LINUX.ORG.RU
ФорумAdmin

SFTP перестал работать через внешний IP

 , ,


1

2

Привет! Конфа работала около года без проблем, но на днях что-то пошло не так...

Машина во внутренней сети ubuntu с ip 10.123.126.17, настроен sshd с авторизацией по ключам. С белого IP на шлюзе pfSense открыт порт 9922 и проброшен на 22 порт 10.123.126.17. При подключении к белому IP pfSense с портом 9922, и putty и WinSCP(SFTP), без проблем устанавливали соединение.

Теперь же с putty(ssh) проблем нет, а вот WinSCP(SFTP) не может прочитать ни один файл, либо каталог, кроме /home. Но файлы в /home так же не видны. И если в настройках WinSCP 'Каталог на сервере' указан любой каталог отличный от /home, то соединение повисает на 'чтение директории'.

При этом в выводе sudo netstat -ntpua | grep 22 видно что соединение ESTABLISHED

Если же подключатся по внутреннему IP - 10.123.126.17, то никаких проблем нет, все работает штатно.

Лог WinSCP при подключении по внешнему IP:

. 2023-10-31 14:44:20.352 --------------------------------------------------------------------------
. 2023-10-31 14:44:20.352 WinSCP Версия 6.1.2 (Сборка 13797 2023-09-19) (OS 10.0.19045 – Windows 10 Enterprise)
. 2023-10-31 14:44:20.352 Configuration: HKCU\Software\Martin Prikryl\WinSCP 2\
. 2023-10-31 14:44:20.352 Log level: Debug 1
. 2023-10-31 14:44:20.352 Local account: 
. 2023-10-31 14:44:20.352 Working directory: C:\Program Files (x86)\WinSCP
. 2023-10-31 14:44:20.352 Process ID: 6532
. 2023-10-31 14:44:20.368 Ancestor processes: explorer, ...
. 2023-10-31 14:44:20.368 Command-line: "C:\Program Files (x86)\WinSCP\WinSCP.exe" 
. 2023-10-31 14:44:20.368 Time zone: Current: GMT+3 (RTZ 2 (зима)), No DST
. 2023-10-31 14:44:20.368 Login time: 31 Октябрь 2023 г. 14:44:20
. 2023-10-31 14:44:20.368 --------------------------------------------------------------------------
. 2023-10-31 14:44:20.368 Session name: smev@94.77.XX.XX (Modified site)
. 2023-10-31 14:44:20.368 Host name: 94.77.XX.XX (IPv4, Port: 9922)
. 2023-10-31 14:44:20.368 User name: smev (Password: No, Key file: Yes, Passphrase: No)
. 2023-10-31 14:44:20.368 Tunnel: No
. 2023-10-31 14:44:20.368 Transfer Protocol: SFTP
. 2023-10-31 14:44:20.368 Ping type: Off, Ping interval: 10 sec; Timeout: 15 sec
. 2023-10-31 14:44:20.368 Disable Nagle: No
. 2023-10-31 14:44:20.368 Proxy: None
. 2023-10-31 14:44:20.368 Send buffer: 262144
. 2023-10-31 14:44:20.368 Compression: No
. 2023-10-31 14:44:20.368 Bypass authentication: No
. 2023-10-31 14:44:20.368 Try agent: Yes; Agent forwarding: No; KI: Yes; GSSAPI: Yes
. 2023-10-31 14:44:20.368 GSSAPI: KEX: No; Forwarding: No; Libs: gssapi32,sspi,custom; Custom: 
. 2023-10-31 14:44:20.368 Ciphers: aes,chacha20,aesgcm,3des,WARN,des,blowfish,arcfour; Ssh2DES: No
. 2023-10-31 14:44:20.368 KEX: ntru-curve25519,ecdh,dh-gex-sha1,dh-group18-sha512,dh-group17-sha512,dh-group16-sha512,dh-group15-sha512,dh-group14-sha1,rsa,WARN,dh-group1-sha1
. 2023-10-31 14:44:20.368 SSH Bugs: Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto
. 2023-10-31 14:44:20.368 Simple channel: Yes
. 2023-10-31 14:44:20.368 Return code variable: Autodetect; Lookup user groups: Auto
. 2023-10-31 14:44:20.368 Shell: default
. 2023-10-31 14:44:20.368 EOL: LF, UTF: Auto
. 2023-10-31 14:44:20.368 Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes; Follow directory symlinks: No
. 2023-10-31 14:44:20.368 LS: ls -la, Ign LS warn: Yes, Scp1 Comp: No; Exit code 1 is error: No
. 2023-10-31 14:44:20.368 SFTP Bugs: Auto,Auto
. 2023-10-31 14:44:20.368 SFTP Server: default
. 2023-10-31 14:44:20.368 Local directory: C:\Users\User\Documents, Remote directory: /home, Update: Yes, Cache: Yes
. 2023-10-31 14:44:20.368 Cache directory changes: Yes, Permanent: Yes
. 2023-10-31 14:44:20.368 Recycle bin: Delete to: No, Overwritten to: No, Bin path: 
. 2023-10-31 14:44:20.368 DST mode: Unix
. 2023-10-31 14:44:20.368 --------------------------------------------------------------------------
