot when I post on here usually!

Mark

----------

## kg

I know you are going to try again with a clean install of WS_FTP, but it would help if you tell us how you 

are authenticating--password, hostbased, or public key?

As fzimper asks, it looks like there is an old key causing authentication to fail.

----------

## marky9074

Just straight password, not set up anything yet...

----------

## marky9074

Reinstalled, and there was a key exchange then it failed again saying authentication error...

----------

## marky9074

The only thing I can add now that is with a new install the first time it connects and exchanges keys it reports 'no echo' then fails authentication.  Subsequent attempt still fail, but without the no echo....

Is anyone using WS_FTP Pro?  I can set up a test account so you can see what I am seeing...

Mark

----------

## fzimper

Can you switch diagnostics on int the WS_FTP log and post the logfiles here?

 *Quote:*   

> To enable this feature, add the following line to the wsftp_options.ini file, under the [LOG_OPTIONS] section.
> 
> The wsftp_options.ini file is located in the "All Users" Application Data directory.
> 
> DiagnosticLogs=1
> ...

 

----------

## marky9074

Connecting to 192.168.8.125:22

Connected to 192.168.8.125:22 in 0.015625 seconds, Waiting for Server Response

Server Welcome: SSH-2.0-OpenSSH_4.2

Client Version: SSH-2.0-WS_FTP-9.01-2005.08.19

KexInitPacket (Server):  no kex guess present

KexAlgorithms

diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

00:  diffie-hellman-group-exchange-sha1

01:  diffie-hellman-group14-sha1

02:  diffie-hellman-group1-sha1

ServerHostKeyAlgorithms

ssh-rsa,ssh-dss

00:  ssh-rsa

01:  ssh-dss

CsEncryptionAlgorithms

aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

00:  aes128-cbc

01:  3des-cbc

02:  blowfish-cbc

03:  cast128-cbc

04:  arcfour128

05:  arcfour256

06:  arcfour

07:  aes192-cbc

08:  aes256-cbc

09:  rijndael-cbc@lysator.liu.se

10:  aes128-ctr

11:  aes192-ctr

12:  aes256-ctr

ScEncryptionAlgorithms

aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

00:  aes128-cbc

01:  3des-cbc

02:  blowfish-cbc

03:  cast128-cbc

04:  arcfour128

05:  arcfour256

06:  arcfour

07:  aes192-cbc

08:  aes256-cbc

09:  rijndael-cbc@lysator.liu.se

10:  aes128-ctr

11:  aes192-ctr

12:  aes256-ctr

CsMACAlgorithms

hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

00:  hmac-md5

01:  hmac-sha1

02:  hmac-ripemd160

03:  hmac-ripemd160@openssh.com

04:  hmac-sha1-96

05:  hmac-md5-96

ScMACAlgorithms

hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

00:  hmac-md5

01:  hmac-sha1

02:  hmac-ripemd160

03:  hmac-ripemd160@openssh.com

04:  hmac-sha1-96

05:  hmac-md5-96

CsCompressionAlgorithms

none,zlib@openssh.com

00:  none

01:  zlib@openssh.com

ScCompressionAlgorithms

none,zlib@openssh.com

00:  none

01:  zlib@openssh.com

CsLanguages

ScLanguages

KexInitPacket (Client):  no kex guess present

KexAlgorithms

diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

00:  diffie-hellman-group-exchange-sha1

01:  diffie-hellman-group1-sha1

ServerHostKeyAlgorithms

ssh-dss,ssh-rsa

00:  ssh-dss

01:  ssh-rsa

CsEncryptionAlgorithms

aes256-cbc,3des-cbc,aes128-cbc,aes192-cbc,blowfish-cbc

00:  aes256-cbc

01:  3des-cbc

02:  aes128-cbc

03:  aes192-cbc

04:  blowfish-cbc

ScEncryptionAlgorithms

aes256-cbc,3des-cbc,aes128-cbc,aes192-cbc,blowfish-cbc

00:  aes256-cbc

01:  3des-cbc

02:  aes128-cbc

03:  aes192-cbc

04:  blowfish-cbc

CsMACAlgorithms

hmac-md5,hmac-sha1,hmac-ripemd160

00:  hmac-md5

01:  hmac-sha1

02:  hmac-ripemd160

ScMACAlgorithms

hmac-md5,hmac-sha1,hmac-ripemd160

00:  hmac-md5

01:  hmac-sha1

02:  hmac-ripemd160

CsCompressionAlgorithms

zlib,none

00:  zlib

01:  none

ScCompressionAlgorithms

zlib,none

00:  zlib

01:  none

CsLanguages

ScLanguages

SSH Transport agreed algorithms

     Purpose: key agreement  		Algo: diffie-hellman-group-exchange-sha1

     Purpose: server host key		Algo: ssh-dss

     Purpose: encryption cs  		Algo: aes256-cbc

     Purpose: encryption sc  		Algo: aes256-cbc

     Purpose: MAC cs         		Algo: hmac-md5

     Purpose: MAC sc         		Algo: hmac-md5

     Purpose: compression cs 		Algo: none

     Purpose: compression sc 		Algo: none

SSH Server Host Key Size 817 bytes

SSH Signature Size 40 bytes

DSS Signature Verified

Session Keys Created

Ciphers Created

New Client->Server ciphers in place.

New Server->Client ciphers in place.

Completed SSH Key Exchange.  New Keys in place.

Authentication Method password(4) resulted in Failure

Server Supported Authentication Methods: (* = client also supports)

     publickey

     keyboard-interactive *

Password: 

No Echo

Error 0 reading SSH packet size block of 16 bytes from socket

Failed SSH User Authentication

SSH Transport closed.

----------

## kg

Do you by any chance have

```
PasswordAuthentication no
```

set in your /etc/ssh/sshd_config file?  Most likely want to have that commented out.

Also check to see if you have 

```
Subsystem       sftp    /usr/lib/misc/sftp-server
```

This you would most likely need to have.

(There are so few computer related things that are certain...)

----------

## marky9074

Damn, that was it!

'PasswordAuthentication no'

In the sshd_config file.....

All the time I had been looking in the ssh_config for clues, I didnt see the sshd_config there!

Thanks for all your help.

Mark

----------

## fzimper

Now I am really confused.   :Question: 

I also thought about that option, but then you could not login using any of the other tools using password authentication.

Weird.

----------

