You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by halcyon <sr...@gmail.com> on 2017/09/12 12:57:15 UTC
Re: SFTP error "unable to open file XXX" on Win8 RDP host
I have been running into this issue. In my case it is an incompatibility
between libssh2 and openssh (Win32 ). To get around this I downloaded the
libssh2 code from Github and made the following changes:
around line 1060 in sftp_open in sftp.c
change:
attrs.permissions = mode |
(open_file ? LIBSSH2_SFTP_ATTR_PFILETYPE_FILE :
LIBSSH2_SFTP_ATTR_PFILETYPE_DIR);
to
attrs.permissions = mode;
Run automke tools, run configure, make libssh2, make install libssh2. Then
recompile guacamole server from source against this modified libssh2
library, install guacamole server, restart guacamole client and everything
worked. Issue is current libssh2 performing this OR with
LIBSSH2_SFTP_ATTR_PFILETYPE_FILE makes the permissions something like
0100755 instead of 0755 and the Win32 OpenSSH server can't cope. Turn on
logs in Win32 OpenSSH to see what the sftp server is doing. Add l VERBOSE to
the sftp-server command line args in sshd_config.
You may also need to change Windows permission on the sftp-server.log file
if anyone other than Administrator or SYSTEM\sshd is performing the file
transfer. Ironically, the OpenSSH sftp client works.
--
Sent from: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/
Re: SFTP error "unable to open file XXX" on Win8 RDP host
Posted by halcyon <sr...@gmail.com>.
Here is a simple way to reproduce this issue:
On the Windows machine using Powershell/OpenSSH edit c:\Program
Files\OpenSSH\sshd_config and change:
Subsystem sftp sftp-server.exe
to this:
Subsystem sftp sftp-server.exe -l VERBOSE
If not already created, create C:\Program Files\OpenSSH\logs\sftp-server.log
and grant Users write privileges.
Restart Windows sshd daemon
Open a Powershell on the Windows machine and enter the following:
Get-Content C:\Program Files\OpenSSH\logs\sftp-server.log -wait
On a client, use an SFTP client to copy a file to the Windows machine. If
you use OpenSSH sftp client, the log on the Windows machine will look
something like this:
17456 15:07:28:380 session opened for local user user@computername from
[192.168.5.144]
17456 15:07:28:380 received client version 3
17456 15:07:28:380 realpath "."
17456 15:09:56:241 stat name "/C:/Users/user/Documents/test.txt"
17456 15:09:56:241 sent status No such file
17456 15:09:56:241 open "/C:/Users/user/Documents/test.txt" flags
WRITE,CREATE,TRUNCATE mode 0755
17456 15:09:56:241 close "/C:/Users/user/Documents/test.txt" bytes read 0
written 586
17456 15:11:02:320 session closed for local user user@computername from
[192.168.5.144]
Note the permission 0755 - these are octal values for what is essentially
user RWX, Group RX, Others RX
Now, if you use the libssh2 sftp_write example, source located in:
/usr/share/doc/libssh2-1-dev/examples
On Debian based systems. This source code is very similar to Guacamoles sftp
functionality:
See https://github.com/libssh2/libssh2/blob/master/example/sftp_write.c and
https://github.com/apache/incubator-guacamole-server/blob/master/src/common-ssh/sftp.c
(Look at the libssh2_sft_open methods )
Using this tool to test libssh2 SFTP library using for example:
./sftp_write 192.168.5.206 user password123 /tmp/test.txt
/C:/Users/user/Documents/test.txt
The logs will look like this:
18016 15:22:23:407 session opened for local user user@computername from
[192.168.5.144]
18016 15:22:23:407 received client version 3
18016 15:22:23:407 open "/C:/Users/user/Documents/test.txt" flags
WRITE,CREATE,TRUNCATE mode 0100644
18016 15:22:23:407 sent status Failure
18016 15:22:23:407 session closed for local user user@computername from
[192.168.5.144]
and sftp_write will output this:
Fingerprint: AC 26 92 D0 DC 08 28 34 9A 22 AE 0E A3 DD 9C 7A E8 97 5B 00
libssh2_sftp_init()!
libssh2_sftp_open()!
