I'm trying to SFTP upload files from one computer to another on a periodic basis. Most of the time this works great but sometimes (on the hour) the connection is unsuccessful. In reviewing the logs... the SFTP client is able to login via SSH. The client sends a SSH_MSG_CHANNEL_REQUEST packet for the sftp subsystem and the server responds with a SSH_MSG_CHANNEL_SUCCESS. The client then sends an SSH_MSG_CHANNEL_DATA packet containing a SSH_FXP_INIT packet and then... nothing. The server *should* be responding with a SSH_FXP_VERSION packet (wrapped in a SSH_MSG_CHANNEL_DATA packet) but it's not. On the server end of things the last entry I see in the log files for these sessions is this: May 20 09:00:12 sftpacct sshd[22358]: debug3: send packet: type 99 That corresponds to the SSH_MSG_CHANNEL_SUCCESS packet. Overall it kinda feels to me like that the sftp subsystem just isn't setup correctly. From my sshd_config file: Subsystem sftp internal-sftp -f LOCAL7 -l INFO -u 0007 Could that be the source of some of the problems? Where else should I be looking? The server is OpenSSH_7.6p1 Ubuntu-4ubuntu0.6. The full log files are available at https://pastebin.com/ag9q6pVS and https://pastebin.com/sKYDrJAK. https://pastebin.com/ag9q6pVS has "May 20 09:00:12 sftpuser sshd[22287]: User child is on pid 22358" close to the end and the activity for the new pid is in https://pastebin.com/sKYDrJAK. Thanks!
On Fri, 27 May 2022 at 06:40, Terra Frost <terrafrost at gmail.com> wrote: [...]> Overall it kinda feels to me like that the sftp subsystem just isn't setup > correctly.If it wasn't set up correctly I'd expect it to not work at all. [...]> Could that be the source of some of the problems? Where else should I be > looking?If you can catch it when it's in the stalled state, I'd check the netstat entry corresponding to the sshd to see if there's anything in the "SendQ" (which would indicate a problem with the network) and strace the sshd and sftp-server processes to see what if anything they're waiting on. The "on the hour" nature of it makes me suspicious, though. Do you do anything like roll the syslogs on the hour? -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.