. 2023-10-31 14:44:20.415 Looking up host "94.77.XX.XX" (IPv4) for SSH connection
. 2023-10-31 14:44:20.415 Connecting to 94.77.XX.XX port 9922
. 2023-10-31 14:44:20.462 Connected to 94.77.XX.XX
. 2023-10-31 14:44:20.493 Waiting for the server to continue with the initialization
. 2023-10-31 14:44:20.493 We claim version: SSH-2.0-WinSCP_release_6.1.2
. 2023-10-31 14:44:20.493 Detected network event
. 2023-10-31 14:44:20.493 Connected to 94.77.XX.XX
. 2023-10-31 14:44:20.509 Detected network event
. 2023-10-31 14:44:20.509 Waiting for the server to continue with the initialization
. 2023-10-31 14:44:20.509 Remote version: SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.3
. 2023-10-31 14:44:20.509 Using SSH protocol version 2
. 2023-10-31 14:44:20.509 Have a known host key of type ssh-ed25519
. 2023-10-31 14:44:20.561 Detected network event
. 2023-10-31 14:44:20.561 Waiting for the server to continue with the initialization
. 2023-10-31 14:44:20.561 Doing NTRU Prime / Curve25519 hybrid key exchange, using hash SHA-512 (unaccelerated)
. 2023-10-31 14:44:20.790 Detected network event
. 2023-10-31 14:44:20.790 Waiting for the server to continue with the initialization
. 2023-10-31 14:44:20.899 Server also has ecdsa-sha2-nistp256/rsa-sha2-512/rsa-sha2-256 host keys, but we don't know any of them
. 2023-10-31 14:44:20.915 Host key fingerprint is:
. 2023-10-31 14:44:20.915 ssh-ed25519 255 SHA256:LIqUp6UYpuAe4S9KQubL+v2AKo6CCaiWaQs+9ubeer8
. 2023-10-31 14:44:20.915 Verifying host key ssh-ed25519 0x48f2bf1c4d7ef705 dcfa672f08e5f2a7 836c99b1fb04f7e0 917a23f8f22da555 ,0x12b286a51eba4507 6c580a6a2ec2baf8 025d4c307d923b48 b91d59fd27cc0945  with fingerprints ssh-ed25519 255 SHA256:LIqUp6UYpuAe4S9KQubL+v2AKo6CCaiWaQs+9ubeer8, ssh-ed25519 255 1f:38:0d:1f:ea:6c:80:3b:fd:44:d6:84:d5:c5:0f:38
. 2023-10-31 14:44:20.930 Host key matches cached key
. 2023-10-31 14:44:20.930 Initialised AES-256 SDCTR (unaccelerated) [aes256-ctr] outbound encryption
. 2023-10-31 14:44:20.930 Initialised HMAC-SHA-256 outbound MAC algorithm
. 2023-10-31 14:44:20.930 Initialised AES-256 SDCTR (unaccelerated) [aes256-ctr] inbound encryption
. 2023-10-31 14:44:20.930 Initialised HMAC-SHA-256 inbound MAC algorithm
. 2023-10-31 14:44:20.965 Detected network event
. 2023-10-31 14:44:20.965 Waiting for the server to continue with the initialization
. 2023-10-31 14:44:20.965 Reading key file "C:\Users\User\Documents\key_rsa_xx.ppk"
! 2023-10-31 14:44:20.980 Using username "smev".
. 2023-10-31 14:44:21.087 Detected network event
. 2023-10-31 14:44:21.087 Waiting for the server to continue with the initialization
. 2023-10-31 14:44:21.087 Server offered these authentication methods: publickey,gssapi-with-mic
. 2023-10-31 14:44:21.087 Offered public key
. 2023-10-31 14:44:21.134 Detected network event
. 2023-10-31 14:44:21.134 Waiting for the server to continue with the initialization
. 2023-10-31 14:44:21.134 Offer of public key accepted
! 2023-10-31 14:44:21.134 Authenticating with public key "rsa-key-xx"
. 2023-10-31 14:44:21.306 Sent public key signature
. 2023-10-31 14:44:21.352 Detected network event
. 2023-10-31 14:44:21.352 Waiting for the server to continue with the initialization
. 2023-10-31 14:44:21.352 Access granted
. 2023-10-31 14:44:21.365 Opening main session channel
. 2023-10-31 14:44:21.966 Detected network event
. 2023-10-31 14:44:21.966 Waiting for the server to continue with the initialization
. 2023-10-31 14:44:21.966 Remote debug message: /home/smev/.ssh/authorized_keys:2: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
. 2023-10-31 14:44:21.966 Remote debug message: /home/smev/.ssh/authorized_keys:2: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
. 2023-10-31 14:44:21.966 Opened main channel
. 2023-10-31 14:44:22.009 Detected network event
. 2023-10-31 14:44:22.009 Waiting for the server to continue with the initialization
. 2023-10-31 14:44:22.009 Started a shell/command
. 2023-10-31 14:44:22.056 --------------------------------------------------------------------------
