Sftp on os x help

[Diamondmouse]

Okay so I'm having an issue with creating a working sftp server on my Mac, I have setup the new user account properly and port forwarded my router, the problem being I can connect via localhost although cannot connect from remote locations with all credentials being correct, any help with this? I can go over my firewall port forwarding settings again, and the account information. I have also enabled the remote file option in the sharing section.

 

[0d085d]

I have also enabled the remote file option in the sharing section.

Do you mean Remote Login in System Preferences? This is the service that you need to enable for SFTP to work, and it should just work out of the box. If not, how exactly have you set up your server?

I can connect via localhost although cannot connect from remote locations with all credentials being correct

This sort of problem is normally a question of configuring your service to run on *:22 instead of localhost:22, which will only accept connections from your own machine. If you haven't used Remote Login to enable SSH/SFTP then you may have to manually edit your /etc/ssh_config file.

 

[Diamondmouse]

Do you mean Remote Login in System Preferences? This is the service that you need to enable for SFTP to work, and it should just work out of the box. If not, how exactly have you set up your server?



This sort of problem is normally a question of configuring your service to run on *:22 instead of localhost:22, which will only accept connections from your own machine. If you haven't used Remote Login to enable SSH/SFTP then you may have to manually edit your /etc/ssh_config file.

Yes I enabled it in system preferences, what exactly am I getting myself into to get it to run on *.22 I have never used ssh/sftp on this device either, is there any articles on how to manually configure th shh_Config file?

 

[0d085d]

Yes I enabled it in system preferences, what exactly am I getting myself into to get it to run on *.22 I have never used ssh/sftp on this device either, is there any articles on how to manually configure th shh_Config file?

Ignore the *:22 thing - that won't be your problem if you're using Remote Login.

Can you connect to it from another machine on the same network? Are you using Terminal or a graphical client?

Try both of these commands in the Terminal from another machine:

sftp <ip-address>
sftp <hostname>.local

If you go to System Preferences again (on the server) and go to Security and Privacy -> Firewall, is it on? Does it show Remote Login if you click Firewall Options... ?

 

[Diamondmouse]

Ignore the *:22 thing - that won't be your problem if you're using Remote Login.

Can you connect to it from another machine on the same network? Are you using Terminal or a graphical client?

Try both of these commands in the Terminal from another machine:

sftp <ip-address>
sftp <hostname>.local

If you go to System Preferences again (on the server) and go to Security and Privacy -> Firewall, is it on? Does it show Remote Login if you click Firewall Options... ?

System firewall is off and Intego firewall I have off, I can connect locally on any computer within the local network, although I cannot connect with my public IP on a different network, I've used terminal to connect locally, and a graphic app called cyber duck, I've configured port forwarding on my router for port 22 on tcp

 

[Diamondmouse]

here are some screenshots of the things i have done, and this computer is set to have a static IP and theirs no issue there, I also had this problem when i tried to open up the minecraft server, local connections only even though i had taken all the proper steps to make it public, and i had to run[ sudo pfctl ] to get that to work on a public network. or if enabling the DMZ hosting was the reason it the mc server started working publicly, but i disabled it shortly after and it continued to work., keep in mind all IP address's in the images are local IP addresses not public ones.

 

[0d085d]

I also had this problem when i tried to open up the minecraft server, local connections only even though i had taken all the proper steps to make it public, and i had to run[ sudo pfctl ] to get that to work on a public network.

So Minecraft did start to work after you ran a pfctl command? Presumably something like pfctl -ef /etc/pf.conf? Can you post the contents of your /etc/pf.conf file?

What device is managing the DMZ? Is that a configuration on the router? I'm guessing that probably isn't the problem though.

