AIX

We are SFTP'ing to an AIX (OS 6.1)   server,   it was all running fine, now for some reason all users CAN still login, but can't list or change to any directory at all.

What is more strange is that users CAN still create and remove directories,   just not see them.

Eg:

Connected to aix001
sftp> pwd
Remote working directory: /home/fred
sftp> ls
remote readdir("/home/fred"): Permission denied
sftp> cd /tmp
stat remote: Permission denied
sftp> ls /tmp
Can't ls: "/tmp" not found
sftp> mkdir NEW_DIR               ( It DOES create this directory)
sftp> ls NEW_DIR
Can't ls: "/home/fred/NEW_DIR" not found
sftp> rmdir NEW_DIR              # ( It DOES remove this directory)
sftp> ls /tmp
Can't ls: "/tmp" not found
sftp> mkdir /tmp/NEW            # ( It DOES create this directory)
sftp> ls /tmp/NEW
Can't ls: "/tmp/NEW" not found
sftp> rmdir /tmp/NEW              # (It DOES remove this directory)
sftp> pwd
Remote working directory: /home/fred

Enabled debug, shows no errors. SFTP connections are established without error.

sshd_config:     Subsystem       sftp    internal-sftp

We're out of ideas,  there's no errors being returned at the OS level, just the errors in the FTP client.

Have tried multiple SFTP clients,  they all get same error.

SSH sessions ,  SCP  sessions,  still both work fine.

Anyone ever seen anything like this !?!??!

We are SFTP'ing to an AIX (OS 6.1)   server,   it was all running fine, now for some reason all users CAN still login, but can't list or change to any directory at all.

What is more strange is that users CAN still create and remove directories,   just not see them.

Eg:

Connected to aix001
sftp> pwd
Remote working directory: /home/fred
sftp> ls
remote readdir("/home/fred"): Permission denied
sftp> cd /tmp
stat remote: Permission denied
sftp> ls /tmp
Can't ls: "/tmp" not found
sftp> mkdir NEW_DIR               ( It DOES create this directory)
sftp> ls NEW_DIR
Can't ls: "/home/fred/NEW_DIR" not found
sftp> rmdir NEW_DIR              # ( It DOES remove this directory)
sftp> ls /tmp
Can't ls: "/tmp" not found
sftp> mkdir /tmp/NEW            # ( It DOES create this directory)
sftp> ls /tmp/NEW
Can't ls: "/tmp/NEW" not found
sftp> rmdir /tmp/NEW              # (It DOES remove this directory)
sftp> pwd
Remote working directory: /home/fred

Enabled debug, shows no errors. SFTP connections are established without error.

sshd_config:     Subsystem       sftp    internal-sftp

We're out of ideas,  there's no errors being returned at the OS level, just the errors in the FTP client.

Have tried multiple SFTP clients,  they all get same error.

SSH sessions ,  SCP  sessions,  still both work fine.

Anyone ever seen anything like this !?!??!

Thanks Russell,

Did check  syslog,  but nothing popped up..    Have enabled:

*.debug

*.warn

*.crit

*auth.notice

Only one we havn'et done is daemon.notice 

It logs the SFTP user getting authentication, but not much  else - no obvious errors.

We are SFTP'ing to an AIX (OS 6.1)   server,   it was all running fine, now for some reason all users CAN still login, but can't list or change to any directory at all.

What is more strange is that users CAN still create and remove directories,   just not see them.

Eg:

Connected to aix001
sftp> pwd
Remote working directory: /home/fred
sftp> ls
remote readdir("/home/fred"): Permission denied
sftp> cd /tmp
stat remote: Permission denied
sftp> ls /tmp
Can't ls: "/tmp" not found
sftp> mkdir NEW_DIR               ( It DOES create this directory)
sftp> ls NEW_DIR
Can't ls: "/home/fred/NEW_DIR" not found
sftp> rmdir NEW_DIR              # ( It DOES remove this directory)
sftp> ls /tmp
Can't ls: "/tmp" not found
sftp> mkdir /tmp/NEW            # ( It DOES create this directory)
sftp> ls /tmp/NEW
Can't ls: "/tmp/NEW" not found
sftp> rmdir /tmp/NEW              # (It DOES remove this directory)
sftp> pwd
Remote working directory: /home/fred

Enabled debug, shows no errors. SFTP connections are established without error.

sshd_config:     Subsystem       sftp    internal-sftp

We're out of ideas,  there's no errors being returned at the OS level, just the errors in the FTP client.