. 2023-10-31 14:44:22.056 Using SFTP protocol.
. 2023-10-31 14:44:22.056 Doing startup conversation with host.
. 2023-10-31 14:44:22.056 Session upkeep
> 2023-10-31 14:44:22.087 Type: SSH_FXP_INIT, Size: 5, Number: -1
. 2023-10-31 14:44:22.087 Sent 9 bytes
. 2023-10-31 14:44:22.087 There are 0 bytes remaining in the send buffer
. 2023-10-31 14:44:22.087 Waiting for another 4 bytes
. 2023-10-31 14:44:23.243 Detected network event
. 2023-10-31 14:44:23.243 Waiting for another 4 bytes
. 2023-10-31 14:44:23.243 Received 242 bytes
. 2023-10-31 14:44:23.243 Read 4 bytes (238 pending)
. 2023-10-31 14:44:23.243 Read 238 bytes (0 pending)
< 2023-10-31 14:44:23.243 Type: SSH_FXP_VERSION, Size: 238, Number: -1
. 2023-10-31 14:44:23.243 SFTP version 3 negotiated.
. 2023-10-31 14:44:23.243 Unknown server extension posix-rename@openssh.com="1"
. 2023-10-31 14:44:23.243 Supports statvfs@openssh.com extension version 2
. 2023-10-31 14:44:23.243 Unknown server extension fstatvfs@openssh.com="2"
. 2023-10-31 14:44:23.243 Supports hardlink@openssh.com extension version 1
. 2023-10-31 14:44:23.243 Unknown server extension fsync@openssh.com="1"
. 2023-10-31 14:44:23.243 Unknown server extension lsetstat@openssh.com="1"
. 2023-10-31 14:44:23.243 Supports limits@openssh.com extension version 1
. 2023-10-31 14:44:23.243 Unknown server extension expand-path@openssh.com="1"
. 2023-10-31 14:44:23.243 We believe the server has signed timestamps bug
. 2023-10-31 14:44:23.243 We will use UTF-8 strings until server sends an invalid UTF-8 string as with SFTP version 3 and older UTF-8 strings are not mandatory
. 2023-10-31 14:44:23.243 Limiting packet size to OpenSSH sftp-server limit of 262148 bytes
. 2023-10-31 14:44:23.243 Changing directory to "/home".
. 2023-10-31 14:44:23.243 Getting real path for '/home'
> 2023-10-31 14:44:23.243 Type: SSH_FXP_REALPATH, Size: 14, Number: 16
. 2023-10-31 14:44:23.243 Sent 18 bytes
. 2023-10-31 14:44:23.243 There are 0 bytes remaining in the send buffer
. 2023-10-31 14:44:23.243 Waiting for another 4 bytes
. 2023-10-31 14:44:23.290 Detected network event
. 2023-10-31 14:44:23.290 Waiting for another 4 bytes
. 2023-10-31 14:44:23.290 Received 35 bytes
. 2023-10-31 14:44:23.290 Read 4 bytes (31 pending)
. 2023-10-31 14:44:23.290 Read 31 bytes (0 pending)
< 2023-10-31 14:44:23.290 Type: SSH_FXP_NAME, Size: 31, Number: 16
. 2023-10-31 14:44:23.290 Real path is '/home'
. 2023-10-31 14:44:23.290 Trying to open directory "/home".
> 2023-10-31 14:44:23.290 Type: SSH_FXP_LSTAT, Size: 14, Number: 263
. 2023-10-31 14:44:23.290 Sent 18 bytes
. 2023-10-31 14:44:23.290 There are 0 bytes remaining in the send buffer
. 2023-10-31 14:44:23.290 Waiting for another 4 bytes
. 2023-10-31 14:44:23.337 Detected network event
. 2023-10-31 14:44:23.337 Waiting for another 4 bytes
. 2023-10-31 14:44:23.337 Received 41 bytes
. 2023-10-31 14:44:23.337 Read 4 bytes (37 pending)
. 2023-10-31 14:44:23.337 Read 37 bytes (0 pending)
< 2023-10-31 14:44:23.337 Type: SSH_FXP_ATTRS, Size: 37, Number: 263
. 2023-10-31 14:44:23.337 Getting current directory name.
. 2023-10-31 14:44:23.337 Session upkeep
. 2023-10-31 14:44:23.399 Listing directory "/home".
> 2023-10-31 14:44:23.399 Type: SSH_FXP_OPENDIR, Size: 14, Number: 523
. 2023-10-31 14:44:23.399 Sent 18 bytes
. 2023-10-31 14:44:23.399 There are 0 bytes remaining in the send buffer
. 2023-10-31 14:44:23.399 Waiting for another 4 bytes
. 2023-10-31 14:44:23.446 Detected network event
. 2023-10-31 14:44:23.446 Waiting for another 4 bytes
. 2023-10-31 14:44:23.446 Received 17 bytes
. 2023-10-31 14:44:23.446 Read 4 bytes (13 pending)
. 2023-10-31 14:44:23.446 Read 13 bytes (0 pending)
< 2023-10-31 14:44:23.446 Type: SSH_FXP_HANDLE, Size: 13, Number: 523
> 2023-10-31 14:44:23.446 Type: SSH_FXP_READDIR, Size: 13, Number: 780
. 2023-10-31 14:44:23.446 Sent 17 bytes
. 2023-10-31 14:44:23.446 There are 0 bytes remaining in the send buffer
. 2023-10-31 14:44:23.446 Waiting for another 4 bytes
