2

Here is my sshd_config

# Package generated configuration file
# See the sshd_config(5) manpage for details

# What ports, IPs and protocols we listen for
Port 4422
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 1024

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
Ciphers aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,arcfour
#KexAlgorithms diffie-hellman-group1-sha1
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521

I do have root access and here is the result of 

$ iptables -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

How to fix it ?

muru
  • 197,895
  • 55
  • 485
  • 740
FightForJustice
  • 123
  • Are you sure that you using port 4422 when you trying to connect to the server via sftp? – pa4080 Jul 13 '17 at 07:50
  • @pa4080 port 4422 is used for ssh connection and there is no configuration written for sftp connection ,do I need to write some rules ? previously I can establish sftp connection but now I can't , though I haven't change any configuration . – FightForJustice Jul 13 '17 at 08:01
  • No, you you do not need to write additional rules. My thought was that when you using sftp you should mention the custom port into the client's command, for example: scp -P 4422 ... or sshfs -p4422 ... – pa4080 Jul 13 '17 at 08:18
  • sftp user@1.2.3.4 ssh: connect to host 1.2.3.4 port 22: Connection refused Couldn't read packet: Connection reset by peer – FightForJustice Jul 13 '17 at 08:36
  • Exactly what I mean. You should use: sftp -P 4422 user@1.2.3.4. – pa4080 Jul 13 '17 at 08:54
  • ssh: connect to host 4422 port 22: Invalid argument

    Couldn't read packet: Connection reset by peer

     – FightForJustice Jul 13 '17 at 08:57
  • The problem is somewhere into your sftp command, probably missing -P argument. Here you are an example screen shot. – pa4080 Jul 13 '17 at 09:21

1 Answers1

1

Because into your configuration has a custom ssh port - 4422, you must provide it within the sftp command, for example:

sftp -P 4422 user@1.2.3.4
pa4080
  • 29,831