 

[Diamondmouse]

Yes the DMZ is a configuration on the Router. here is the original pf.conf file located in etc/, also when i did this for minecraft i just created a new pf.conf file and added this line into it, Im not to sure if that was the correct way of doing it considering I'm fairly new to mac operating systems. and that conf file just sits on my desktop not doing anything,

#Open port 25565 for TCP on all interfaces

Original pf.conf

#
# Default PF configuration file.
#
# This file contains the main ruleset, which gets automatically loaded
# at startup. PF will not be automatically enabled, however. Instead,
# each component which utilizes PF is responsible for enabling and disabling
# PF via -E and -X as documented in pfctl(8). That will ensure that PF
# is disabled only when the last enable reference is released.
#
# Care must be taken to ensure that the main ruleset does not get flushed,
# as the nested anchors rely on the anchor point defined here. In addition,
# to the anchors loaded by this file, some system services would dynamically
# insert anchors into the main ruleset. These anchors will be added only when
# the system service is used and would removed on termination of the service.
#
# See pf.conf(5) for syntax.
#

#
# com.apple anchor point
#
scrub-anchor "com.apple/*"
nat-anchor "com.apple/*"
rdr-anchor "com.apple/*"
dummynet-anchor "com.apple/*"
anchor "com.apple/*"
load anchor "com.apple" from "/etc/pf.anchors/com.apple"

 

[Diamondmouse]

Also heres my shh.con

So Minecraft did start to work after you ran a pfctl command? Presumably something like pfctl -ef /etc/pf.conf? Can you post the contents of your /etc/pf.conf file?

What device is managing the DMZ? Is that a configuration on the router? I'm guessing that probably isn't the problem though.

Also here is my ssh.conf file Im not sure if the clear forwarding is supposed to be enabled, maybe you can see something wrong with it.

# $OpenBSD: ssh_config,v 1.26 2010/01/11 01:39:46 dtucker Exp $

# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

Host *
SendEnv LANG LC_*

# Configuration options and default values (see ssh_config(5) for their meaning):
#
# Host # (no default)
# AddressFamily any
# AskPassGUI yes # (Apple only)
# BatchMode no
# BindAddress # (no default)
# ChallengeResponseAuthentication yes
# CheckHostIP yes
# Cipher 3des
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour
# ClearAllForwardings no
# Compression no
# CompressionLevel 6
# ConnectionAttempts 1
# ConnectTimeout # (no default)
# ControlMaster no
# ControlPath # (no default)
# ControlPersist no
# DynamicForward
# EnableSSHKeysign no
# EscapeChar ~
# ExitOnForwardFailure no
# ForwardAgent no
# ForwardX11 no
# ForwardX11Timeout 1200
# ForwardX11Trusted no
# XauthLocation xauth # Default is to search $PATH. It is recommended that a full path be provided.
# GatewayPorts no
# GlobalKnownHostsFile /etc/ssh/ssh_known_hosts,/etc/ssh/ssh_known_hosts2
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# GSSAPIKeyExchange no
# GSSAPITrustDNS no
# HashKnownHosts no
# HostbasedAuthentication no
# HostKeyAlgorithms ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss
# HostKeyAlias # (no default)
# HostName # (set by command at run-time)
# IdentitiesOnly no
# IdentityFile .ssh/id_rsa,.ssh/id_dsa
# IPQoS lowdelay
# KbdInteractiveAuthentication yes
# KbdInteractiveDevices # (no default)
# KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
# LocalCommand # (no default)
# LocalForward # (no default)
# LogLevel INFO
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-sha1-96,hmac-md5-96,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96
# NoHostAuthenticationForLocalhost no
# NumberOfPasswordPrompts 3
# PasswordAuthentication yes
# PermitLocalCommand no
# PKCS11Provider # (no default)
# Port 22
# PreferredAuthentications gssapi-with-mic,hostbased,publickey,keyboard-interactive,password # (set by ssh at run-time)
# Protocol 2
# ProxyCommand # (no default)
# PubkeyAuthentication yes
# RekeyLimit 0
# RemoteForward # (no default)
# RequestTTY auto
# RhostsRSAAuthentication no
# RSAAuthentication yes
# SendEnv # (no default)
# ServerAliveCountMax 3
# ServerAliveInterval 0
# StrictHostKeyChecking ask
# TCPKeepAlive yes
# Tunnel no
# TunnelDevice any:any
# UsePrivilegedPort no
# User # (set by command at run-time)
# UserKnownHostsFile ~/.ssh/known_hosts,~/.ssh/known_hosts2
# VerifyHostKeyDNS no
# VisualHostKey no
# XAuthLocationi xauth