. 2023-10-31 14:44:23.484 Detected network event
. 2023-10-31 14:44:23.484 Waiting for another 4 bytes
. 2023-10-31 14:44:23.484 Received 315 bytes
. 2023-10-31 14:44:23.484 Read 4 bytes (311 pending)
. 2023-10-31 14:44:23.484 Read 311 bytes (0 pending)
< 2023-10-31 14:44:23.484 Type: SSH_FXP_NAME, Size: 311, Number: 780
> 2023-10-31 14:44:23.484 Type: SSH_FXP_READDIR, Size: 13, Number: 1036
. 2023-10-31 14:44:23.484 Sent 17 bytes
. 2023-10-31 14:44:23.484 There are 0 bytes remaining in the send buffer
. 2023-10-31 14:44:23.484 Read file '..' from listing
. 2023-10-31 14:44:23.484 Read file '.' from listing
. 2023-10-31 14:44:23.484 Read file 'smev' from listing
. 2023-10-31 14:44:23.484 Waiting for another 4 bytes
. 2023-10-31 14:44:23.524 Detected network event
. 2023-10-31 14:44:23.524 Waiting for another 4 bytes
. 2023-10-31 14:44:23.524 Received 32 bytes
. 2023-10-31 14:44:23.524 Read 4 bytes (28 pending)
. 2023-10-31 14:44:23.524 Read 28 bytes (0 pending)
< 2023-10-31 14:44:23.524 Type: SSH_FXP_STATUS, Size: 28, Number: 1036
< 2023-10-31 14:44:23.524 Status code: 1
> 2023-10-31 14:44:23.524 Type: SSH_FXP_CLOSE, Size: 13, Number: 1284
. 2023-10-31 14:44:23.524 Sent 17 bytes
. 2023-10-31 14:44:23.524 There are 0 bytes remaining in the send buffer
. 2023-10-31 14:44:23.524 ..;d;0;2023-03-01T08:22:08.000Z;4;"root" [0];"root" [0];rwxr-xr-x;0
. 2023-10-31 14:44:23.524 smev;d;0;2023-10-13T13:09:00.000Z;4;"smev" [1000];"smev" [1000];rwxr-xr-x;0
. 2023-10-31 14:44:23.602 Startup conversation with host finished.
. 2023-10-31 14:44:24.133 Session upkeep
. 2023-10-31 14:44:24.633 Session upkeep
. 2023-10-31 14:44:25.134 Session upkeep
. 2023-10-31 14:44:25.337 Cached directory change via "smev" to "/home/smev".
. 2023-10-31 14:44:25.337 Getting current directory name.
. 2023-10-31 14:44:25.337 Listing directory "/home/smev".
> 2023-10-31 14:44:25.337 Type: SSH_FXP_OPENDIR, Size: 19, Number: 1547
. 2023-10-31 14:44:25.337 Sent 23 bytes
. 2023-10-31 14:44:25.337 There are 0 bytes remaining in the send buffer
. 2023-10-31 14:44:25.337 Detected network event
. 2023-10-31 14:44:25.337 Waiting for another 4 bytes
. 2023-10-31 14:44:25.337 Received 28 bytes
. 2023-10-31 14:44:25.337 Read 4 bytes (24 pending)
. 2023-10-31 14:44:25.337 Read 24 bytes (0 pending)
< 2023-10-31 14:44:25.337 Type: SSH_FXP_STATUS, Size: 24, Number: 1284
. 2023-10-31 14:44:25.337 Discarding reserved response
. 2023-10-31 14:44:25.337 Waiting for another 4 bytes
. 2023-10-31 14:44:25.384 Detected network event
. 2023-10-31 14:44:25.384 Waiting for another 4 bytes
. 2023-10-31 14:44:25.384 Received 17 bytes
. 2023-10-31 14:44:25.384 Read 4 bytes (13 pending)
. 2023-10-31 14:44:25.384 Read 13 bytes (0 pending)
< 2023-10-31 14:44:25.384 Type: SSH_FXP_HANDLE, Size: 13, Number: 1547
> 2023-10-31 14:44:25.384 Type: SSH_FXP_READDIR, Size: 13, Number: 1804
. 2023-10-31 14:44:25.384 Sent 17 bytes
. 2023-10-31 14:44:25.384 There are 0 bytes remaining in the send buffer
. 2023-10-31 14:44:25.384 Waiting for another 4 bytes
. 2023-10-31 14:44:41.350 Waiting for data timed out, asking user what to do.
. 2023-10-31 14:44:41.350 Asking user:
. 2023-10-31 14:44:41.350 **Не удаётся связаться с хостом в течение 15 секунд(ы).
. 2023-10-31 14:44:41.350 
. 2023-10-31 14:44:41.350 Ждать ещё 15 секунд?** ()
. 2023-10-31 14:44:43.133 Answer: Abort
. 2023-10-31 14:44:43.133 Attempt to close connection due to fatal exception:
* 2023-10-31 14:44:43.133 **Прервано пользователем.**
. 2023-10-31 14:44:43.133 Closing connection.
. 2023-10-31 14:44:43.133 Sending special code: 1
. 2023-10-31 14:44:43.680 Connection was lost, asking what to do.
. 2023-10-31 14:44:43.680 Asking user:
. 2023-10-31 14:44:43.680 **Прервано пользователем.** ()
. 2023-10-31 14:44:45.011 Answer: Abort
* 2023-10-31 14:44:45.024 (ESshFatal) **Прервано пользователем.**
* 2023-10-31 14:44:45.024 Не могу просмотреть каталог '/home/smev'.
* 2023-10-31 14:44:45.024 Не могу сменить каталог на 'smev'.

