New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SFTP failing with "Unable to fulfill channel request" #1271
Comments
The server is openssh-7.4p1-16.el7.x86_64 on CentOS 7. The changelog items since the previous version (7.4p1-13) are: = Friday Nov 24 2017 Jakub Jelen jjelen@redhat.com - 7.4p1-16 + 0.10.3-2 =
= Mon Nov 06 2017 Jakub Jelen jjelen@redhat.com - 7.4p1-15 + 0.10.3-2 =
= Fri Nov 03 2017 Nikos Mavrogiannopoulos nmav@redhat.com - 7.4p1-14 + 0.10.3-2 =
|
Are you able to reliably reproduce this? This bit sticks out to me:
In Net/SFTP.php there's this: https://github.com/phpseclib/phpseclib/blob/1.0.11/phpseclib/Net/SFTP.php#L465 $packet = pack(
'CNa*N3',
NET_SSH2_MSG_CHANNEL_OPEN,
strlen('session'),
'session',
NET_SFTP_CHANNEL,
$this->window_size,
0x4000
);
if (!$this->_send_binary_packet($packet)) {
return false;
}
$this->channel_status[NET_SFTP_CHANNEL] = NET_SSH2_MSG_CHANNEL_OPEN;
$response = $this->_get_channel_packet(NET_SFTP_CHANNEL, true);
if ($response === false) {
return false;
}
$packet = pack(
'CNNa*CNa*',
NET_SSH2_MSG_CHANNEL_REQUEST,
$this->server_channels[NET_SFTP_CHANNEL],
strlen('subsystem'),
'subsystem',
1,
strlen('sftp'),
'sftp'
);
if (!$this->_send_binary_packet($packet)) {
return false;
} So phpseclib is sending the channel open packet and then it's expecting a response from the server but 15s later it doesn't get one and then phpseclib sends the channel request packet. Later, in SSH2::_get_channel_packet there's this: https://github.com/phpseclib/phpseclib/blob/1.0.11/phpseclib/Net/SSH2.php#L3698 if (!strlen($response)) {
return '';
} I think that line is being hit. If you could maybe add an |
Hi Jim,
Yes, most of the time (succeeding happens sometimes, but less often). I've tweaked the line as you suggested, and added an N.B. You say:
There's a fragment with precisely that (which can never be matched) immediately afterwards. |
Would it be possible to give me access to the server?
Could you do
Good catch. That should definitely be removed. I'll try to do it as time permits. Thanks! |
An SFTP login on the SFTP server that manifests the problem? Or something else? (As I say, from the client side, the same happens from any client). |
P.S. If so... how to send you these login details? |
Yup.
You can email them to terrafrost@php.net. Thanks! |
If I log I've emailed you the login details now. They are tested and working with openssh/sftp - and also manifesting the problem. It's been set up to be identical to our regular login that has the problem. In consequence, there's no shell on this account - it's SFTP only. You cannot write in the default home directory - you need to go into the 'terrafrost' subdirectory. David |
I was able to make it work with the latest commit and with this code: include('Net/SFTP.php');
$sftp = new Net_SFTP(...);
$sftp->setTimeout(0);
$sftp->login('user', 'pass');
print_r($sftp->nlist()); The issue was this packet:
phpseclib sends a NET_SSH2_MSG_CHANNEL_OPEN packet and then, 30 seconds later, the server responds with a NET_SSH2_MSG_GLOBAL_REQUEST packet. The problem is in the fact that the server took 30 seconds to respond. phpseclib, by default, times out after 10s so it assumes it won't be getting a response. Setting the timeout to 0 fixes that but only after this commit that I just made has been applied: The fact that that packet takes 30s to send is weird but I tested it with other SFTP clients and had similar delays. Quoting the logs from FlashFXP: Like with FlashFXP... I tried it just now and got this:
I tried connecting with PuTTY, too, but PuTTY doesn't appear to show timestamps in its logs. |
Hi, Thank you. Based on what you say, if I did... ```$sftp->setTimeout(35)`` ... then in principle, ought that to work too? Obviously, I want to investigate + fix the server so that it doesn't time out, but given that the code is for distributing to users who may use it on all kinds of setups, I want to be able to work around it for them too. David |
Yah - that should work. The only problem I could see is with PHP's max_execution_time and Apache timeout settings. For the former you could do |
Thanks. Yes, setting the timeout either of those ways works for me. Upon sticking a |
Interesting. Thanks for the update! |
I thought I share my experience with this issue. Then I noticed in my /var/log/secure the following line at the end of 25 or 30 seconds after each SSH login attemp. So it seems to be related to this issue. I will just restart systemd-logind (systemctl restart systemd-logind) everytime I experience this issue. |
I have an SFTP server (openssh) to which phpseclib (1.0.11), running as part of a test setup, daily sends a backup mid-morning.
Starting from yesterday, this began failing. Using openssh/sftp from the command line manually still works and does not throw any warnings/errors. The server logs show no clues.
During the night before, the server had received an automatic update to openssh/sshd (as part of the whole batch of updates for CentOS 7.5). So, I suspect this is related. I have restarted sshd and all other services that had old libraries loaded in memory (using the
needs-restarting
tool). This has made no difference.The error happens most of the time, but not every time. It has been tried from 3 different clients, and they all show the same behaviour. (The same clients have also been tested manually with a different server (one on Fedora, the other I think Ubuntu), which has worked. So that strengthens the suspicion that the server openssh upgrade is involved).
These are the PHP notices generated when the failure occurs:
This is the contents of the debug log:
The text was updated successfully, but these errors were encountered: