How to verify if SFTP access has been granted on a server - sftp

How can we verify that SFTP access has been granted on a server, without installing any software/tools?

Most servers have curl and scp installed, which you can use to log into an SFTP server. To test if your credentials work using curl, you could do this:
$ curl -u username sftp://example.org/
Enter host password for user 'username':
Enter your password and if it works you'll get a listing of files (like ls -al), if it doesn't work you'll get an error like this:
curl: (67) Authentication failure
You could also try using scp:
$ scp username#example.org:testing .
Password:
scp: testing: No such file or directory
This verifies that you that you were able to log in, but it couldn't find the testing file. If you weren't able to log in you'd get a message like this:
Permission denied, please try again.
Received disconnect from example.org: 2: ...error message...

One of the many ways to check for SFTP access using password based authentication:
sftp username#serverName
or
sftp username#serverIP
And then entering password.
You will get "Permission denied, please try again." message if it fails otherwise you will be allowed inside the server with screen-
sftp>
You can test it fully works with commands like ls, mkdir etc.

Try logging in.
Not being snarky -- that really is probably the simplest way. By 'verify[ing] that SFTP access has been granted," what you're really doing is checking is a particular l/p pair is recognized by the server.

Alternatively, other than doing the "sftp -v" command mentioned above, you can always cat the SSH/SFTP logs stored on any server running sshd and direct them to a file for viewing.
A command set like the following would work, where 1.1.1 would be the /24 of the block you are trying to search.
cd /var/log/
cat secure.4 secure.3 secure.2 secure.1 secure |grep sshd| grep -v 1.1.1> /tmp/secure.sshd.txt
gzip -9 /tmp/secure.sshd.txt

G'day,
What about telnet on to port 115 (if we're talking Simple FTP) and see what happens when you connect. If you don't get refused try sending a USER command, then a PASS command, and then a QUIT command.
HTH
cheers,

In SFTP , the authentication can be of following types :
1. Password based authetication
2. Key based authentication
But if u r going for key based authentication then u have to prepare setup according to that and
proceed the login procedure.If the key based authentication fails it automatically asks for password means it automatically switches to password based mode. By the way if u want to verify u can use this on linux :
"ssh -v user#IP "
It will show u all the debug messages , and if the authentication is passed u will be logged in otherwise u will get "Permission denied". Hope this will help u.

Related

Saslauthd with pam mysql not working - size read failed

I am trying build new server Fedora 37 but when I trying to use PamMysql /because logins from postfix are stored in DB/ it is not working
very strange is, that only one ask to saslauthd will stop and broke saslauthd
I am using standard PamMysql and Saslauthd
smtp.postfix in pam.d
auth required pam_mysql.so user=postfix passwd=xxxx host=127.0.0.1 db=postfix table=mailbox usercolumn=username passwdcolumn=password crypt=1
account sufficient pam_mysql.so user=postfix passwd=xxxx host=127.0.0.1 db=postfix table=mailbox usercolumn=username passwdcolumn=password crypt=1
when I try only "testsaslauthd -u "yyy" -p "xxx" -s smtp"
It fails, stops Saslauthd and write me "size read failed"
Have anybody this error ?? on Fedora 37 ??
BTW: When I change SMTP.POSTFIX in PAM.D -> crypt=0 and write password to DB manually in cleartext - all works fine - but unusable, because of second one of mail - Dovecot is not able to authenticate cleartext passwords ;-)
I think, that problem will be in crypting of SASLAUTHD...because in Dovecot same logins are not problem...and on my older server is not problem too
BTW: I have built maybe 10 mailservers, same situation with no problems. but this is first on Fedora37

How to telnet using Telnet library of Robot Framework where there is no login Password required for Telnet to server

How to telnet using Telnet library of Robot Framework where there is no login Password required for Telnet to server
My code is
*** Settings ***
Library Telnet
Test Teardown Close All Connections
*** Test Cases ***
Telnet to DUT
Open Connection 192.168.2.254
Login ls date login_prompt=# password_prompt=""
Execute Command ls
Just given ls and date to check since there is no username password required to connect. And by correct\expected prompt is #
And I am getting "ls" output as well but next time when it is expecting a Password prompt it is failing with the below error as there is no Password prompt
"No match found for '""' in 3 seconds. Output:"
Can someone pls help.. may be this is easy and I am not able to figure it out.
Thanks in advance
I got the answer, kindly ignore it.
Added prompt_is_regexp=yes prompt=# (This is expected prompt) in Open Connection and this worked.