Have tried multiple SFTP clients,  they all get same error.

SSH sessions ,  SCP  sessions,  still both work fine.

Anyone ever seen anything like this !?!??!

Thanks Russell,

Did check  syslog,  but nothing popped up..    Have enabled:

*.debug

*.warn

*.crit

*auth.notice

Only one we havn'et done is daemon.notice 

It logs the SFTP user getting authentication, but not much  else - no obvious errors.

We are SFTP'ing to an AIX (OS 6.1)   server,   it was all running fine, now for some reason all users CAN still login, but can't list or change to any directory at all.

What is more strange is that users CAN still create and remove directories,   just not see them.

Eg:

Connected to aix001
sftp> pwd
Remote working directory: /home/fred
sftp> ls
remote readdir("/home/fred"): Permission denied
sftp> cd /tmp
stat remote: Permission denied
sftp> ls /tmp
Can't ls: "/tmp" not found
sftp> mkdir NEW_DIR               ( It DOES create this directory)
sftp> ls NEW_DIR
Can't ls: "/home/fred/NEW_DIR" not found
sftp> rmdir NEW_DIR              # ( It DOES remove this directory)
sftp> ls /tmp
Can't ls: "/tmp" not found
sftp> mkdir /tmp/NEW            # ( It DOES create this directory)
sftp> ls /tmp/NEW
Can't ls: "/tmp/NEW" not found
sftp> rmdir /tmp/NEW              # (It DOES remove this directory)
sftp> pwd
Remote working directory: /home/fred

Enabled debug, shows no errors. SFTP connections are established without error.

sshd_config:     Subsystem       sftp    internal-sftp

We're out of ideas,  there's no errors being returned at the OS level, just the errors in the FTP client.

Have tried multiple SFTP clients,  they all get same error.

SSH sessions ,  SCP  sessions,  still both work fine.

Anyone ever seen anything like this !?!??!

Ran on a new port, even in -ddd debug mode...

Nothing exciting popped up, except the session authentification info...

Only remote warnings were:

Thanks Russell,

Did check  syslog,  but nothing popped up..    Have enabled:

*.debug

*.warn

*.crit

*auth.notice

Only one we havn'et done is daemon.notice 

It logs the SFTP user getting authentication, but not much  else - no obvious errors.

We are SFTP'ing to an AIX (OS 6.1)   server,   it was all running fine, now for some reason all users CAN still login, but can't list or change to any directory at all.

What is more strange is that users CAN still create and remove directories,   just not see them.

Eg:

Connected to aix001
sftp> pwd
Remote working directory: /home/fred
sftp> ls
remote readdir("/home/fred"): Permission denied
sftp> cd /tmp
stat remote: Permission denied
sftp> ls /tmp
Can't ls: "/tmp" not found
sftp> mkdir NEW_DIR               ( It DOES create this directory)
sftp> ls NEW_DIR
Can't ls: "/home/fred/NEW_DIR" not found
sftp> rmdir NEW_DIR              # ( It DOES remove this directory)
sftp> ls /tmp
Can't ls: "/tmp" not found
sftp> mkdir /tmp/NEW            # ( It DOES create this directory)
sftp> ls /tmp/NEW
Can't ls: "/tmp/NEW" not found
sftp> rmdir /tmp/NEW              # (It DOES remove this directory)
sftp> pwd
Remote working directory: /home/fred

Enabled debug, shows no errors. SFTP connections are established without error.

sshd_config:     Subsystem       sftp    internal-sftp

We're out of ideas,  there's no errors being returned at the OS level, just the errors in the FTP client.

Have tried multiple SFTP clients,  they all get same error.

SSH sessions ,  SCP  sessions,  still both work fine.

Anyone ever seen anything like this !?!??!

Even tried switching to sftp-server,

But same result -  Permission Denied everywhere,  no warnings or errors in logs. 

