IBM AIX: Regular users can ssh into AIX but sftp fails

How To

Summary

A regular user can ssh into AIX but a sftp request fails for the same user.

Objective

How to resolve the problem where incoming sftp requests to AIX by regular users fail with connection closed after entering the user's password.

Environment

AIX version 6.1, 7.1 and 7.2 running IBM OpenSSH

Steps

The most common reason for this problem is incorrect permission on the /etc/ssh/sshd_config file.

The /etc/ssh/sshd_config file is configured by default with the following line for sftp service:

Subsystem sftp /usr/sbin/sftp-server

OpenSSH on AIX is configured to use sftp-server by default and it requires the permission to be 644 on sshd_config.

The default permission on /etc/ssh/sshd_config is 644 and owned by root system.
Check the permission on sshd_config.
# ls -l /etc/ssh/sshd_config

If the permission on the sshd_config file is not 644 change it to 644. (rw-r--r--).
# chmod 644 /etc/ssh/sshd_config

If your environment requires that permission on sshd_config to be 640 due to security concerns you can use internal-sftp instead of sftp-server. They are virtually the same functionally. SFTP will work with permission 640 on sshd_config if configured to use internal-sftp.

To use internal-sftp change the sftp-server line in sshd_config to the following:
Subsystem sftp internal-sftp

Stop and restart sshd afterwards.
# stopsrc -s sshd
# startsrc -s sshd

Additional Information

SUPPORT:

If additional assistance is required after completing all of the instructions provided in this document, please follow the step-by-step instructions below to contact IBM to open a case for software under warranty or with an active and valid support contract. The technical support specialist assigned to your case will confirm that you have completed these steps.

a. Document and/or take screen shots of all symptoms, errors, and/or messages that might have occurred

b. Capture any logs or data relevant to the situation.

c. Contact IBM to open a case:

   -For electronic support, please visit the IBM Support Community:
     https://www.ibm.com/mysupport
   -If you require telephone support, please visit the web page:
      https://www.ibm.com/planetwide/

d. Provide a good description of your issue and reference this technote

e. Upload all of the details and data to your case

-You can attach files to your case in the IBM Support Community
-Or Upload data to IBM testcase server analysis:

http://www.ibm.com/support/docview.wss?uid=ibm10733581

f. Click here to submit feedback for this document.

Related Information

IBM Support Community

Learn more about "Getting IBM Support" here

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG10","label":"AIX"},"Component":"","Platform":[{"code":"PF002","label":"AIX"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]

Tips

IBM AIX: Regular users can ssh into AIX but sftp fails

How To

Summary

Objective

Environment

Steps

Additional Information

Related Information

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?