plugout.net

[Jocko]

Indeed it is better.

About sftp log, there is still an error

Code: Select all

requested read offset (32768 bytes) greater than size of '/XXX/Backups/validate.tmp-30924-1495115955.txt' (84 bytes)

It is a known issue between sftp client basis on SSH-2.0-OpenSSH and sftp module of proftpd.

proftpd developers did not succeed to explain why there is this offset and do not want to deepen it as they think it is an issue on the client side. Anyhow the file is not corrupted so it is a minor issue.

So I do not go to deepen more if you can now backup data via the sftp server. This version will be included in next version which comes soon...

fvdw is not a technical share like tr-daemon, btsync,.. The admin user need it for example to patch the firmware, store an add-on package (manual install), read backup file, etc. So fvdw is a standard share allowing to manage the NAS where of course you need to set user permissions.

Only on the technical shares you can disable the samba access (to hide them on this server) as they are useless. So for fvdw as the other shares, you need to stop the samba server if you want to close the samba access (may sense only for MAC users)

Deleting it causes problems with my Btsync on restart. For some reason if i delete the fvdw folder, then i have to reinstall btsync on restart.

This is logical. Since version 16.0, btsync (but also mldonkey, transmission, web-explorer,...) are no longer included in the firmware image and they are now add-ons with their own auto-install process. Their files are now stored in the folder addons of fvdw. So if you delete fvdw you need to reinstall them which creates again fvdw share...

[iamola]

I see, so basically nothing i can do to hide it even from my admin account :/

[Jocko]

What is the issue to see this share :scratch

[iamola]

Lol, i'm ocd. Just wanted to see public and mine lol.

But......

I cant SSH for some reason now.
I try to connect as i did before and i get a Permission denied (publickey).
Works for password though.
Worked before also with the key.
Only changes i've done is the patches. :/

[Jocko]

Only changes i've done is the patches. :/

The patches change nothing on the ssh server side (just proftpd)

So try to restart the nas and see what happens

[iamola]

Ahhh, that worked. Weird lol.

Thanks Jocko.
Waiting on the new version :)

[Jocko]

Yes next version 17.0 comes soon:
- development is complete
- but need to fix a bug on kernel version 4.6.6 with usb-extra feature (occurs fatal error on the kernel)

[iamola]

Hey Jocko, me again :please
The file its trying to upload is about 4GB-5GB which might be the reason why, but any help as to why this error happened? The upload did not complete, it only uploaded about 2GB worth.

Code: Select all

2017-05-19 02:09:19,151 XXX.local proftpd[4792] XXX (XXX[XXX]): USER XXX: Login successful.
2017-05-19 02:09:19,222 mod_sftp/0.9.9[4792]: 'subsystem' channel request for 'sftp' subsystem
2017-05-19 02:09:19,224 mod_sftp/0.9.9[4792]: using SFTP protocol version 3 for this session (channel ID 0)
2017-05-19 02:09:19,586 mod_sftp/0.9.9[4792]: client set permissions on '/XXX/Backups/weekly/2017-05-19/XXX.tar.gz' to 0600
2017-05-19 02:09:19,625 mod_sftp/0.9.9[4792]: client set permissions on '/XXX/Backups/weekly/2017-05-19/XXX.tar.gz' to 0600
2017-05-19 02:20:33,464 mod_sftp/0.9.9[4792]:  + Session key exchange: diffie-hellman-group-exchange-sha256
2017-05-19 02:20:33,464 mod_sftp/0.9.9[4792]:  + Session server hostkey: ssh-rsa
2017-05-19 02:20:33,464 mod_sftp/0.9.9[4792]:  + Session client-to-server encryption: aes128-ctr
2017-05-19 02:20:33,464 mod_sftp/0.9.9[4792]:  + Session server-to-client encryption: aes128-ctr
2017-05-19 02:20:33,464 mod_sftp/0.9.9[4792]:  + Session client-to-server MAC: hmac-sha1
2017-05-19 02:20:33,464 mod_sftp/0.9.9[4792]:  + Session server-to-client MAC: hmac-sha1
2017-05-19 02:20:33,464 mod_sftp/0.9.9[4792]:  + Session client-to-server compression: none
2017-05-19 02:20:33,464 mod_sftp/0.9.9[4792]:  + Session server-to-client compression: none
2017-05-19 02:20:33,916 mod_sftp/0.9.9[4792]: client sent buggy/malicious packet payload length, ignoring
2017-05-19 02:20:33,916 mod_sftp/0.9.9[4792]: unable to read payload from socket 0
2017-05-19 02:20:33,916 mod_sftp/0.9.9[4792]: disconnecting (Application error)
2017-05-19 02:20:33,918 mod_sftp/0.9.9[4792]: aborting 1 unclosed file handle
2017-05-19 02:20:33,931 CLOUD.local proftpd[4792] XXX (XXX[XXX]): SSH2 session closed.


