This KB article covers the error users may get when trying to use WinSCP/FileZilla (and similar SFTP Clients) to copy files to the Gateway 11 Appliance as well as an issue using the scp command from a command line.
Quick Summary:
WinSCP/FileZilla (and similar SFTP Clients) Related Error:
When trying to log into a Gateway 11 Appliance via WinSCP/FileZilla (and similar SFTP Clients) is giving error:
Received too large (1348825709 B) SFTP packet. Max supported packet size is 1024000 B.
or
scp command line related error:
You may be trying to use the command line scp and receiving
"Received message too long"
Release : 11.0
Solution 1
The problem with sftp and the ssgconfig user is caused by the ssh_force_command_ssgconfig.sh script which is executed from the sshd deamon.
To resolve the sftp using ssgconfig user do the following
Make a copy of the file /etc/ssh/ssh_force_command_ssgconfig.sh as a backup.
# cp /etc/ssh/ssh_force_command_ssgconfig.sh /etc/ssh/ssh_force_command_ssgconfig.sh.backup
Edit the file /etc/ssh/ssh_force_command_ssgconfig.sh
# nano /etc/ssh/ssh_force_command_ssgconfig.sh
change the line
"/opt/SecureSpan/Gateway/config/bin/ssgconfig-headless"* | "scp"* )
to
"/opt/SecureSpan/Gateway/config/bin/ssgconfig-headless"* | "scp"* | "/usr/lib/openssh/sftp-server" )
save the file with CTRL-o and exit with CTRL-x
Now ssh_force_command_ssgconfig.sh script allows the sftp command to be executed for ssgconfig user .
Solution 2
Using WinSCP/FileZilla (and similar SFTP Clients):
To use WinSCP/FileZilla (and similar SFTP Clients) with Gateway 11 you must create a unique sftp user and directory on the Gateway 11 appliance. You cannot use the users ssgconfig or ssgadmin to WinSCP/FileZilla (and similar SFTP Clients) into the Gateway 11 appliance.
Note: Please substitute sftpuser for any user you wish to create.
SSH to the Gateway 11 Appliance with ssgconfig and then drop into the Gateway 11 Privileged shell with Option 3
Create a new user to be used to login with WinSCP/FileZilla (and similar SFTP Clients)
# useradd sftpuser
# passwd sftpuser
*Specify password
Add the new user to the ssh_allowed_users file with the nano utility.
# nano /etc/ssh/ssh_allowed_users
Add
sftpuser
ctrl+s (if needed ctrl+x)
Make a new sftpuser directory and then make the user sftpuser the owner
# mkdir /home/sftpuser
# chown -R sftpuser:sftpuser /home/sftpuser
You should now be able to use WinSCP/FileZilla (and similar SFTP Clients) with the user created above.
Note if you get a permission error if the WinSCP/FileZilla (and similar SFTP Clients) tries to access /home/ssgconfig it will fail with permissions errors. But you should be able to traverse to /home/sftpuser
Using scp command line:
You may also use the scp command line method to copy files to your Gateway 11 Appliance instead of using WinSCP/FileZilla (and similar SFTP Clients)
In this case you can use the ssgconfig account and copy files to your /home/ssgconfig directory but please be aware of the following:
Debian 11 uses an updated version of OpenSSH that defaults to the SFTP protocol instead of the legacy SCP protocol that was used by previous Linux operating systems. This poses a problem (i.e., "Received message too long" error) for Gateway version 11.0 users who use OpenSSH 9+ SSH client as the Gateway's setup is not compatible with the SFTP protocol.
In order to complete a file transfer task using command line SCP you MAY need to use the -O option in your SCP command. The -O option effectively forces the use of the legacy SCP protocol, ensuring backwards-compatibility.
You can check your OpenSSH Client version with a command like ssh -v localhost
Examples:
Copy a file to the Gateway 11 /home/ssgconfig/ directory with the ssgconfig user on a system that is running an OpenSSH Client below 9+
scp somefile.zip ssgconfig@GatewayIP:/home/ssgconfig
Copy a file to the Gateway 11 /home/ssgconfig/ directory with the ssgconfig user on a system that is running an OpenSSH Client of 9+
scp -O somefile.zip ssgconfig@GatewayIP:/home/ssgconfig
(Please be aware that the -O switch is only available on OpenSSH 9+ Clients