Ran on a new port, even in -ddd debug mode...

Nothing exciting popped up, except the session authentification info...

Only remote warnings were:

Thanks Russell,

Did check  syslog,  but nothing popped up..    Have enabled:

*.debug

*.warn

*.crit

*auth.notice

Only one we havn'et done is daemon.notice 

It logs the SFTP user getting authentication, but not much  else - no obvious errors.

We are SFTP'ing to an AIX (OS 6.1)   server,   it was all running fine, now for some reason all users CAN still login, but can't list or change to any directory at all.

What is more strange is that users CAN still create and remove directories,   just not see them.

Eg:

Connected to aix001
sftp> pwd
Remote working directory: /home/fred
sftp> ls
remote readdir("/home/fred"): Permission denied
sftp> cd /tmp
stat remote: Permission denied
sftp> ls /tmp
Can't ls: "/tmp" not found
sftp> mkdir NEW_DIR               ( It DOES create this directory)
sftp> ls NEW_DIR
Can't ls: "/home/fred/NEW_DIR" not found
sftp> rmdir NEW_DIR              # ( It DOES remove this directory)
sftp> ls /tmp
Can't ls: "/tmp" not found
sftp> mkdir /tmp/NEW            # ( It DOES create this directory)
sftp> ls /tmp/NEW
Can't ls: "/tmp/NEW" not found
sftp> rmdir /tmp/NEW              # (It DOES remove this directory)
sftp> pwd
Remote working directory: /home/fred

Enabled debug, shows no errors. SFTP connections are established without error.

sshd_config:     Subsystem       sftp    internal-sftp

We're out of ideas,  there's no errors being returned at the OS level, just the errors in the FTP client.

Have tried multiple SFTP clients,  they all get same error.

SSH sessions ,  SCP  sessions,  still both work fine.

Anyone ever seen anything like this !?!??!

Hi,

Not sure if this is the case here, but noticed once something similar when your /etc/ssh/sshd_config did not have read permission for group +others... (eg CIS recommendation for /etc/ssh/sshd_config permissions is 600, but when U set that >> ssh works, but sftp not...after switching to 644 >> also sftp started working) 

Br,

tommi

Even tried switching to sftp-server,

But same result -  Permission Denied everywhere,  no warnings or errors in logs. 

Ran on a new port, even in -ddd debug mode...

Nothing exciting popped up, except the session authentification info...

Only remote warnings were:

Thanks Russell,

Did check  syslog,  but nothing popped up..    Have enabled:

*.debug

*.warn

*.crit

*auth.notice

Only one we havn'et done is daemon.notice 

It logs the SFTP user getting authentication, but not much  else - no obvious errors.

We are SFTP'ing to an AIX (OS 6.1)   server,   it was all running fine, now for some reason all users CAN still login, but can't list or change to any directory at all.

What is more strange is that users CAN still create and remove directories,   just not see them.

Eg:

Connected to aix001
sftp> pwd
Remote working directory: /home/fred
sftp> ls
remote readdir("/home/fred"): Permission denied
sftp> cd /tmp
stat remote: Permission denied
sftp> ls /tmp
Can't ls: "/tmp" not found
sftp> mkdir NEW_DIR               ( It DOES create this directory)
sftp> ls NEW_DIR
Can't ls: "/home/fred/NEW_DIR" not found
sftp> rmdir NEW_DIR              # ( It DOES remove this directory)
sftp> ls /tmp
Can't ls: "/tmp" not found
sftp> mkdir /tmp/NEW            # ( It DOES create this directory)
sftp> ls /tmp/NEW
Can't ls: "/tmp/NEW" not found
sftp> rmdir /tmp/NEW              # (It DOES remove this directory)
sftp> pwd
Remote working directory: /home/fred

Enabled debug, shows no errors. SFTP connections are established without error.

sshd_config:     Subsystem       sftp    internal-sftp

We're out of ideas,  there's no errors being returned at the OS level, just the errors in the FTP client.

Have tried multiple SFTP clients,  they all get same error.

SSH sessions ,  SCP  sessions,  still both work fine.