 

[Diamondmouse]

And to be completely honest with anyone reading this post, It is completely mind boggling as to why it doesn't just work like it says its supposed to, I may have to contact my ISP to get this resolved, it may not even be a computing issue. The main reason for this is so I don't have to deal with the server as it is someone elses. Its looking easier to go with prohosting on this if it doesn't work

 

[0d085d]

Your SSH config file looks fine.

The question is really about whether the connection is being dropped at the router or at the server.

Try:

ssh -v <public-ip-address>

from another machine and post the results.

Also, try running

sudo pfctl -d

and see if it starts working then.

#Open port 25565 for TCP on all interfaces

Did you add this line with the hash symbol?

 

[Diamondmouse]

Yes i added the line with the #

OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011

debug1: Reading configuration data /etc/ssh_config

debug1: /etc/ssh_config line 20: Applying options for *

debug1: Connecting to 204.83.5.101 [204.83.5.101] port 22.

debug1: connect to address 204.83.5.101 port 22: Operation timed out

ssh: connect to host 204.83.5.101 port 22: Operation timed out

I disable PF:

No ALTQ support in kernel

ALTQ related functions disabled

pfctl: pf not enabled

And it timed out as it did before. It works with local IP with PF enabled or disabled. as it should I'm assuming.

I ran this from the host computer through a VPN so one would imagine it would simulate trying to connect from a different location/computer. correct me if i am wrong. When i connect from other computers on different networks, it times out like this as well.

 

[0d085d]

Since you got a timed out instead of a connection refused, and since the machine accepts connections from the local network, it seems most likely that packets from outside aren't making it to your machine at all.

I'm a bit confused as to why this isn't working. Did you restart the router after you set 172.16.1.1 as the DMZ host?

 

[Diamondmouse]

Since you got a timed out instead of a connection refused, and since the machine accepts connections from the local network, it seems most likely that packets from outside aren't making it to your machine at all.

I'm a bit confused as to why this isn't working. Did you restart the router after you set 172.16.1.1 as the DMZ host?

Yes Ive reset the the connection from inside the router setting, I've reset it from behind the router, I've unplugged the router, and I've even hit the refresh button on the front of the router.. I too am very confused, I guess i may just have to contact my ISP on monday.

 

[0d085d]

Yes Ive reset the the connection from inside the router setting, I've reset it from behind the router, I've unplugged the router, and I've even hit the refresh button on the front of the router.. I too am very confused, I guess i may just have to contact my ISP on monday.

It's possible the ISP is blocking certain traffic, either out of policy or because you did something that looked naughty. Worth a call.

The only other thing I can think to try is downloading Wireshark to your server and comparing what happens when you connect from inside the network and from outside the network.

Sorry I can't be any more help than that.

 

[Diamondmouse]

It's possible the ISP is blocking certain traffic, either out of policy or because you did something that looked naughty. Worth a call.

The only other thing I can think to try is downloading Wireshark to your server and comparing what happens when you connect from inside the network and from outside the network.

Sorry I can't be any more help than that.

Ill check it out, Thanks for your help though, I was on my ISP's webpage and i found a similar issue that two other people were having with the same ISP, although i don't know when the post was and there was only one post and one reply with no resolution from it, both running the same router and had everything configured. but still had the same issue.

 

[Diamondmouse]

It's possible the ISP is blocking certain traffic, either out of policy or because you did something that looked naughty. Worth a call.

The only other thing I can think to try is downloading Wireshark to your server and comparing what happens when you connect from inside the network and from outside the network.

Sorry I can't be any more help than that.

From what i can tell with wire shark is i am not receiving any packets incoming at all to my computer when sent from outside of the local network