Unable to winscp into the new gateway using SFTP protocol.

Home Forums Conduit: AEP Model Unable to winscp into the new gateway using SFTP protocol.

Tagged: , ,

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • March 18, 2020 at 3:52 pm #30446
    Ajay K
    Participant

    We just received the latest AEP Conduit gateways recently and has the 5.12 version installed. I get the error mentioned below when trying to connect to this gateway using WinSCP and over SFTP protocol. I don’t get the error with the older AEP Conduit gateway. Is there anything I need to do to enable and run the SFTP service or probably does it need to be installed to begin with?

    Cannot initialize SFTP protocol. Is the host running an SFTP server?

    Thanks,
    Ajay.

    March 18, 2020 at 4:28 pm #30447
    Jason Reiss
    Keymaster

    Did this work on previous firmware versions?

    admin@mtcdt:~$ opkg list | grep ftp
    inetutils-ftp – 1.9.4-r0.0
    kernel-module-nf-conntrack-ftp – 4.9.87-r11.1
    kernel-module-nf-nat-ftp – 4.9.87-r11.1
    openssh-sftp-server – 7.5p1-r0.mts5.0

    admin@mtcdt:~$ ps aux | grep ftp
    admin 18527 0.0 0.4 3092 1120 pts/0 S+ 17:22 0:00 grep ftp

    March 18, 2020 at 4:33 pm #30448
    Jason Reiss
    Keymaster

    I tested with an ssh/sftp client on my phone and it works with ssh server enabled.

    March 18, 2020 at 6:28 pm #30449
    Ajay K
    Participant

    Thanks Jason, we have been working up until now on 1.7.4 firmware version and on a older gateway, so on that it had always worked without any issues.

    However since we got the new gateway and here is what I have from the home page on the gateway for the model and version of firmware. I am guessing the sftp is not enabled by default?

    mPowerâ„¢ Edge Intelligence Conduit – Application Enablement Platform
    MTCDT-L4N1-246A Firmware 5.1.2

    Also I got the same o/p as you have mentioned above:

    admin@mtcdt:/var/volatile/orsat$ opkg list | grep ftp
    inetutils-ftp – 1.9.4-r0.0
    kernel-module-nf-conntrack-ftp – 4.9.87-r11.1
    kernel-module-nf-nat-ftp – 4.9.87-r11.1
    openssh-sftp-server – 7.5p1-r0.mts5.0

    admin@mtcdt:/var/volatile/orsat$ ps aux | grep ftp
    admin 29895 0.0 0.4 3092 1124 pts/0 S+ 23:23 0:00 grep ftp

    How do I get the SSH server enabled?

    Thanks,
    Ajay

    March 19, 2020 at 3:06 pm #30461
    Ajay K
    Participant

    any thoughts?

    March 19, 2020 at 3:25 pm #30463
    Jeff Hatch
    Keymaster

    Hello Ajay,

    I think that with the kernel upgrade from 1.7.x that the nf_conntrack_helper module and possible other required modules for doing things like passive FTP and other multi-port back-and-forth protocols like H323 and SIP are disabled.

    To turn on nf_conntrack_helper you can execute the following command:

    sysctl -w net.netfilter.nf_conntrack_acct=1

    This will not persist through reboot. To do that you will have to add an entry to the /etc/sysctl.conf

    This sysctl is now disabled by default due to the protocols it is supporting and the behaviors of those protocols is inherently insecure. Being that you are trying to use SFTP, hopefully the conntrack module being enabled will solve your problem and at least secure FTP tries to be much more secure by encrypting inside SSL via SSH.

    Thank You,

    Jeff

    March 19, 2020 at 5:05 pm #30465
    Jason Reiss
    Keymaster

    The ssh configuration is on the Administration > Access Configuration page.
    Options include allowing access over LAN or WAN. Depending on your network configuration WAN may need to be enabled.

    I was able to use WinSCP to mPower 5.1.5 with SSH enabled.

    The built-in UI help has configuration descriptions and a search feature.
    https://192.168.2.1/help/index.htm

  • Author
    Posts
Viewing 7 posts - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.