Anyone ever seen anything like this !?!??!

Yep good call,

We read that somewhere too,  checked and we're 644 so all good.

Although almost worth playing with this and seeing if changing it does nay good.

Cheers.

Hi,

Not sure if this is the case here, but noticed once something similar when your /etc/ssh/sshd_config did not have read permission for group +others... (eg CIS recommendation for /etc/ssh/sshd_config permissions is 600, but when U set that >> ssh works, but sftp not...after switching to 644 >> also sftp started working) 

Br,

tommi

Even tried switching to sftp-server,

But same result -  Permission Denied everywhere,  no warnings or errors in logs. 

Ran on a new port, even in -ddd debug mode...

Nothing exciting popped up, except the session authentification info...

Only remote warnings were:

Thanks Russell,

Did check  syslog,  but nothing popped up..    Have enabled:

*.debug

*.warn

*.crit

*auth.notice

Only one we havn'et done is daemon.notice 

It logs the SFTP user getting authentication, but not much  else - no obvious errors.

We are SFTP'ing to an AIX (OS 6.1)   server,   it was all running fine, now for some reason all users CAN still login, but can't list or change to any directory at all.

What is more strange is that users CAN still create and remove directories,   just not see them.

Eg:

Connected to aix001
sftp> pwd
Remote working directory: /home/fred
sftp> ls
remote readdir("/home/fred"): Permission denied
sftp> cd /tmp
stat remote: Permission denied
sftp> ls /tmp
Can't ls: "/tmp" not found
sftp> mkdir NEW_DIR               ( It DOES create this directory)
sftp> ls NEW_DIR
Can't ls: "/home/fred/NEW_DIR" not found
sftp> rmdir NEW_DIR              # ( It DOES remove this directory)
sftp> ls /tmp
Can't ls: "/tmp" not found
sftp> mkdir /tmp/NEW            # ( It DOES create this directory)
sftp> ls /tmp/NEW
Can't ls: "/tmp/NEW" not found
sftp> rmdir /tmp/NEW              # (It DOES remove this directory)
sftp> pwd
Remote working directory: /home/fred

Enabled debug, shows no errors. SFTP connections are established without error.

sshd_config:     Subsystem       sftp    internal-sftp

We're out of ideas,  there's no errors being returned at the OS level, just the errors in the FTP client.

Have tried multiple SFTP clients,  they all get same error.

SSH sessions ,  SCP  sessions,  still both work fine.

Anyone ever seen anything like this !?!??!

Damn ;)

Another call would be checking your /etc/ssh/sshd_config, if there are some denials etc which would prevent using sftp somehow (for certain users / groups etc) ...

Br,

tommi

Yep good call,

We read that somewhere too,  checked and we're 644 so all good.

Although almost worth playing with this and seeing if changing it does nay good.

Cheers.

Hi,

Not sure if this is the case here, but noticed once something similar when your /etc/ssh/sshd_config did not have read permission for group +others... (eg CIS recommendation for /etc/ssh/sshd_config permissions is 600, but when U set that >> ssh works, but sftp not...after switching to 644 >> also sftp started working) 

Br,

tommi

Even tried switching to sftp-server,

But same result -  Permission Denied everywhere,  no warnings or errors in logs. 

Ran on a new port, even in -ddd debug mode...

Nothing exciting popped up, except the session authentification info...

Only remote warnings were:

Thanks Russell,

Did check  syslog,  but nothing popped up..    Have enabled:

*.debug

*.warn

*.crit

*auth.notice

Only one we havn'et done is daemon.notice 

It logs the SFTP user getting authentication, but not much  else - no obvious errors.

We are SFTP'ing to an AIX (OS 6.1)   server,   it was all running fine, now for some reason all users CAN still login, but can't list or change to any directory at all.

What is more strange is that users CAN still create and remove directories,   just not see them.