Unable to open file with SFTP
all done
NOTE: the mode bits are now 0100644, this is due to the Or'ing of the
original permission bits with LIBSSH2_SFTP_ATTR_PFILETYPE_FILE which is
defined in libssh2's sftp.c file as and octal value:
/* S_IFREG */
#define LIBSSH2_SFTP_ATTR_PFILETYPE_FILE 0100000
/* Filetype in SFTP 3 and earlier */
attrs.permissions = mode |
(open_file ? LIBSSH2_SFTP_ATTR_PFILETYPE_FILE :
LIBSSH2_SFTP_ATTR_PFILETYPE_DIR);
When Powershell/OpenSSH get's this extended permission bits, it can't cope.
This is why I have removed the Or'ing of the permission bits from libssh2's
sftp.c to get mode flags OpenSSH can cope with. A work around only, as I
have not rolled out to prod. Waiting for 0.9.14 to migrate app served in
Windows to Linux via NX
--
Sent from: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/
Re: SFTP error "unable to open file XXX" on Win8 RDP host
Posted by vnick <vn...@apache.org>.
Suncatcher16 wrote
> Excellent!
Microsoft (or whomever it is that develops OpenSSH for Windows) has marked
the bug as fixed. Fix should be available in latest build:
https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v0.0.22.0
-Nick
--
Sent from: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/
Re: SFTP error "unable to open file XXX" on Win8 RDP host
Posted by Suncatcher16 <su...@outlook.com>.
Excellent!
--
Sent from: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/
Re: SFTP error "unable to open file XXX" on Win8 RDP host
Posted by vnick <vn...@apache.org>.
vnick wrote
> Have opened an issue on Github for this:
>
> https://github.com/PowerShell/Win32-OpenSSH/issues/883
>
> -Nick
FYI, got a response on the Win32 OpenSSH github Issue:
> We'll fix this for Oct-Mid drop.
-Nick
--
Sent from: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/
Re: SFTP error "unable to open file XXX" on Win8 RDP host
Posted by vnick <vn...@apache.org>.
vnick wrote
> halcyon wrote
>> I have been running into this issue. In my case it is an incompatibility
>> between libssh2 and openssh (Win32 ). To get around this I downloaded the
>> libssh2 code from Github and made the following changes:
>>
>> around line 1060 in sftp_open in sftp.c
>>
>> change:
>>
>> attrs.permissions = mode |
>> (open_file ? LIBSSH2_SFTP_ATTR_PFILETYPE_FILE :
>> LIBSSH2_SFTP_ATTR_PFILETYPE_DIR);
>>
>> to
>> attrs.permissions = mode;
>
> Hmmm...so looks like it's something specific to how Microsoft has
> implemented OpenSSH for Win32, since it works fine against Linux SSH
> servers
> and against at least the SolarWindows SFTP/SCP server. I'm not sure the
> above change is a good long-term fix, but it does help to narrow down the
> issue and may point to what's actually going on here. I'm tempted to open
> up an issue on the Github page for that OpenSSH implementation with this
> information, as I think there's probably something Microsoft is not doing
> quite right in their implementation that is causing this.
Have opened an issue on Github for this:
https://github.com/PowerShell/Win32-OpenSSH/issues/883
-Nick
--
Sent from: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/
Re: SFTP error "unable to open file XXX" on Win8 RDP host
Posted by vnick <vn...@apache.org>.
halcyon wrote
> I have been running into this issue. In my case it is an incompatibility
> between libssh2 and openssh (Win32 ). To get around this I downloaded the
> libssh2 code from Github and made the following changes:
>
> around line 1060 in sftp_open in sftp.c
>
> change:
>
> attrs.permissions = mode |
> (open_file ? LIBSSH2_SFTP_ATTR_PFILETYPE_FILE :
> LIBSSH2_SFTP_ATTR_PFILETYPE_DIR);
>
> to
> attrs.permissions = mode;
Hmmm...so looks like it's something specific to how Microsoft has
implemented OpenSSH for Win32, since it works fine against Linux SSH servers
and against at least the SolarWindows SFTP/SCP server. I'm not sure the
above change is a good long-term fix, but it does help to narrow down the
issue and may point to what's actually going on here. I'm tempted to open
up an issue on the Github page for that OpenSSH implementation with this
information, as I think there's probably something Microsoft is not doing
quite right in their implementation that is causing this.
Thank you for the info, halcyon!
-Nick
--
Sent from: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/
Re: SFTP error "unable to open file XXX" on Win8 RDP host
Posted by vnick <vn...@apache.org>.