Proxy authentication using wget on cygwin

My institute recently installed a new proxy server for our network. I am trying to configure my Cygwin environment to be able to run wget and download data from a remote repository.
Browsing the internet I have found two different solutions to my problem, but no one of them seem to work in my case.
The first one I tried was to follow these instructions, so in Cygwin:
cd /cygdrive/c/cygwin64/etc/
nano wgetrc
at the end of the file, I added:
use_proxy = on
http_proxy=http://username:password#my.proxy.ip:my.port/
https_proxy=https://username:password#my.proxy.ip:my.port/
ftp_proxy=http://username:password#my.proxy.ip:my.port/
(of course, using my user and password)
The second approach was what was suggested by this SO post, so in my Cygwin environment:
export http_proxy=http://username:password#my.proxy.ip:my.port/
export https_proxy=https://username:password#my.proxy.ip:my.port/
export ftp_proxy=http://username:password#my.proxy.ip:my.port/
in both cases, if I try to test my wget, I get the following:
$ wget http://www.google.com
--2020-01-30 12:12:22-- http://www.google.com/
Resolving my.proxy.ip (my.proxy.ip)... 10.1XX.XXX.XX
Connecting to my.proxy.ip (my.proxy.ip)|10.1XX.XXX.XX|:8XXX... connected.
Proxy request sent, awaiting response... 407 Proxy Authentication Required
2020-01-30 12:12:22 ERROR 407: Proxy Authentication Required.
It looks like if my user and password are not ok, but I actually checked them on my browsers and my credentials work just fine.
Any idea on what this could be due to?
This problem was solved thanks to the suggestion of a User of the community AskUbuntu.
Basically, instead of editing the global configuration file wgetrc, I should have created a new .wgetrc with my proxy configuration in my Cygwin home directory.
In summary:
Step 1 - Create a .wgetrc file;
nano ~/.wgetrc
Step 2 - record in this file the proxy info:
use_proxy=on
http_proxy=http://my.proxy.ip:my.port
https_proxy=https://my.proxy.ip:my.port
ftp_proxy=http://my.proxy.ip:my.port
proxy_user=username
proxy_password=password

Atom Remote-edit: Error occured when connecting to sftp

I am able via sftp using the same credentials on WinSCP, so why would I get an error message on Atom's remote edit package?
I corrected this by modifying the sshd_config file on the server.
sudo vi /etc/ssh/sshd_config
I modified the following line:
PasswordAuthentication yes #changed from no to yes
then I restarted the ssh daemon:
sudo service ssh restart
and that did the trick. I believe that Atom is sending passwords in clear text to the server, so using password authentication may cause issues unless you have PasswordAuthentication set to yes.

ldap_bind: Invalid credentials (49) again

I have searched several posting on this message and I am still getting the error when I attempt to do an "ldapsearch"
I have changed the slapd.conf to use a plain-text password and I am still getting the error. I have also made sure that there are no blank spaces in the file. The log file shows and iptables is turned off. I have attempted to follow the LDAP setup from
"http://www.itmanx.com/kb/centos63-openldap-phpldapadmin".
conn=1001 fd=15 ACCEPT from IP=[::1]:54486 (IP=[::]:389)
conn=1001 op=0 BIND dn="cn=Manager,dc=domain,dc=local,dc=pt" method=128
conn=1001 op=0 RESULT tag=97 err=49 text=
conn=1001 fd=15 closed (connection lost)
my server is running Centos 6.4 64.
below are the commands I am using
"ldapsearch -x -D cn=Manager,dc=domain,dc=local,dc=pt -w abc"
my slapd.conf file
database bdb
suffix "dc=domain,dc=local"
checkpoint 1024 15
rootdn "cn=Manager,dc=domain,dc=local"
rootpw abc
You need to generate your password like below -
slappasswd -h {CLEARTEXT}
enter password - abc
Do the search -
ldapsearch -x -h ipaddress(mention ip address) -D "cn=Manager,dc=domain,dc=local" -W
In the search you try to bind as:
cn=Manager,dc=domain,dc=local,dc=pt
but in the config the rootdn is:
cn=Manager,dc=domain,dc=local
This is of course "an invalid credential".
You are binding as the rootdn, which is to say the "root account" of your DIT. This account's password is, in this case, config-based. It is possible that while 'abc' is the configured password, it may not be the loaded password.
Case in point: Someone goes into the slapd.conf file and changes the rootdn password from 'xyz' to 'abc' but neglects to restart the OpenLDAP daemon. What will happen here is that 'abc' will NOT work until the process is restarted, and thus the OpenLDAP daemon will continue to honor the OLD password of 'xyz'.
I hope this helps...
Max

Resources