Eg:

Connected to aix001
sftp> pwd
Remote working directory: /home/fred
sftp> ls
remote readdir("/home/fred"): Permission denied
sftp> cd /tmp
stat remote: Permission denied
sftp> ls /tmp
Can't ls: "/tmp" not found
sftp> mkdir NEW_DIR               ( It DOES create this directory)
sftp> ls NEW_DIR
Can't ls: "/home/fred/NEW_DIR" not found
sftp> rmdir NEW_DIR              # ( It DOES remove this directory)
sftp> ls /tmp
Can't ls: "/tmp" not found
sftp> mkdir /tmp/NEW            # ( It DOES create this directory)
sftp> ls /tmp/NEW
Can't ls: "/tmp/NEW" not found
sftp> rmdir /tmp/NEW              # (It DOES remove this directory)
sftp> pwd
Remote working directory: /home/fred

Enabled debug, shows no errors. SFTP connections are established without error.

sshd_config:     Subsystem       sftp    internal-sftp

We're out of ideas,  there's no errors being returned at the OS level, just the errors in the FTP client.

Have tried multiple SFTP clients,  they all get same error.

SSH sessions ,  SCP  sessions,  still both work fine.

Anyone ever seen anything like this !?!??!

Yup,   went and checked the sshd_config, even reverted to older settings,   but nothing in there that stands out.

Even tried flipping between  sftp-server and internal-sftp,   they both get the same error.

What's really odd is you CAN  create and remove directories .

mkdir NEWDIR   works  (Dir created in /home/user/NEWDIR

cd NEWDIR  -  Error - Permission denied

rmdir NEWDIR  - Works

So bizarre !

Damn ;)

Another call would be checking your /etc/ssh/sshd_config, if there are some denials etc which would prevent using sftp somehow (for certain users / groups etc) ...

Br,

tommi

Yep good call,

We read that somewhere too,  checked and we're 644 so all good.

Although almost worth playing with this and seeing if changing it does nay good.

Cheers.

Hi,

Not sure if this is the case here, but noticed once something similar when your /etc/ssh/sshd_config did not have read permission for group +others... (eg CIS recommendation for /etc/ssh/sshd_config permissions is 600, but when U set that >> ssh works, but sftp not...after switching to 644 >> also sftp started working) 

Br,

tommi

Even tried switching to sftp-server,

But same result -  Permission Denied everywhere,  no warnings or errors in logs. 

Ran on a new port, even in -ddd debug mode...

Nothing exciting popped up, except the session authentification info...

Only remote warnings were:

Thanks Russell,

Did check  syslog,  but nothing popped up..    Have enabled:

*.debug

*.warn

*.crit

*auth.notice

Only one we havn'et done is daemon.notice 

It logs the SFTP user getting authentication, but not much  else - no obvious errors.

We are SFTP'ing to an AIX (OS 6.1)   server,   it was all running fine, now for some reason all users CAN still login, but can't list or change to any directory at all.

What is more strange is that users CAN still create and remove directories,   just not see them.

Eg:

Connected to aix001
sftp> pwd
Remote working directory: /home/fred
sftp> ls
remote readdir("/home/fred"): Permission denied
sftp> cd /tmp
stat remote: Permission denied
sftp> ls /tmp
Can't ls: "/tmp" not found
sftp> mkdir NEW_DIR               ( It DOES create this directory)
sftp> ls NEW_DIR
Can't ls: "/home/fred/NEW_DIR" not found
sftp> rmdir NEW_DIR              # ( It DOES remove this directory)
sftp> ls /tmp
Can't ls: "/tmp" not found
sftp> mkdir /tmp/NEW            # ( It DOES create this directory)
sftp> ls /tmp/NEW
Can't ls: "/tmp/NEW" not found
sftp> rmdir /tmp/NEW              # (It DOES remove this directory)
sftp> pwd
Remote working directory: /home/fred

Enabled debug, shows no errors. SFTP connections are established without error.

sshd_config:     Subsystem       sftp    internal-sftp

We're out of ideas,  there's no errors being returned at the OS level, just the errors in the FTP client.

Have tried multiple SFTP clients,  they all get same error.

SSH sessions ,  SCP  sessions,  still both work fine.

Anyone ever seen anything like this !?!??!

This is now a loooooong shot, but is it a mounted filesystem which U R trying to cd to?

If yes, then one option is that even though the FS permissions look OK, there might be underlying mount point directory permissions which prevent the cd (have seen that behaviour couple of times)

If that is a filesystem, try unmount on it and checking the mounpoint directory permissions after amount..