Куда копать?

Возможно у тебя проблемы с mtu. Где-то на пути появился vpn или любой другой туннель, в котором mtu меньше, а сетевое оборудование настроено криво и не вмешивается в согласование mss

Уменьши mtu на одном из своих хостов для проверки

router ★★★★★
()
Ответ на: комментарий от firkax

Сделал tcpdump на ubuntu, в момент когда к ней подключаются через внешний IP. Не пойму как тут выложить длинный лог.

Порт кстати с 9922 пробовал менять на стандартный 22, ничего не изменилось.

postal2201
() автор топика
Ответ на: комментарий от postal2201

Надо не только на убунте но и на клиенте сделать (winpcap.org скачай сниффер аналог tcpdump-а). Потом сравни что всё что отправлено одной строоной - было получено другой, и наоборот. Сюда незачем выкладывать.

firkax ★★★★★
()

В общем к вчерашнему вечеру все опять магическим образом заработало. Без моего участия. Я даже откатился к снэпшоту, который снял до моих попыток исправить проблему. Так же все ок.

Видимо действительно проблема была на стороне провайдера.

postal2201
() автор топика
Ответ на: комментарий от postal2201

Последние несколько дней юг России под атакой роскомнадзора. Режут рандомные протоколы в попытках заблочить телеграм в регионе. Вроде сейчас подуспокоились. @ValdikSS должен быть в курсе.

PPP328 ★★★★★
()