Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Over the last week I set up two VPS's. They are all but identical.
The boxes are Linux and I am a Mac user.
I set up password-less SSH authentication on both servers.
On my first server, I am able to successfully SSH in using command-line and using the Mac SFTP client, CyberDuck.
On my second (PITA) VPS, I am able to SSH in using command-line, but my CyberDuck connection keeps failing.
Was working on this until like 4am this morning and gave up.
To me, it appears to be one of two things...
Either it is a caching issue where CyberDuck is trying to use the private-key for VPS#1 when I use the bookmark to log into VPS#2, or it is a permissions issue.
I am not conversant in CyberDuck however I assume it is a fairly standard ftp program. So, I can see a number of possibilities. First, I assume you have each server on a separate computer. So the first and easiest thing to check is the firewall, make sure both firewalls allow the appropriate inbound ports. Second, try uploading and/or downloading a file using scp instead of ftp/sftp. If you can do that with no problem then the fault probably lies somewhere in your CyberDuck/ftp server configuration. From what you say I would look first at the ftp server configuration. Compare the two configurations (the one that works and the one that doesn't). Make sure they are the same. On trick you might try is to move the bad server's configuration file to a backup and copy to good server's configuration file to the bad server. Be sure and check that necessary changes are made, of course, ips, hostnames and the like. Then see if things work. What ftp server program are you using? You obviously don't have a problem with SSH; are you sure your ftp program uses SSH for authentication? Have you checked your logs to see what error messages, if any, you get? Your logs may depend upon your distribution but there should be some hint in either your system log or you ftp server log.
I am not conversant in CyberDuck however I assume it is a fairly standard ftp program.
For macs, yes.
Quote:
Originally Posted by agillator
So, I can see a number of possibilities. First, I assume you have each server on a separate computer.
Yes.
Quote:
Originally Posted by agillator
So the first and easiest thing to check is the firewall, make sure both firewalls allow the appropriate inbound ports.
Doesn't the fact that I can SSH in using command-line prove my firewall is okay?
Quote:
Originally Posted by agillator
Second, try uploading and/or downloading a file using scp instead of ftp/sftp. If you can do that with no problem then the fault probably lies somewhere in your CyberDuck/ftp server configuration.
How do I do that? (I have no clue about Linux command-line...)
Quote:
Originally Posted by agillator
From what you say I would look first at the ftp server configuration. Compare the two configurations (the one that works and the one that doesn't). Make sure they are the same. On trick you might try is to move the bad server's configuration file to a backup and copy to good server's configuration file to the bad server. Be sure and check that necessary changes are made, of course, ips, hostnames and the like. Then see if things work.
So which files do I need to copy over?
Quote:
Originally Posted by agillator
What ftp server program are you using?
I'm not sure, but I think some version of OpenSSH...
Quote:
Originally Posted by agillator
You obviously don't have a problem with SSH; are you sure your ftp program uses SSH for authentication?
On my Mac I have CyberDuck installed. I have a bookamark to VPS1 and VPS2. When I double-click on the VPS1 bookmark, I get a prompt asking for my VPS1 private key. I am able to log in.
When I double-lick on the VPS2 bookmark, I get a connection error.
Quote:
Originally Posted by agillator
Have you checked your logs to see what error messages, if any, you get? Your logs may depend upon your distribution but there should be some hint in either your system log or you ftp server log.
My webhost said they saw me connecting last night and it tries to connect and then it's like the client retracts the connection. They said there is nothing wrong on the server.
I think this is either a cahcing issue with CyberDuck or some obscure setting on the server that is off.
The whole thing is maddening, and my webhst isn't very helpful...
Firewall ports: ftp in general uses ports 20 and 21. SSH and its bretheren use port 22. sftp operates through an ssh connection so would use port 22.
SCP stands for secure copy and is part of ssh. I can't help you with commands for the MAC. But, for linux take a look and the man page (man scp). The general format is
Code:
scp <source> <destination>
Both source and destination, in general, are of the form user@host:/file/path. If the standard port 22 is not used, then you need the -P switch. If both users are the same as the current user then the 'user@' may be omitted. If a host is the current host, the 'host:' may be omitted if the user is also omitted. For example, if my username is joe on both the receiver and sender, I could copy a file from host jones to host smith with the following complete command:
A shorter version making assumptions as above would be
Code:
scp afile.txt smith:/some/directory/
Now, if you can transfer files by scp then you know your problem is with ftp.
Which configuration files you need to copy/examine depends on the programs you are using. Check the documentation for that information.
Your web host cannot tell you what is happening except in a very general way. You need to look at YOUR logs, which your web host had better not have access to. You should be able to find an attempted connection and, if it failed, there should be some explanation. It may be cryptic, you may or may not have a clue, but at least it is a start.
Now, another thought comes up. How are you trying to transfer files, by ftp, sftp or how? Telling me what mac program you are using accomplishes nothing since I have never used a mac. That you need to find out in your documentation.
I will also say that you should never be asked for your private ssh key. To begin with it is far too long. What you MAY be asked for is the password you saved it with when it was generated if you set one.
OpenSSH is secure shell (ssh) and includes scp and sftp. ftp is different. Personally I very rarely use ftp but daily use scp and occasionally use sftp. For information on sftp (for Linux) look at the man page (man sftp) on a linux computer. Can't help you with the Mac.
Firewall ports: ftp in general uses ports 20 and 21. SSH and its bretheren use port 22. sftp operates through an ssh connection so would use port 22.
I had port 22 blocked and use a higher port for SSH for security reasons.