Br,

tommi

Yup,   went and checked the sshd_config, even reverted to older settings,   but nothing in there that stands out.

Even tried flipping between  sftp-server and internal-sftp,   they both get the same error.

What's really odd is you CAN  create and remove directories .

mkdir NEWDIR   works  (Dir created in /home/user/NEWDIR

cd NEWDIR  -  Error - Permission denied

rmdir NEWDIR  - Works

So bizarre !

Damn ;)

Another call would be checking your /etc/ssh/sshd_config, if there are some denials etc which would prevent using sftp somehow (for certain users / groups etc) ...

Br,

tommi

Yep good call,

We read that somewhere too,  checked and we're 644 so all good.

Although almost worth playing with this and seeing if changing it does nay good.

Cheers.

Hi,

Not sure if this is the case here, but noticed once something similar when your /etc/ssh/sshd_config did not have read permission for group +others... (eg CIS recommendation for /etc/ssh/sshd_config permissions is 600, but when U set that >> ssh works, but sftp not...after switching to 644 >> also sftp started working) 

Br,

tommi

Even tried switching to sftp-server,

But same result -  Permission Denied everywhere,  no warnings or errors in logs. 

Ran on a new port, even in -ddd debug mode...

Nothing exciting popped up, except the session authentification info...

Only remote warnings were:

Thanks Russell,

Did check  syslog,  but nothing popped up..    Have enabled:

*.debug

*.warn

*.crit

*auth.notice

Only one we havn'et done is daemon.notice 

It logs the SFTP user getting authentication, but not much  else - no obvious errors.

We are SFTP'ing to an AIX (OS 6.1)   server,   it was all running fine, now for some reason all users CAN still login, but can't list or change to any directory at all.

What is more strange is that users CAN still create and remove directories,   just not see them.

Eg:

Connected to aix001
sftp> pwd
Remote working directory: /home/fred
sftp> ls
remote readdir("/home/fred"): Permission denied
sftp> cd /tmp
stat remote: Permission denied
sftp> ls /tmp
Can't ls: "/tmp" not found
sftp> mkdir NEW_DIR               ( It DOES create this directory)
sftp> ls NEW_DIR
Can't ls: "/home/fred/NEW_DIR" not found
sftp> rmdir NEW_DIR              # ( It DOES remove this directory)
sftp> ls /tmp
Can't ls: "/tmp" not found
sftp> mkdir /tmp/NEW            # ( It DOES create this directory)
sftp> ls /tmp/NEW
Can't ls: "/tmp/NEW" not found
sftp> rmdir /tmp/NEW              # (It DOES remove this directory)
sftp> pwd
Remote working directory: /home/fred

Enabled debug, shows no errors. SFTP connections are established without error.

sshd_config:     Subsystem       sftp    internal-sftp

We're out of ideas,  there's no errors being returned at the OS level, just the errors in the FTP client.

Have tried multiple SFTP clients,  they all get same error.

SSH sessions ,  SCP  sessions,  still both work fine.

Anyone ever seen anything like this !?!??!

Hey not a bad idea...   It makes sense.   Directories are /tmp and /home,   but have tried all other mount points, even 
cd /

mkdir /TEST

chmod 777 /TEST

However, might try /home and review the permissions,  once the users are off of course :)

This is now a loooooong shot, but is it a mounted filesystem which U R trying to cd to?

If yes, then one option is that even though the FS permissions look OK, there might be underlying mount point directory permissions which prevent the cd (have seen that behaviour couple of times)

If that is a filesystem, try unmount on it and checking the mounpoint directory permissions after amount..

Br,

tommi

Yup,   went and checked the sshd_config, even reverted to older settings,   but nothing in there that stands out.

Even tried flipping between  sftp-server and internal-sftp,   they both get the same error.

What's really odd is you CAN  create and remove directories .

mkdir NEWDIR   works  (Dir created in /home/user/NEWDIR

cd NEWDIR  -  Error - Permission denied

rmdir NEWDIR  - Works

So bizarre !

