Why does everything have to be such a PITA??

Over the last week I set up two VPS's. They are all but identical.

The boxes are Linux and I am a Mac user.

I set up password-less SSH authentication on both servers.

On my first server, I am able to successfully SSH in using command-line and using the Mac SFTP client, CyberDuck.


On my second (PITA) VPS, I am able to SSH in using command-line, but my CyberDuck connection keeps failing.

Was working on this until like 4am this morning and gave up.

To me, it appears to be one of two things...

Either it is a caching issue where CyberDuck is trying to use the private-key for VPS#1 when I use the bookmark to log into VPS#2, or it is a permissions issue.

Here is what I have on my Mac...

Here is what I have currently (on both servers)...

How does these permissions look?

And any ideas why I can SSH into VPS#1 using command-line and CyberDuck with no issues, but on VPS#2 only command-line SSH is working?

I am not conversant in CyberDuck however I assume it is a fairly standard ftp program. So, I can see a number of possibilities. First, I assume you have each server on a separate computer. So the first and easiest thing to check is the firewall, make sure both firewalls allow the appropriate inbound ports. Second, try uploading and/or downloading a file using scp instead of ftp/sftp. If you can do that with no problem then the fault probably lies somewhere in your CyberDuck/ftp server configuration. From what you say I would look first at the ftp server configuration. Compare the two configurations (the one that works and the one that doesn't). Make sure they are the same. On trick you might try is to move the bad server's configuration file to a backup and copy to good server's configuration file to the bad server. Be sure and check that necessary changes are made, of course, ips, hostnames and the like. Then see if things work. What ftp server program are you using? You obviously don't have a problem with SSH; are you sure your ftp program uses SSH for authentication? Have you checked your logs to see what error messages, if any, you get? Your logs may depend upon your distribution but there should be some hint in either your system log or you ftp server log.

For macs, yes.


Yes.


Doesn't the fact that I can SSH in using command-line prove my firewall is okay?


How do I do that? (I have no clue about Linux command-line...)


So which files do I need to copy over?


I'm not sure, but I think some version of OpenSSH...


On my Mac I have CyberDuck installed. I have a bookamark to VPS1 and VPS2. When I double-click on the VPS1 bookmark, I get a prompt asking for my VPS1 private key. I am able to log in.

When I double-lick on the VPS2 bookmark, I get a connection error.



My webhost said they saw me connecting last night and it tries to connect and then it's like the client retracts the connection. They said there is nothing wrong on the server.


I think this is either a cahcing issue with CyberDuck or some obscure setting on the server that is off.

The whole thing is maddening, and my webhst isn't very helpful...

Firewall ports: ftp in general uses ports 20 and 21. SSH and its bretheren use port 22. sftp operates through an ssh connection so would use port 22.

SCP stands for secure copy and is part of ssh. I can't help you with commands for the MAC. But, for linux take a look and the man page (man scp). The general format is
Both source and destination, in general, are of the form user@host:/file/path. If the standard port 22 is not used, then you need the -P switch. If both users are the same as the current user then the 'user@' may be omitted. If a host is the current host, the 'host:' may be omitted if the user is also omitted. For example, if my username is joe on both the receiver and sender, I could copy a file from host jones to host smith with the following complete command:
A shorter version making assumptions as above would be
Now, if you can transfer files by scp then you know your problem is with ftp.

Which configuration files you need to copy/examine depends on the programs you are using. Check the documentation for that information.

Your web host cannot tell you what is happening except in a very general way. You need to look at YOUR logs, which your web host had better not have access to. You should be able to find an attempted connection and, if it failed, there should be some explanation. It may be cryptic, you may or may not have a clue, but at least it is a start.

Now, another thought comes up. How are you trying to transfer files, by ftp, sftp or how? Telling me what mac program you are using accomplishes nothing since I have never used a mac. That you need to find out in your documentation.

I will also say that you should never be asked for your private ssh key. To begin with it is far too long. What you MAY be asked for is the password you saved it with when it was generated if you set one.

OpenSSH is secure shell (ssh) and includes scp and sftp. ftp is different. Personally I very rarely use ftp but daily use scp and occasionally use sftp. For information on sftp (for Linux) look at the man page (man sftp) on a linux computer. Can't help you with the Mac.

1 members found this post helpful.

Have you verified the Cyberduck bookmark setups as documented here?

Yes.

I had port 22 blocked and use a higher port for SSH for security reasons.


You lost me.

I am using CyberDuck to SSH into my computer using the SFTP protocol. (Did I say that right?)

FTP is blocked on my servers, and I would never use FTP.


I created a test file on my Mac and typed in this command from my Mac's Terminal...
When I hit enter the cursor just goes to the next line and sits there like it is waiting for more?



