How To
Summary
A regular user can ssh into AIX but a sftp request fails for the same user.
Objective
How to resolve the problem where incoming sftp requests to AIX by regular users fail with connection closed after entering the user's password.
Environment
AIX version 6.1, 7.1 and 7.2 running IBM OpenSSH
Steps
OpenSSH on AIX is configured to use sftp-server by default and it requires the permission to be 644 on sshd_config.
The default permission on /etc/ssh/sshd_config is 644 and owned by root system.
Check the permission on sshd_config.
# ls -l /etc/ssh/sshd_config
If the permission on the sshd_config file is not 644 change it to 644. (rw-r--r--).
# chmod 644 /etc/ssh/sshd_config
If your environment requires that permission on sshd_config to be 640 due to security concerns you can use internal-sftp instead of sftp-server. They are virtually the same functionally. SFTP will work with permission 640 on sshd_config if configured to use internal-sftp.
To use internal-sftp change the sftp-server line in sshd_config to the following:
Subsystem sftp internal-sftp
Stop and restart sshd afterwards.
# stopsrc -s sshd
# startsrc -s sshd
Additional Information
SUPPORT:
If additional assistance is required after completing all of the instructions provided in this document, please follow the step-by-step instructions below to contact IBM to open a case for software under warranty or with an active and valid support contract. The technical support specialist assigned to your case will confirm that you have completed these steps.
a. Document and/or take screen shots of all symptoms, errors, and/or messages that might have occurred
b. Capture any logs or data relevant to the situation.
c. Contact IBM to open a case:
-For electronic support, please visit the IBM Support Community:
https://www.ibm.com/mysupport
-If you require telephone support, please visit the web page:
https://www.ibm.com/planetwide/
d. Provide a good description of your issue and reference this technote
e. Upload all of the details and data to your case
-You can attach files to your case in the IBM Support Community
-Or Upload data to IBM testcase server analysis:
http://www.ibm.com/support/docview.wss?uid=ibm10733581
f. Click here to submit feedback for this document.
Related Information
Was this topic helpful?
Document Information
Modified date:
21 November 2019
UID
ibm11107537