Damn ;)

Another call would be checking your /etc/ssh/sshd_config, if there are some denials etc which would prevent using sftp somehow (for certain users / groups etc) ...

Br,

tommi

Yep good call,

We read that somewhere too,  checked and we're 644 so all good.

Although almost worth playing with this and seeing if changing it does nay good.

Cheers.

Hi,

Not sure if this is the case here, but noticed once something similar when your /etc/ssh/sshd_config did not have read permission for group +others... (eg CIS recommendation for /etc/ssh/sshd_config permissions is 600, but when U set that >> ssh works, but sftp not...after switching to 644 >> also sftp started working) 

Br,

tommi

Even tried switching to sftp-server,

But same result -  Permission Denied everywhere,  no warnings or errors in logs. 

Ran on a new port, even in -ddd debug mode...

Nothing exciting popped up, except the session authentification info...

Only remote warnings were:

Thanks Russell,

Did check  syslog,  but nothing popped up..    Have enabled:

*.debug

*.warn

*.crit

*auth.notice

Only one we havn'et done is daemon.notice 

It logs the SFTP user getting authentication, but not much  else - no obvious errors.

We are SFTP'ing to an AIX (OS 6.1)   server,   it was all running fine, now for some reason all users CAN still login, but can't list or change to any directory at all.

What is more strange is that users CAN still create and remove directories,   just not see them.

Eg:

Connected to aix001
sftp> pwd
Remote working directory: /home/fred
sftp> ls
remote readdir("/home/fred"): Permission denied
sftp> cd /tmp
stat remote: Permission denied
sftp> ls /tmp
Can't ls: "/tmp" not found
sftp> mkdir NEW_DIR               ( It DOES create this directory)
sftp> ls NEW_DIR
Can't ls: "/home/fred/NEW_DIR" not found
sftp> rmdir NEW_DIR              # ( It DOES remove this directory)
sftp> ls /tmp
Can't ls: "/tmp" not found
sftp> mkdir /tmp/NEW            # ( It DOES create this directory)
sftp> ls /tmp/NEW
Can't ls: "/tmp/NEW" not found
sftp> rmdir /tmp/NEW              # (It DOES remove this directory)
sftp> pwd
Remote working directory: /home/fred

Enabled debug, shows no errors. SFTP connections are established without error.

sshd_config:     Subsystem       sftp    internal-sftp

We're out of ideas,  there's no errors being returned at the OS level, just the errors in the FTP client.

Have tried multiple SFTP clients,  they all get same error.

SSH sessions ,  SCP  sessions,  still both work fine.

Anyone ever seen anything like this !?!??!

+ U could try to debug the error messages;

#Create debug log file :

touch  /var/log/messages
# add following line to  /etc/syslog.conf 
*.debug /var/log/messages

#restart syslogd 
stopsrc -s syslogd; startsrc -s syslogd

Then retry your sftp, should give some more info in log file

After trial, revert the config changes 

Hey not a bad idea...   It makes sense.   Directories are /tmp and /home,   but have tried all other mount points, even 
cd /

mkdir /TEST

chmod 777 /TEST

However, might try /home and review the permissions,  once the users are off of course :)

This is now a loooooong shot, but is it a mounted filesystem which U R trying to cd to?

If yes, then one option is that even though the FS permissions look OK, there might be underlying mount point directory permissions which prevent the cd (have seen that behaviour couple of times)

If that is a filesystem, try unmount on it and checking the mounpoint directory permissions after amount..

Br,

tommi

Yup,   went and checked the sshd_config, even reverted to older settings,   but nothing in there that stands out.

Even tried flipping between  sftp-server and internal-sftp,   they both get the same error.

What's really odd is you CAN  create and remove directories .

mkdir NEWDIR   works  (Dir created in /home/user/NEWDIR

cd NEWDIR  -  Error - Permission denied

rmdir NEWDIR  - Works

So bizarre !

Damn ;)

Another call would be checking your /etc/ssh/sshd_config, if there are some denials etc which would prevent using sftp somehow (for certain users / groups etc) ...

Br,

tommi

Yep good call,

We read that somewhere too,  checked and we're 644 so all good.

Although almost worth playing with this and seeing if changing it does nay good.