I have a monaged VPS, so they have access to everything as far as I know. (Last night when Iw as on the phone for 4 hours, the kid was supposedly looking at my conenction log files...)

I have no clue how to access those in WHM or cPanel.



I'll have to find out where they are...



SFTP



I use passwordless SSH authentication, and in my bookmark I am pointing CyberDuck to my private key.

Above I was trying to use scp on my day-to-day Mac, and then I realized that might not work.

On the Mac I use to adminster my VPS, I typed ths in...
When I do that on this Mac, I gte a prompt for a password which I didn't on my day-to-day Mac.

I assumed that it was asking for the passphrase on my private-key, but when I enter that, it just prompts me again...

Not sure what to do?!

At first glance it appears to be asking for the user's password on the receiving machine. That indicates that the receiving machine does not have the senders public key in its authorized_keys file or it has the wrong key or it is configured to not use public key authentication. And since it is not accepting the password you give it then that password is not the user's password on the receiving machine for whatever reason, or at least that is what it thinks. So, assuming you have physical access to the receiving machine, go to it and login as the user you are claiming to be. If you can't then you have a password problem. Change user's password. If you can login, then check the sshd configuration file and make sure that public key authentication is enabled. The comments in the file are good and will tell you which entry is for that. I can't tell you what your configuration file is since I don't know the distribution you are using, whether you are using a user created file or the standard, etc. However, on my machine (ubuntu based) the default configuration file is used which is /etc/ssh/sshd_config. The next thing to check is to make sure sshd is running, which it certainly appears to be but you never know. Again, without knowing your distribution and version I can't tell you exactly how to do that. Assuming it is a fairly recent version of a distro that has converted to systemd the command would be You could also try realizing you will always get at least one entry containing 'sshd' but you can identify that one because the command it is executing will be listed. You are looking for any other commands (more than one entry returned).
At this point you know the user's password is correct.

By the way, just to not overlook the obvious, I assume the username you are using actually has an account on the receiving machine. That kind of gotcha can sneak up on you. Capitalization is the same, spelling is the same? I assume yes but it is little things like that it can take you days to find.

It has been a long time since using OS X so I do not recall if it comes with an SSH agent, so I will ask about that out of curiosity. If ssh-add responds with any message at all about keys, rather than about no connection, then you have some additional good options. The system is pretty antiquated in surprising ways that don't immediately further the current business interests of the company.

Anyway, to use an SSH key you would generally need to point the client at it using the -i option. Give it a test in the terminal from the problem Macintosh and then you'll know whether something with CyberDuck is off:

Mind the capitalization of -P and -p and the difference between -l and -i.

If any of those those last three work then it is hopefully a matter with CyberDuck's configuration and not its logic or programming.

@agillator,

I just learned how to scp for the first time from my webhost...

We were missing a switch to point to my private-key.

This works on BOTH of my servers...
It prompts for my private-key, and wha-la, my file was copying from my Macintosh to my VPS.

Very cool!



Yep, that is all good.

Just spent like 2 hours on the phone again.

This guy seemed smarter, but still no luck.

I pleaded with this guy to *please* find someone who can help me get this fixed before COB Friday - I gotta get my website and business going before the Holidays hit!!

All of this is so damn frustrating...

CyberDuck works going into VPS1, and I can command-line SSH into both VPS1 and VPS2, so WTF is wrong with trying to CyberDuck into VPS2??

Macs come with OpenSSH installed as part of Terminal.


See my response above - I learned how to use scp tonight on the phone. Yes, it is similar to SSH.

So on my problematic VPS server, I can command-line SSH and SCP in, but CyberDuck won't lt me connect.

The web host tech is going through config files and going to do a compare, because I am convinced the only "delta" would be between servers and not on my Macintosh.

Thanks, but is an SSH agent of any kind set up and running? However, that is a digression and I am merely curious.

About CyberDuck you can increase logging.

https://trac.cyberduck.io/wiki/help/en/faq#macOS2

I'd try that and then run the program through its paces and reproduce the problem again and then look at the logs.

Have to confess I don't know what that means... I have heard the term "agent" before, but not sure what that means or how it relates to SSH on my Mac?

I know I can use Terminal to SSH command-line into my VPS.



Thanks. Tried that, but sadly it doesn't log anything at all. Don't even get a CyberDuck folder in the logs so thatd oesn't help...

Did you also restart Cyberduck after turning on its logging? The log output will be in a file called system.log somewhere, not a separate folder as far as I know. Again, it's been years since I've touched legacy systems like OS X, but the system.log file ought to be in /var/log/ or /Library/Logs/ and there might be a user-specific derivative in ~/Library/Logs/ So check all three places for that file. Then when you find it please skim it for CyberDuck or SSH activity.