1

I already saw this thread, but it didn't answer my question because it has been left for dead.

As the title says, when I log into my VPS with putty, everything works fine. But when connecting with FileZilla through SFTP, I always get an error : Authentication failed, cannot establish connection to the server (roughly translated).
I am using the right settings in FileZilla because I only got this error 3 days ago and it used to work fine before : SFTP through port 22.

Here is an iptables -L :
(TL;DR : accept everything in and out on ports 20, 21 and 22, and passive inbound connections on ports 1024+) 

Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:ftp ctstate ESTABLISHED /* Allow ftp connections on port 21 */ ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data ctstate RELATED,ESTABLISHED /* Allow ftp connections on port 20 */ ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpts:1024:65535 ctstate ESTABLISHED /* Allow passive inbound connections */ ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate ESTABLISHED /* Allow ftp connections on port 22 */ Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:ftp ctstate NEW,ESTABLISHED /* Allow ftp connections on port 21 */ ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data ctstate ESTABLISHED /* Allow ftp connections on port 20 */ ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpts:1024:65535 ctstate RELATED,ESTABLISHED /* Allow passive inbound connections */ ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate ESTABLISHED /* Allow ftp connections on port 22 */

I did set this manually in case that was the source of my problems, but nothing changed.

I also set PasswordAuthentication yes and LogLevel DEBUG as the previous thread suggested as well, but nothing changed neither after restarting sshd.
Here is what I get in /var/log/auth.log when I try to connect with FileZilla : literally nothing related to SFTP login.
It only contains stuff about me doing sudos to access the file.

I don't know whether it comes from FileZilla because auth.log shows nothing related to SFTP connection, or it comes from sshd configuration just ignoring SFTP requests.
I can't seem to find anything to help me, do you have any suggestions ?

Thank you for your time reading this.

Improve this question
5
  • Do you get the error instantly, or after a while? This will tell you if the connection receives some response that it can't handle or whether it times out. Commented Dec 17, 2014 at 22:13
  • Here is what I get in the FileZilla "log" window : Command : open "[email protected]" 22, 1s delay, Command : Pass: ******, 1s delay, Error: authentication failed, cannot establish connection to the server. Considering the only 1s delay, I'd go for the not handled response option. What could cause this ? Commented Dec 17, 2014 at 22:29
  • I would be tempted to fire up tcpdump on the VPS and see if you can actually see the incoming sftp connection. Something like tcpdump -qni any port 22. Though you might have to add more filtering to exclude any active SSH connections. Commented Dec 17, 2014 at 22:36
  • I ran this : tcpdump -qni any port sftp or ftp-data and tried to connect with FileZilla but nothing came out : 0 packets captured, 0 packets received by filter, 0 packets dropped by kernel. Is this even the right command ? Commented Dec 17, 2014 at 22:53
  • Try using the PSFTP client. It's in the same package that PuTTY comes in (you can download it from the same page). It should work right out of the box, so you'll know if you have some misconfiguration with FileZilla, or if it's something server-side. Commented Dec 17, 2014 at 23:07

2 Answers 2

Reset to default
4

After looking over your iptables -L. I think you have a firewall issue on the server side. the 

ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate ESTABLISHED

The ESTABLISHED usually means for connections that are active or already established.

Add this line in your iptables

sudo iptables -A INPUT -p tcp --dport ssh -j ACCEPT

For easy guide to iptables I like this HOW TO and here is an explanation

or you can try a

sudo sh -c "iptables-save > /etc/iptables.rules" sudo iptables -F

test your connection then you can restore your rules with

iptables-restore < /etc/iptables.rules
Improve this answer
3
  • Thanks alot for your detailed answer. I tried the command you gave, both with --dport ssh and --dport sftp, and INPUT and OUTPUT, but it still doesn't work (I restarted sshd and rebooted the whole server). Besides that, thank you for the links, they may come useful because until then I could only partially understand what I did with iptables. Commented Dec 18, 2014 at 0:21
  • Oh, actually I mispelt your command and didn't see it at first. After retyping it, it is back working with FileZilla. Thanks again mate ! Commented Dec 18, 2014 at 0:40
  • NO problem. Glad I could help Commented Dec 18, 2014 at 16:55
5

This can be caused by echo or other commands that write to the console during logon. For example I was trying to set environment variables for a complex build process, and had added echos into all my .profile files, including into .bashrc All the sftp clients I tried: filezilla, Beyond Compare suddenly stopped working, but did not give helpful error messages. Beyond Compare said:

Connection failed: Failed to establish SFTP connection (error code is 103) Failed to establish SFTP connection (error code is 103)

Finally corporate IT asked me to try WinSCP which gave a useful error message:

Received too large (1701737573 B) SFTP packet. Max supported packet size is 1024000 B. The error is typically caused by message printed from startup script (like .profile). The message may start with "ente". Cannot initialize SFTP protocol. Is the host running a SFTP server?

This gave me the clue I needed and after removing the line

echo 'entering .bashrc'

from my .bashrc sftp worked fine again

The answer to a similar question also mentions this and how you can check the output from your startup scripts

Improve this answer
3
  • 2
    You could also have amended your .bashrc thus: test -t 1 && echo 'Entering .bashrc' Commented Sep 8, 2015 at 12:01
  • I stumbled into same thing, getting "(error code is 103)" after adding an echo to .bashrc. Why the heck this hinders SFTP (Password authorization successful, but then ...103)? Commented May 9, 2020 at 13:01
  • 1
    This has to be some kind of personal record for finding an extremely obscure solution in less than 30 seconds. Thanks man. Commented Nov 5, 2020 at 1:26

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.