Suncatcher16 wrote
> I appreciate your willingness to assist but I am still waiting any comment
> from Devs about this issue.
I downloaded OpenSSH for Windows (the Microsoft version) and installed it,
and encountered the same issue you did trying to upload a file. I
downloaded the Free SolarWinds SFTP/SCP Server for Windows[1] and installed
it, and it works perfectly fine for me (note: I am not making any claim
about compatibility of Guacamole, Windows, and SolarWindows SFTP/SCP server,
nor am I endorsing it - I just said, it works for me). So, as halcyon
already mentioned in trying to help you with this:
> I have been running into this issue. In my case it is an incompatibility
> between libssh2 and openssh (Win32 ). To get around this I downloaded the
> libssh2 code from Github and made the following changes...
This does, indeed, seem to be an issue specific to Microsoft's
implementation of OpenSSH, and, in particular, with permission translation
between libssh2 and OpenSSH on Windows. In Microsoft's defense (a rare
thing for me to do), when you go to download OpenSSH from their Github page,
it specifically says, in rather bold type:
> This is a pre-release (non-production ready)
So you should not be surprised that there are issues, particularly
compatibility issues, between more mature software (libssh2) and Microsoft's
port of OpenSSH.
> If they claim some functionality to be presented
> (SFTP for Windows hosts), they should be able to explain how it should
> work,
> which SSH-servers are supported on windows platforms and etc.
You seem to be treating Guacamole like a piece of commercial software and
not like an ongoing, open source, community-driven project. We don't have
access to every possible platform and combination of software, so we make it
as compatible as we know how, and we rely on the community to bring issues
to our attention, to provide the information necessary to help resolve those
problems, and to support each other and share our experiences, which is what
halcyon has been trying to do.
-Nick
[1] www.solarwinds.com/free-tools/free-sftp-server
--
Sent from: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/
Re: SFTP error "unable to open file XXX" on Win8 RDP host
Posted by Suncatcher16 <su...@outlook.com>.
halcyon wrote
> I can post comprehensive steps to reproduce my solution to this error. If
> you
> can copy files from the Windows sftp-server but not put file onto the
> Windows sftp-server, then you have the same problems I have. It takes
> about
> 10 mins to fix. You just need to make sure libssh2 is no longer in your
> apt
> / yum history.
I appreciate your willingness to assist but I am still waiting any comment
from Devs about this issue. If they claim some functionality to be presented
(SFTP for Windows hosts), they should be able to explain how it should work,
which SSH-servers are supported on windows platforms and etc.
--
Sent from: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/
Re: SFTP error "unable to open file XXX" on Win8 RDP host
Posted by halcyon <sr...@gmail.com>.
I can post comprehensive steps to reproduce my solution to this error. If you
can copy files from the Windows sftp-server but not put file onto the
Windows sftp-server, then you have the same problems I have. It takes about
10 mins to fix. You just need to make sure libssh2 is no longer in your apt
/ yum history.
--
Sent from: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/
Re: SFTP error "unable to open file XXX" on Win8 RDP host
Posted by vnick <vn...@apache.org>.
Suncatcher16 wrote
> Too complex solution. Maybe its better to adapt Guacamole library to make
> it
> more universal, and to support more SSH-severs?
I think there have been a few recent changes targeted at this. Have you
tried rebuilding the Guacamole code (both client and server) from git
master, yet?
Another potential solution, one that I use in my environment, is to have the
SFTP server be Linux-based, and use the sftp-root-directory to restrict
uploads to a certain directory, then make the SFTP Server available via CIFS
(Samba). That way, the users can upload files to a folder on the SFTP
server, then access those files via a UNC path or mapped drive. I'm not
certain this will work in your scenario, but it's another potential
work-around while the Windows SSH/SFTP support in Guacamole gets tweaked.
-Nick
--
Sent from: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/
Re: SFTP error "unable to open file XXX" on Win8 RDP host
Posted by Suncatcher16 <su...@outlook.com>.
Too complex solution. Maybe its better to adapt Guacamole library to make it
more universal, and to support more SSH-severs?
I asked
<http://apache-guacamole-incubating-users.2363388.n4.nabble.com/Recommended-SFTP-server-for-RDP-hosts-td1150.html#a1151>
which SSH-servers are recommended for use with Guacamole but got no response
from devs.
--
Sent from: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/