This site is now 100% read-only, and retired.

Connecting to a Debian Sarge box with Macromedia Contribute

Posted by redbeard on Fri 17 Feb 2006 at 10:42

I'm in the process of trying to migrate an existing, and dying, server to a new Debian Sarge box. The existing server is running RedHat 7. I've got the basics working. However, I have to allow users to connect to the server using Macromedia Contribute, until such time that we can build a administration system for the site. I'm trying to get Contribute to use SFTP and connect to OpenSSH (ssh 1:3.8.1p1-8.sarge.4).

Every time I try, Contribute tells me

Your username or password is incorrect. Please check your configuration information or contact your administrator.

This is, needless to say, less than useful. So, I tried turning logging on sshd up to DEBUG3. Here are the results from that, with time stamps, URLs, and user info removed:

sshd[333]: Connection from ::ffff:xxx.xxx.xxx.xxx port 2388
sshd[10822]: debug1: Forked child 333.
sshd[333]: debug1: Client protocol version 2.0; client software version OpenSSH_
3.5p1
sshd[333]: debug1: match: OpenSSH_3.5p1 pat OpenSSH*
sshd[333]: debug1: Enabling compatibility mode for protocol 2.0
sshd[333]: debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1 Debian-8.sarge.4
sshd[333]: debug2: Network child is on pid 334
sshd[333]: debug3: preauth child monitor started
sshd[333]: debug3: mm_request_receive entering
sshd[333]: debug3: monitor_read: checking request 0
sshd[333]: debug3: mm_answer_moduli: got parameters: 1024 2048 8192
sshd[333]: debug3: mm_request_send entering: type 1
sshd[333]: debug2: monitor_read: 0 used once, disabling now
sshd[333]: debug3: mm_request_receive entering
sshd[333]: debug3: monitor_read: checking request 4
sshd[333]: debug3: mm_answer_sign
sshd[333]: debug3: mm_answer_sign: signature 0x809db80(143)
sshd[333]: debug3: mm_request_send entering: type 5
sshd[333]: debug2: monitor_read: 4 used once, disabling now
sshd[333]: debug3: mm_request_receive entering
sshd[333]: debug3: monitor_read: checking request 6
sshd[333]: debug3: mm_answer_pwnamallow
sshd[333]: debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
sshd[333]: debug3: mm_request_send entering: type 7
sshd[333]: debug2: monitor_read: 6 used once, disabling now
sshd[333]: debug3: mm_request_receive entering
sshd[333]: debug3: monitor_read: checking request 45
sshd[333]: debug1: PAM: initializing for username"
sshd[333]: debug3: Normalising mapped IPv4 in IPv6 address
sshd[333]: debug3: Trying to reverse map address xxx.xxx.xxx.xxx.
sshd[333]: debug1: PAM: setting PAM_RHOST to "client.example.local"
sshd[333]: debug1: PAM: setting PAM_TTY to "ssh"
sshd[333]: debug2: monitor_read: 45 used once, disabling now
sshd[333]: debug3: mm_request_receive entering
sshd[333]: debug3: monitor_read: checking request 3
sshd[333]: debug3: mm_answer_authserv: service=ssh-connection, style=
sshd[333]: debug2: monitor_read: 3 used once, disabling now
sshd[333]: debug3: mm_request_receive entering
sshd[333]: debug1: do_cleanup
sshd[333]: debug1: PAM: cleanup
sshd[333]: debug3: PAM: sshpam_thread_cleanup entering

Of course, I don't know sshd's log output very well, but it seams to me that in the last few lines the client just disconnects without actually completing the connection.

I have verified that I can connect from my Windows box via PuTTY and PSFTP (although the PSFTP connection is kind of flaky). The logs from those programs continue on after the last mm_request_receive line.

So, on to the question. Has anyone been able to get Contribute working with this configuration (or any configuration on a Debian machine using SFTP)? Or, does anyone have any ideas as to something to check or look into, or a place such things might be documented? I've perused the Macromedia site and the only thing I can find is that OpenSSH is not officially supported on Debian (nor is anything else supported on Debian).

Incidentally, the RedHat server is just using standard FTP using vsftpd.

 

 


Re: Connecting to a Debian Sarge box with Macromedia Contribute
Posted by errror (84.165.xx.xx) on Fri 17 Feb 2006 at 14:28
I don't know about Macromedia Contribute, but we have Macromedia DreamWeaver working with Debian/Sarge servers. You have to set "PasswordAuthentication yes" in /etc/ssh/sshd_config to make them happy.

As far as I tested, this is not a security hole although the comment in the Debian standard config tell you that. Passwords are transfered anyway over the encrypted channel as long as you have UsePAM enabled in sshd_config. The only difference I discovered is, that you get asked 2x3=6 times for the password if you always give the wrong one.

[ Parent ]

Re: Connecting to a Debian Sarge box with Macromedia Contribute
Posted by redbeard (64.218.xx.xx) on Fri 17 Feb 2006 at 14:42
[ View Weblogs ]
Hmmm... I had UsePAM enabled (although I would have preferred going strictly public key). I'll try turning PasswordAuthentication back on.

Thanks,
Michael

[ Parent ]

Re: Connecting to a Debian Sarge box with Macromedia Contribute
Posted by errror (84.165.xx.xx) on Fri 17 Feb 2006 at 14:46
How do you want to make Macromedia use your public key? At least DreamWeaver only support passwords for authentication users.

[ Parent ]

Re: Connecting to a Debian Sarge box with Macromedia Contribute
Posted by redbeard (64.218.xx.xx) on Fri 17 Feb 2006 at 15:46
[ View Weblogs ]
Worked like a charm. Thanks again!

Michael

[ Parent ]

Re: Connecting to a Debian Sarge box with Macromedia Contribute
Posted by Anonymous (69.209.xx.xx) on Wed 1 Mar 2006 at 15:05
The problem you are getting is most likely because of the sshd_config.
Dreamweaver (in my case) isn't smart enough to use the same authentication as putty
so you need to enable "PasswordAuthentication yes" in the sshd config
file on the server. This is true for Dreamweaver MX 2004 and
Dreamweaver 8 and might be true for yours.

[ Parent ]

Re: Connecting to a Debian Sarge box with Macromedia Contribute
Posted by Anonymous (24.226.xx.xx) on Mon 6 Mar 2006 at 00:36
This issue is a major issue when using LDAP or alternate PAM authentication depending on how you have your SSHD configured. (I haven't found the right combination yet to get them to work properly)

Any hints if some one has gotten it to work would be great.

[ Parent ]

Re: Connecting to a Debian Sarge box with Macromedia Contribute
Posted by redbeard (64.218.xx.xx) on Mon 6 Mar 2006 at 14:50
[ View Weblogs ]
I'm not using LDAP, just a normal *nix shadow passwd file. If I understand things correctly (I haven't tested it) you have to use PasswordAuthentication, which doesn't use PAM (or at least, not in the normal way) and just directly accesses the passwd file. To me, that's a Dreamweaver/Contribute problem. They are not fully implementing an SFTP client.

If anyone at Adobe who is responsible for these two products happens to read this, maybe they'll think about improving their support.

Michael

[ Parent ]