Good afternoon Yutaka-san,

I have an issue with an FTP->SFTP session connecting to a particular
SFTP server which I am hoping you can help me to diagnose/fix. I have
around 30 “MOUNT” stanzas in my configuration with all other links
working correctly.

If I attempt to SFTP directly from the proxy servers to the
destination SFTP server it connects fine. Using the same credentials,
I use the Delegate proxy and I always get a response of “530- No
(Login failed:'Password: ')”. I have included below;

- Delegate configuration
- Output from connecting through the Delegate proxy
- Log output for the connection

I would also like to find out what the files are that are created in
$DELEGATE_HOME/act/servers/cc – these seem to cause me issues on
occasions and some connections do not clean them up.

Any assistance you can offer would be helpful.

Regards,

Graham Trigge.


-- 
Regards,

Graham Trigge
pu4jqbdyi-a5cwttdazs66.ml@delegate.org

# Delegated ftp proxy
# Specify the port in the init script so we can grab the current trusted ip.
#PORT=21
SERVER=FTP
DGROOT=/var/spool/delegate-nobody
# increase ftp timeout to fix issue with large xfer
TIMEOUT=con:60m,acc:60m,ftpcc:60m,login:60m

# IF you don't have this you get 2 udp listeners.
RESOLV=sys

# Define trusted sources who can use the proxy
HOSTLIST=".src: (internal IP addresses removed)"

# PERMIT LIST ftp to any from .src
PERMIT="ftp:*:.src"

.. <snip other configs> ..
MOUNT="/berlin/* sftp://(destination IP address)/*"

Log entries for the above connection

04/05 11:32:53.90 [27812] 3454+0: -- Fork(OnetimeServer): 23584 -> 27812
04/03 11:32:53.90 [27812] 3454+0: (2) accepted [47] -@[DelegateProxy]DelegateProxy:46186 (0.016s)(1)
04/03 11:32:53.90 [27812] 3454+0: PATH: FTP://-:21!DelegateProxy:21!DelegateProxy:46186!anonymous@DelegateProxy;1333416773
04/03 11:32:53.92 [27812] 3454+0: FTP server ftp://-:21/
04/03 11:32:53.92 [27812] 3454+0: -- putBuiltinHTML: empty ftp-banner-postfix.dhtml
04/03 11:32:53.92 [27812] 3454+0: bind_insock(24,DelegateProxy,0) = 0, errno=0
04/03 11:32:53.92 [27812] 3454+0: ## connect[24] refused (146)
04/03 11:32:53.92 [27812] 3454+0: ### IDENT CONNECT(DelegateProxy:113) TIMEOUT(1000ms) (146)
04/03 11:32:53.92 [27812] 3454+0: #### no authorization required
04/03 11:33:07.59 [27812] 3454+0/5: *** /berlin/ => sftp://(destination IP address)/ ***
04/03 11:33:07.59 [27812] 3454+0/5: MOUNTED-TO: //(destination IP address)/
04/03 11:33:07.59 [27812] 3454+0/5: -SFTPGW:CWD set FS->fs_proto=sftp (UNIX) 11:33:07.882 [27812] -- RES update error () (addr)
04/03 11:33:07.88 [27812] 3454+0/5: FTP LOGIN FROM DelegateProxy TO UserName@(destination IP address)
04/03 11:33:07.88 [27812] 3454+0/5: -SFTPGW:change_server REAL_PROTO=sftp <-FS
04/03 11:33:07.88 [27812] 3454+0/5: PATH: ftp://(destination IP address):22!DelegateProxy:21!DelegateProxy:46186!anonymous@DelegateProxy;1333416773
04/03 11:33:07.90 [27812] 3454+0/5: FTP server ftp://(destination IP address):22/
04/03 11:33:07.90 [27812] 3454+0/5: FTPHOPS: 1 [16/47 - -1/-1]
04/03 11:33:07.90 [27812] 3454+0/5: ---- CC connect got -1
04/03 11:33:07.90 [27812] 3454+0/5: -SFTPGW:connect_serv REAL_PROTO=sftp ->FS
04/05 11:33:07.91 [27814] 3454+0/5: -- Fork(SftpGW): 27812 -> 27814
04/03 11:33:07.91 [27812] 3454+0/5: willSTLS_SV[ftp]: ServerFlags=0 FFBECCC0
04/03 11:33:10.93 [27812] 3454+0/5: bind_insock(25,DelegateProxy,0) = 0, errno=0
04/03 11:33:10.93 [27812] 3454+0/5: ## connect[25] refused (146)
04/03 11:33:10.93 [27812] 3454+0/5: ### IDENT CONNECT(DelegateProxy:113) TIMEOUT(1000ms) (146)
04/03 11:33:10.93 [27812] 3454+0/5: ## FTP_delayReject.1 PASS [UserName][****]
04/03 11:33:10.93 [27812] 3454+0/5: ####LS cannot open /var/spool/delegate-nobody/act/delay/12/DelegateProxy:DelegateProxy
04/03 11:33:10.94 [27812] 3454+0/5: doDelay: clear old errors: count=6,age=330422,delay=30
04/03 11:33:25.55 [27812] 3454+0/6: disconnected [47] -@[DelegateProxy]DelegateProxy:46186 (31.662s)(0)
04/03 11:33:25.55 [27812] 3454+0/6: #Sig/CSC finish 175 9 P2 R0 E0 {0 r0 t0} 0/0/0
SFTP connection output

gtr01@DelegateProxy> ftp DelegateProxy
Connected to DelegateProxy.
220- DelegateProxy PROXY-FTP server (DeleGate/9.9.8-pre18) ready.
220-   @ @
220-  ( - ) { DeleGate/9.9.8-pre18 (November 7, 2010) }
220- AIST-Product-ID: 2000-ETL-198715-01, H14PRO-049, H15PRO-165, H18PRO-443
220- Copyright (c) 1994-2000 Yutaka Sato and ETL,AIST,MITI
220- Copyright (c) 2001-2010 National Institute of Advanced Industrial Science and Technology (AIST)
220- WWW: http://www.delegate.org/delegate/
220- --
220- You can connect to a SERVER by `user' command:
220-    ftp> user username@SERVER
220- or by `cd' command (after logged in as an anonymous user):
220-    ftp> cd //SERVER
220- Cache is enabled by default and can be disabled by `cd .' (toggle)
220- This (proxy) service is maintained by 'nosuchuser@qantas.com.au'
220-
220-extended FTP [MODE XDC][XDC/BASE64]
220
Name (DelegateProxy:gtr01): UserName
331 Password required for UserName.
Password:
230- User UserName logged in.
230  Now you can select a FTP SERVER by cd //SERVER
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd /berlin
530-- CWD for (destination IP address).
220 SFTP/FTP gateway ready.
331 Send password or passphrase for 'UserName'
530- No (Login failed:'Password: ')
530 ;-<
ftp> quit
221 Goodbye.