[Jocko]

Hi Iamola,

That seems an issue with ssh client (maybe an old version).

To deepen this new issue, put these 2 lines in a txt file

Code: Select all

TraceLog /tmp/var/log/proftpd/trace.log
Trace scp:20 sftp:20 ssh2:20

Save the file in the fvdw share

Then on the ftp setup menu, select this last file as an additional conf file.

Note: with these options, sftp module will be very verbose. search in trace.log and post here the lines about message "client sent buggy/malicious packet payload length, ignoring", should be lines with tag "ssh" as it is an encryption issue.

What openssl version do have on the client side ?

[iamola]

Open SSL -- OpenSSL/1.0.1e from client side.
I did the additional conf, restarted and here is the log still:
I also saw this on a Google Search: http://www.proftpd.org/docs/contrib/mod_sftp.html

Code: Select all

2017-05-23 02:07:18,388 XXX.local proftpd[1639] XXX (XXX[XXX]): USER XXX: Login successful.
2017-05-23 02:07:18,463 mod_sftp/0.9.9[1639]: 'subsystem' channel request for 'sftp' subsystem
2017-05-23 02:07:18,467 mod_sftp/0.9.9[1639]: using SFTP protocol version 3 for this session (channel ID 0)
2017-05-23 02:07:18,844 mod_sftp/0.9.9[1639]: client set permissions on '/XXX/Backups/weekly/2017-05-23/XXX.tar.gz' to 0600
2017-05-23 02:07:18,884 mod_sftp/0.9.9[1639]: client set permissions on '/XXX/Backups/weekly/2017-05-23/XXX.tar.gz' to 0600
2017-05-23 02:23:00,761 mod_sftp/0.9.9[1639]:  + Session key exchange: diffie-hellman-group-exchange-sha256
2017-05-23 02:23:00,781 mod_sftp/0.9.9[1639]:  + Session server hostkey: ssh-rsa
2017-05-23 02:23:00,781 mod_sftp/0.9.9[1639]:  + Session client-to-server encryption: aes128-ctr
2017-05-23 02:23:00,782 mod_sftp/0.9.9[1639]:  + Session server-to-client encryption: aes128-ctr
2017-05-23 02:23:00,782 mod_sftp/0.9.9[1639]:  + Session client-to-server MAC: hmac-sha1
2017-05-23 02:23:00,782 mod_sftp/0.9.9[1639]:  + Session server-to-client MAC: hmac-sha1
2017-05-23 02:23:00,782 mod_sftp/0.9.9[1639]:  + Session client-to-server compression: none
2017-05-23 02:23:00,783 mod_sftp/0.9.9[1639]:  + Session server-to-client compression: none
2017-05-23 02:23:01,273 mod_sftp/0.9.9[1639]: client sent buggy/malicious packet payload length, ignoring
2017-05-23 02:23:01,273 mod_sftp/0.9.9[1639]: unable to read payload from socket 0
2017-05-23 02:23:01,273 mod_sftp/0.9.9[1639]: disconnecting (Application error)
2017-05-23 02:23:01,299 mod_sftp/0.9.9[1639]: aborting 1 unclosed file handle
2017-05-23 02:23:01,311 CLOUD.local proftpd[1639] XXX (XXX[XXX]): SSH2 session closed.