Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >
Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >
Looks like no one’s replied in a while. To start the conversation again, simply
ask a new question.
I can FTP and SFTP from my Mac, but no one else can connect with either method. I've even tried the same user name and password between Macs. I edited all of the /Users/user/.ssh/known_hosts files on all of the Macs as well.
Am I missing something obvious?
Thanks,
Dean Roberts
Xserve 10.5.6,
Mac OS X (10.5.6),
500 Macs, 22 servers
Please elaborate some on the network configuration, particularly including any firewalls and NAT devices that might be present, and on the commands used and any error messages that were received by you and by users in the same or a similar configuration.
Please start out working with and debugging sftp, as it is far easier to punch that through firewalls. And it's more secure.
Do also confirm (via dig -x 0.0.0.0, dig mumble.example.com, whois and such) that the IP addresses and IP names and DNS are functional.
I can variously end up cleaning out the accumulated cruft found in the ssh subdirectories when things go seriously weird at a customer site, and starting over again with a fresh load of certificates and such.
I don't use the server's firewall. Our university has it's own firewall for the data center. here are ports that are open:
Open TCP Port: 21 ftp
Open TCP Port: 22 ssh
Open TCP Port: 80 http
Open TCP Port: 88 kerberos
Open TCP Port: 311 asip-webadmin
Open TCP Port: 443 https
Open TCP Port: 548 afpovertcp
Open TCP Port: 625 dec_dlm
Open TCP Port: 3031 eppc
Open TCP Port: 3306 mysql
Open TCP Port: 5900 vnc-server
Open TCP Port: 8086
Open TCP Port: 8087
Here is the error that occurs when someone on a Mac other than mine tries to SFTP to the server:
Mar 5 09:14:42 photos ftpd: xxx-xx-xxx-xxx.wiu.edu: connected: I [54802]: USER_PROCESS: 54801 ftp54801
Mar 5 09:15:18 photos ftpd: xxx-xx-xxx-xxx.wiu.edu: connected: I [54802]: DEAD_PROCESS: 54801 ftp54801
Here is what I see when I connect from my desktop:
Mar 5 13:51:12 photos sshd[3286]: Accepted keyboard-interactive/pam for lightbox from xxx-xx-xxx-xx port 56442 ssh2
Mar 5 13:51:12 photos sshd[3295]: subsystem request for sftp
Mar 5 13:52:20 photos sshd[3317]: /etc/sshd_config line 74: Unsupported option KerberosGetAFSToken
Mar 5 13:52:20 photos com.apple.SecurityServer[33]: checkpw() succeeded, creating credential for user lightbox
Mar 5 13:52:20 photos com.apple.SecurityServer[33]: checkpw() succeeded, creating shared credential for user lightbox
Mar 5 13:52:20 photos com.apple.SecurityServer[33]: Succeeded authorizing right system.login.tty by client /usr/sbin/sshd for authorization created by /usr/sbin/
Some of what is shown indicates use of sftp (which is a better choice) and some shows use of ftp (which requires [ephemeral ports be opened|http://64.223.189.234/node/530]), so I'm not sure what's being compared here. sftp rides on ssh. And it's quite different from ftp.
And I'd raise the firewall on the server. Otherwise, one malware-infested or trojan-codec laptop box that gets connected inside the firewall can ruin your whole day.
