Bug 21884

Summary: Machine is not accessible via sftp after update from mga5 to mga6.
Product: Mageia Reporter: Viktor Mojr <viktormojr>
Component: RPM PackagesAssignee: Guillaume Rousse <guillomovitch>
Status: RESOLVED WONTFIX QA Contact:
Severity: major    
Priority: Normal CC: j.alberto.vc, mageia, marja11, zen25000
Version: 6Keywords: IN_ERRATA6
Target Milestone: ---   
Hardware: x86_64   
OS: Linux   
URL: http://www.unix.com/unix-for-dummies-questions-and-answers/165675-sftp-issue-connection-closed-2.html?s=d181a0918345b4e6c7a25f2277733350
Whiteboard:
Source RPM: openssh CVE:
Status comment:
Bug Depends on:    
Bug Blocks: 21340    

Description Viktor Mojr 2017-10-17 06:50:45 CEST 
After update from mga5 to mga6 sftp does not work, machine is not accesible via sftp even after successful login (ssh is working).

$ sftp -vvv zzzzz.zzzzz.cz
OpenSSH_6.6, OpenSSL 1.0.2k  26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to s1119-calimero.vscht.cz [147.33.228.18] port 22.
debug1: Connection established.

...

Password:
debug3: packet_send2: adding 32 (len 16 padlen 16 extra_pad 64)
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 0
debug3: packet_send2: adding 48 (len 6 padlen 10 extra_pad 64)
debug1: Authentication succeeded (keyboard-interactive).
Authenticated to zzzzzzzzz.zzzzz.cz ([ZZZ.ZZ.ZZZ.ZZ]:22).

...

Transferred: sent 2604, received 2852 bytes, in 0.0 seconds
Bytes per second: sent 53027.2, received 58077.5
debug1: Exit status 127
Connection closed

The error was in /etc/ssh/sshd_config:

# override default of no subsystems
Subsystem       sftp    /usr/lib64/ssh/sftp-server

I overwrited to:

# override default of no subsystems
Subsystem       sftp    /usr/libexec/openssh/sftp-server

After restart of sshd, sftp works.

Steps to Reproduce:
1. Update from fully updated mga5 to mga6 via network.
2. Try to access your machine via sftp from other machines.
Comment 1 Marja Van Waes 2017-10-17 10:46:51 CEST 
The sftp-server file did indeed move between Mga5 and Mga6 versions of openssh-server

<marja> :findfile -v5 /usr/lib64/ssh/sftp-server
<Sophie> find in (Mga, 5, x86_64) : openssh-server
<marja> :findfile -v6 /usr/lib64/ssh/sftp-server
<Sophie> Sorry, no file /usr/lib64/ssh/sftp-server found in (Mga, 6, x86_64)
                          
<marja> :findfile -v5 /usr/libexec/openssh/sftp-server
<Sophie> Sorry, no file /usr/libexec/openssh/sftp-server found in (Mga, 5,..                     
<marja> :findfile -v6 /usr/libexec/openssh/sftp-server
<Sophie> find in (Mga, 6, x86_64) : openssh-server

Assigning to our registered openssh maintainer

CC: (none) => marja11
Assignee: bugsquad => guillomovitch
Ever confirmed: 0 => 1
Status: UNCONFIRMED => NEW
Source RPM: (none) => openssh

Comment 2 Sander Lepik 2017-10-17 21:31:21 CEST 
I'd say it's not a bug. /etc/ssh/sshd_config is installed as /etc/ssh/sshd_config.rpmnew during upgrade. It's up to the system administrator to diff current conf against the new one and apply changes if needed.

CC: (none) => mageia

Comment 3 David Walser 2017-10-18 23:13:46 CEST 
That's true.  For a case like this, it probably wouldn't hurt to have a install trigger that replaces the old value if it's in your config.
Comment 4 katnatek 2017-10-19 20:27:18 CEST 
See Also: https://bugs.mageia.org/show_bug.cgi?id=21255

CC: (none) => j.alberto.vc

Comment 5 Guillaume Rousse 2017-10-28 15:42:43 CEST 
First, that's not the first time an executable change location between release, especially since we started to use /usr/libexec path.

Second, I'm not confortable with the idea of automatically changing content of configuration files after initial installation, even with the best intent, as it seems far most susceptible to cause unexpected troubles for everybody than anything else. Users have been expected to review configuration changes after update since the beginning of the distribution (they are even tools to make this easier), why should we change this assumption now ?
Comment 6 Guillaume Rousse 2017-12-16 10:31:27 CET 
Closing as wontfix.

Status: NEW => RESOLVED
Resolution: (none) => WONTFIX

Comment 7 katnatek 2017-12-16 21:17:39 CET 
WorkArround https://bugs.mageia.org/show_bug.cgi?id=21255#c1
katnatek 2018-03-15 00:12:23 CET

Blocks: (none) => 21340

Comment 8 katnatek 2018-08-24 22:13:20 CEST 
*** Bug 22340 has been marked as a duplicate of this bug. ***

CC: (none) => zen25000

Comment 9 katnatek 2018-08-24 22:30:23 CEST 
Added to erratas due bug#22340

Keywords: (none) => IN_ERRATA6