Quote:
Originally Posted by agillator
SCP stands for secure copy and is part of ssh. I can't help you with commands for the MAC. But, for linux take a look and the man page (man scp). The general format is
Code:
scp <source> <destination>
Both source and destination, in general, are of the form user@host:/file/path. If the standard port 22 is not used, then you need the -P switch. If both users are the same as the current user then the 'user@' may be omitted. If a host is the current host, the 'host:' may be omitted if the user is also omitted. For example, if my username is joe on both the receiver and sender, I could copy a file from host jones to host smith with the following complete command:
When I hit enter the cursor just goes to the next line and sits there like it is waiting for more?
Quote:
Originally Posted by agillator
Your web host cannot tell you what is happening except in a very general way. You need to look at YOUR logs, which your web host had better not have access to.
I have a monaged VPS, so they have access to everything as far as I know. (Last night when Iw as on the phone for 4 hours, the kid was supposedly looking at my conenction log files...)
I have no clue how to access those in WHM or cPanel.
Quote:
Originally Posted by agillator
You should be able to find an attempted connection and, if it failed, there should be some explanation. It may be cryptic, you may or may not have a clue, but at least it is a start.
I'll have to find out where they are...
Quote:
Originally Posted by agillator
Now, another thought comes up. How are you trying to transfer files, by ftp, sftp or how? Telling me what mac program you are using accomplishes nothing since I have never used a mac. That you need to find out in your documentation.
SFTP
Quote:
Originally Posted by agillator
I will also say that you should never be asked for your private ssh key. To begin with it is far too long. What you MAY be asked for is the password you saved it with when it was generated if you set one.
I use passwordless SSH authentication, and in my bookmark I am pointing CyberDuck to my private key.
At first glance it appears to be asking for the user's password on the receiving machine. That indicates that the receiving machine does not have the senders public key in its authorized_keys file or it has the wrong key or it is configured to not use public key authentication. And since it is not accepting the password you give it then that password is not the user's password on the receiving machine for whatever reason, or at least that is what it thinks. So, assuming you have physical access to the receiving machine, go to it and login as the user you are claiming to be. If you can't then you have a password problem. Change user's password. If you can login, then check the sshd configuration file and make sure that public key authentication is enabled. The comments in the file are good and will tell you which entry is for that. I can't tell you what your configuration file is since I don't know the distribution you are using, whether you are using a user created file or the standard, etc. However, on my machine (ubuntu based) the default configuration file is used which is /etc/ssh/sshd_config. The next thing to check is to make sure sshd is running, which it certainly appears to be but you never know. Again, without knowing your distribution and version I can't tell you exactly how to do that. Assuming it is a fairly recent version of a distro that has converted to systemd the command would be
Code:
sudo systemctl status sshd
You could also try
Code:
sudo ps aux | grep sshd
realizing you will always get at least one entry containing 'sshd' but you can identify that one because the command it is executing will be listed. You are looking for any other commands (more than one entry returned).
At this point you know the user's password is correct.
By the way, just to not overlook the obvious, I assume the username you are using actually has an account on the receiving machine. That kind of gotcha can sneak up on you. Capitalization is the same, spelling is the same? I assume yes but it is little things like that it can take you days to find.
When I do that on this Mac, I gte a prompt for a password which I didn't on my day-to-day Mac.
It has been a long time since using OS X so I do not recall if it comes with an SSH agent, so I will ask about that out of curiosity. If ssh-add responds with any message at all about keys, rather than about no connection, then you have some additional good options. The system is pretty antiquated in surprising ways that don't immediately further the current business interests of the company.
Anyway, to use an SSH key you would generally need to point the client at it using the -i option. Give it a test in the terminal from the problem Macintosh and then you'll know whether something with CyberDuck is off:
It prompts for my private-key, and wha-la, my file was copying from my Macintosh to my VPS.
Very cool!
Quote:
Originally Posted by agillator
By the way, just to not overlook the obvious, I assume the username you are using actually has an account on the receiving machine. That kind of gotcha can sneak up on you. Capitalization is the same, spelling is the same? I assume yes but it is little things like that it can take you days to find.
Yep, that is all good.
Just spent like 2 hours on the phone again.
This guy seemed smarter, but still no luck.
I pleaded with this guy to *please* find someone who can help me get this fixed before COB Friday - I gotta get my website and business going before the Holidays hit!!
All of this is so damn frustrating...
CyberDuck works going into VPS1, and I can command-line SSH into both VPS1 and VPS2, so WTF is wrong with trying to CyberDuck into VPS2??
It has been a long time since using OS X so I do not recall if it comes with an SSH agent, so I will ask about that out of curiosity.
Macs come with OpenSSH installed as part of Terminal.
Quote:
Originally Posted by Turbocapitalist
Anyway, to use an SSH key you would generally need to point the client at it using the -i option. Give it a test in the terminal from the problem Macintosh and then you'll know whether something with CyberDuck is off:
Mind the capitalization of -P and -p and the difference between -l and -i.
If any of those those last three work then it is hopefully a matter with CyberDuck's configuration and not its logic or programming.
See my response above - I learned how to use scp tonight on the phone. Yes, it is similar to SSH.
So on my problematic VPS server, I can command-line SSH and SCP in, but CyberDuck won't lt me connect.
The web host tech is going through config files and going to do a compare, because I am convinced the only "delta" would be between servers and not on my Macintosh.
Thanks. Tried that, but sadly it doesn't log anything at all. Don't even get a CyberDuck folder in the logs so thatd oesn't help...
Did you also restart Cyberduck after turning on its logging? The log output will be in a file called system.log somewhere, not a separate folder as far as I know. Again, it's been years since I've touched legacy systems like OS X, but the system.log file ought to be in /var/log/ or /Library/Logs/ and there might be a user-specific derivative in ~/Library/Logs/ So check all three places for that file. Then when you find it please skim it for CyberDuck or SSH activity.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.