Cheers.

Hi,

Not sure if this is the case here, but noticed once something similar when your /etc/ssh/sshd_config did not have read permission for group +others... (eg CIS recommendation for /etc/ssh/sshd_config permissions is 600, but when U set that >> ssh works, but sftp not...after switching to 644 >> also sftp started working) 

Br,

tommi

Even tried switching to sftp-server,

But same result -  Permission Denied everywhere,  no warnings or errors in logs. 

Ran on a new port, even in -ddd debug mode...

Nothing exciting popped up, except the session authentification info...

Only remote warnings were:

Thanks Russell,

Did check  syslog,  but nothing popped up..    Have enabled:

*.debug

*.warn

*.crit

*auth.notice

Only one we havn'et done is daemon.notice 

It logs the SFTP user getting authentication, but not much  else - no obvious errors.

We are SFTP'ing to an AIX (OS 6.1)   server,   it was all running fine, now for some reason all users CAN still login, but can't list or change to any directory at all.

What is more strange is that users CAN still create and remove directories,   just not see them.

Eg:

Connected to aix001
sftp> pwd
Remote working directory: /home/fred
sftp> ls
remote readdir("/home/fred"): Permission denied
sftp> cd /tmp
stat remote: Permission denied
sftp> ls /tmp
Can't ls: "/tmp" not found
sftp> mkdir NEW_DIR               ( It DOES create this directory)
sftp> ls NEW_DIR
Can't ls: "/home/fred/NEW_DIR" not found
sftp> rmdir NEW_DIR              # ( It DOES remove this directory)
sftp> ls /tmp
Can't ls: "/tmp" not found
sftp> mkdir /tmp/NEW            # ( It DOES create this directory)
sftp> ls /tmp/NEW
Can't ls: "/tmp/NEW" not found
sftp> rmdir /tmp/NEW              # (It DOES remove this directory)
sftp> pwd
Remote working directory: /home/fred

Enabled debug, shows no errors. SFTP connections are established without error.

sshd_config:     Subsystem       sftp    internal-sftp

We're out of ideas,  there's no errors being returned at the OS level, just the errors in the FTP client.

Have tried multiple SFTP clients,  they all get same error.

SSH sessions ,  SCP  sessions,  still both work fine.

Anyone ever seen anything like this !?!??!

Hey not a bad idea...   It makes sense.   Directories are /tmp and /home,   but have tried all other mount points, even 
cd /

mkdir /TEST

chmod 777 /TEST

However, might try /home and review the permissions,  once the users are off of course :)

This is now a loooooong shot, but is it a mounted filesystem which U R trying to cd to?

If yes, then one option is that even though the FS permissions look OK, there might be underlying mount point directory permissions which prevent the cd (have seen that behaviour couple of times)

If that is a filesystem, try unmount on it and checking the mounpoint directory permissions after amount..

Br,

tommi

Yup,   went and checked the sshd_config, even reverted to older settings,   but nothing in there that stands out.

Even tried flipping between  sftp-server and internal-sftp,   they both get the same error.

What's really odd is you CAN  create and remove directories .

mkdir NEWDIR   works  (Dir created in /home/user/NEWDIR

cd NEWDIR  -  Error - Permission denied

rmdir NEWDIR  - Works

So bizarre !

Damn ;)

Another call would be checking your /etc/ssh/sshd_config, if there are some denials etc which would prevent using sftp somehow (for certain users / groups etc) ...

Br,

tommi

Yep good call,

We read that somewhere too,  checked and we're 644 so all good.

Although almost worth playing with this and seeing if changing it does nay good.

Cheers.

Hi,

Not sure if this is the case here, but noticed once something similar when your /etc/ssh/sshd_config did not have read permission for group +others... (eg CIS recommendation for /etc/ssh/sshd_config permissions is 600, but when U set that >> ssh works, but sftp not...after switching to 644 >> also sftp started working) 

Br,

tommi

Even tried switching to sftp-server,

But same result -  Permission Denied everywhere,  no warnings or errors in logs. 

Ran on a new port, even in -ddd debug mode...

Nothing exciting popped up, except the session authentification info...

Only remote warnings were: