[IMC-Tech] Could someone check zeco's sftp log for "awarexfr" failures? (why can't blogger.com sftp to zeco?)

Matthew Isaacs isaacsm at cuwireless.net
Thu Jan 18 08:02:32 CST 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stuart Levy wrote:
> I've been trying to get the blogger.com "sftp" setup to update files on zeco (www.ucimc.org),
> using the awarexfr account, but without success.  The only error it reports is:
> 
>     005 Unable to connect to SFTP server: Auth fail 
> 
> When I use sftp (from openssh 4.3p2) to connect to www.ucimc.org using the awarexfr
> account, it works fine.
> 
> 
> I tried pointing the blogger.com setup at a test account on one of my own machines,
> using the same password.  It worked -- blogger.com successfully deposits blog page files
> into the designated directory, on my test machine.
> 
> However I have a clue: on my test machine, the /var/log/messages entry looks
> different depending on whether the connection comes from openssh sftp or
> from blogger.com.
> 
>    Here it is from openssh sftp:
> 
> Jan 18 00:21:00 dinah sshd[15789]: Accepted password for testme from 141.142.220.38 port 41829 ssh2
> Jan 18 00:21:00 dinah sshd[15794]: subsystem request for sftp
> 
>    Here it is from blogger.com's sftp client:
> Jan 18 00:24:40 dinah sshd[15828]: Did not receive identification string from 66.102.15.83
> Jan 18 00:24:41 dinah sshd[15831]: Accepted password for testme from 66.102.15.83 port 3399 ssh2
> Jan 18 00:24:41 dinah sshd[15835]: subsystem request for sftp
> 
> What's that about "Did not receive identification string"?
> My machine did allow the login anyway, but possibly zeco wouldn't??
> 
> Can someone check in zeco's logs to see whether there's a handful of failed
> sftp logins to "awarexfr" from some IP address like 66.102.15.83, between about
> midnight and 1:00AM CST on 1/18?    My last attempt was just about 1:00AM by zeco's
> clock.  There'd be a few successful sftp's too, from 63.252.76.72 and maybe 141.142.220.38.
> 
> Thanks a lot.  I'm at my wits' end.
> 
>    Stuart Levy
> _______________________________________________
> IMC-Tech mailing list
> IMC-Tech at lists.ucimc.org
> http://lists.chambana.net/cgi-bin/listinfo/imc-tech

Stuart,

Perusing the net seems to suggest that the blogger.com ssh is not
behavior in a compliant manner.  The missing ID string that the server
is complaining about is a string that is sent at the beginning of the
ssh session, identifying the version of ssh the host is running, as well
as the hosts unique ID.  Since sftp runs through ssh...

I can't say for sure, but I have a hunch that the reason it works on
your machine and not zeco is a matter of security.  Clients that don't
properly follow protocol are a security risk, and so they may be blocked
 on zeco (where they aren't on your machine).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFr333FTAfZok65zkRAvJ6AKCKUMlUiGumjxhw+1U3WgOmxZNRCQCglGUd
OQuG4HtAXA015haWcQt/imE=
=DltP
-----END PGP SIGNATURE-----

More information about the IMC-Tech mailing list