CKB:SFTP Configuration Error: Unterschied zwischen den Versionen
(CSS-16003: Adding documentation for the SFTP wrong config issue) |
(CSS-16003:SFTP wrong config issue - solution) |
||
| Zeile 6: | Zeile 6: | ||
==Problem== | ==Problem== | ||
If the remote host is a VM with OS version openSUSE Leap 16.0, the SFTP connection test fails. | If the remote host is a VM with OS version openSUSE Leap 16.0, the SFTP connection test fails. | ||
The Cryptshare logs show: | The Cryptshare logs show: | ||
| Zeile 14: | Zeile 13: | ||
at net.schmizz.sshj.sftp.SFTPEngine.init(SFTPEngine.java:103) | at net.schmizz.sshj.sftp.SFTPEngine.init(SFTPEngine.java:103) | ||
|} | |} | ||
The error appears at: Transfer Processing → Archiving → Secure File Transfer Connector Configuration → Test Connection. | The error appears at: Transfer Processing → Archiving → Secure File Transfer Connector Configuration → Test Connection. | ||
| Zeile 20: | Zeile 18: | ||
==Cause== | ==Cause== | ||
The SSH daemon (sshd) is configured to launch the SFTP subsystem via a binary path that no longer exists on openSUSE 16.0. | |||
openSUSE 16.0 relocated the sftp-server binary as part of a filesystem reorganization: | |||
{| class="wikitable" | |||
|'''openSUSE 15.6 (old path)''' | |||
|'''openSUSE 16.0 (new path)''' | |||
|- | |||
|/usr/lib/ssh/sftp-server | |||
|/usr/libexec/ssh/sftp-server | |||
|} | |||
The default sshd_config shipped with openSUSE 16.0 still references the old path. When sshd cannot find the binary, it closes the SFTP channel immediately — before sending any response — causing the EOF error in Cryptshare server. | |||
'''Verification''' | |||
On the remote host, confirm which path sshd is currently using: | |||
{{CodeBox|sshd -T {{!}} grep subsystem}} | |||
Incorrect output (causes the error): | |||
{{CodeBox|subsystem sftp /usr/lib/ssh/sftp-server}} | |||
Correct output (expected after fix): | |||
{{CodeBox|subsystem sftp /usr/libexec/ssh/sftp-server}} | |||
==Solution/Workaround== | ==Solution/Workaround== | ||
Run the following commands on the remote host as root: | |||
{{CodeBox|echo 'Subsystem sftp /usr/libexec/ssh/sftp-server' > /etc/ssh/sshd_config.d/99-sftp-fix.conf | |||
systemctl restart sshd}} | |||
This creates a drop-in configuration file that overrides the incorrect default path without modifying the base sshd_config, making it upgrade-safe. | |||
Once complete, retry the connection test in Cryptshare server: Transfer Processing → Archiving → Secure File Transfer Connector Configuration → Test Connection. | |||
{{WarnBox|content=Do not edit /etc/ssh/sshd_config directly. Drop-in files under /etc/ssh/sshd_config.d/ are the recommended approach on openSUSE 16.0 and are preserved across package updates.|title=Note:}} | |||
Version vom 15. April 2026, 13:37 Uhr
Applies To
Applies to: Cryptshare Ai> Transfer Processing > Archiving > Secure File Transfer Connector
Remote Host OS Version: openSUSE Leap 16.0 (upgraded from 15.6)
Problem
If the remote host is a VM with OS version openSUSE Leap 16.0, the SFTP connection test fails.
The Cryptshare logs show:
| net.schmizz.sshj.sftp.SFTPException: EOF while reading packet
at net.schmizz.sshj.sftp.SFTPEngine.init(SFTPEngine.java:103) |
The error appears at: Transfer Processing → Archiving → Secure File Transfer Connector Configuration → Test Connection.
Cause
The SSH daemon (sshd) is configured to launch the SFTP subsystem via a binary path that no longer exists on openSUSE 16.0.
openSUSE 16.0 relocated the sftp-server binary as part of a filesystem reorganization:
| openSUSE 15.6 (old path) | openSUSE 16.0 (new path) |
| /usr/lib/ssh/sftp-server | /usr/libexec/ssh/sftp-server |
The default sshd_config shipped with openSUSE 16.0 still references the old path. When sshd cannot find the binary, it closes the SFTP channel immediately — before sending any response — causing the EOF error in Cryptshare server.
Verification
On the remote host, confirm which path sshd is currently using:
sshd -T | grep subsystem
Incorrect output (causes the error):
subsystem sftp /usr/lib/ssh/sftp-server
Correct output (expected after fix):
subsystem sftp /usr/libexec/ssh/sftp-server
Solution/Workaround
Run the following commands on the remote host as root:
echo 'Subsystem sftp /usr/libexec/ssh/sftp-server' > /etc/ssh/sshd_config.d/99-sftp-fix.conf systemctl restart sshd
This creates a drop-in configuration file that overrides the incorrect default path without modifying the base sshd_config, making it upgrade-safe.
Once complete, retry the connection test in Cryptshare server: Transfer Processing → Archiving → Secure File Transfer Connector Configuration → Test Connection.