login about faq

I have CoreFTP server configured to run only SFTP over SSH protocol. The configuration is valid. OpenSSH client (OpenSSH_5.1p1 on SUSE Linux 11.2) can connect to that server and works fine:

> sftp valid_user@coreftp_server
Connecting to coreftp_server...
valid_user@ coreftp_server's password:
sftp> dir
test.txt

However, if I connect to the same server using Tectia SSH Client version 6.1 I only get error message “Operation failed”. I tried several versions including 6.2 and outcome is the same:

> sftpg3 valid_user@coreftp_server
valid_user@coreftp_server's password:
Error: Could not open connection to `valid_user@coreftp_server': Could not open connection to `10.1.54.22': Operation failed

What can I do to make it work? Is there any hope to get it work? Help please!

asked Sep 10 '11 at 21:56

Martin%20Dobsik's gravatar image

Martin Dobsik ♦
599126

edited Sep 10 '11 at 21:57


I found the problem. It is a faulty (or at least unusual) behavior of CoreFTP SFTP server:

  • Tectia clients (which includes ConnectSecure product) use “authentication agent forwarding” feature for every connection by default (it is on by default in Unix like operating systems and it is off by default in Windows operating systems).
  • When CoreFTP server receives a request to open agent forwarding channel, it correctly responds with an error.
  • However, later it fails on processing further requests, without any reason.

Normal behavior of SSH server would be not to open the agent forwarding channel (as that feature is apparently not implemented in CoreFTP server) and continue normal operations. That is how most of the SSH server implementations behave. (If you are interested see RFC4254, RFC4251 and related).

The solution is simple: just disable agent forwarding in Tectia client configuration. For example add the following element:

<default-settings>
  <forwards>
    <forward type="agent" state="off"/>
  </forwards>
</default-settings>

right after the first xml element:

<secsh-broker version="6.1" >

in ssh-broker-config.xml. It can be done also per connection profile basis. With this configuration in place the connection works without any problems:

> sftpg3 valid_user@coreftp_server
valid_user@coreftp_server's password:
Remote system type is POSIX.
sftp> dir
test.txt
sftp>
link

answered Sep 10 '11 at 22:12

Martin%20Dobsik's gravatar image

Martin Dobsik ♦
599126

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×63
×45
×10
×1

Asked: Sep 10 '11 at 21:56

Seen: 17,565 times

Last updated: Mar 20 '14 at 23:02

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.