Hi Nate, after severall modification before the week end, it finally worked out. I guess there was something in the configuration that I changed but I cannot say which one because of the number of trials... Thanks for helping. Yec'han ================================================ Dr. Yec'han LAIZET Ingenieur Bioinformatique Tel: +33 (0)5 57 12 27 75 _________________________________ INRA-UMR BIOGECO 1202 Equipe Genetique 69 route d'Arcachon 33612 CESTAS ================================================ Le 14/03/2014 16:43, Nate Coraor a écrit :
Hi Yec'han,
Sorry for the delayed response - I would guess that something is different about the configuration of the SFTP server. Could you check the server logs?
--nate
On Thu, Mar 6, 2014 at 8:13 AM, Yec'han Laizet <ylaizet@pierroton.inra.fr> wrote:
Hi Nate,
I have reseted the password of a newly created user, so now, it does not begin with $PBKDF2$. With the reseted password, I can access the web interface but I can not connect by SFTP.
Here is the log of filezilla:
Statut : Connexion à galaxy-pgtp.pierroton.inra.fr... Suivi : Going to execute /usr/bin/fzsftp Réponse : fzSftp started Suivi : CSftpControlSocket::ConnectParseResponse(fzSftp started) Suivi : CSftpControlSocket::SendNextCommand() Suivi : CSftpControlSocket::ConnectSend() Commande : open "new_user@mydomain.com@galaxy-pgtp.pierroton.inra.fr" 22 Suivi : Server version: SSH-2.0-mod_sftp/0.9.8 Suivi : Using SSH protocol version 2 Suivi : We claim version: SSH-2.0-PuTTY_Local:_Sep_14_2013_01:12:43 Suivi : Doing Diffie-Hellman group exchange Suivi : Doing Diffie-Hellman key exchange with hash SHA-256 Suivi : Host key fingerprint is: Suivi : ssh-rsa *************************************************** Suivi : Initialised AES-256 SDCTR client->server encryption Suivi : Initialised HMAC-SHA1 client->server MAC algorithm Suivi : Initialised AES-256 SDCTR server->client encryption Suivi : Initialised HMAC-SHA1 server->client MAC algorithm Suivi : Pageant is running. Requesting keys. Suivi : Pageant has 1 SSH-2 keys Commande : Pass: ****** Suivi : Sent password Suivi : Access denied Erreur : Échec de l'authentification. Suivi : CControlSocket::DoClose(1030) Suivi : CSftpControlSocket::ResetOperation(1094) Suivi : CControlSocket::ResetOperation(1094) Erreur : Erreur critique Erreur : Impossible d'établir une connexion au serveur Suivi : CFileZillaEnginePrivate::ResetOperation(1094)
If I use my own account which has been created a long time ago (understand here that some updates of galaxy have been done since this time...), the password is not PBKDF2$ encrypted and I can access both the web interface and the sftp. The filezilla log here is similar to the one shown above but of course, I get an "Access granted" instead of "denied".
I don't understand why old accounts can connect whereas new ones cannot although passwords are not PBKDF2$.
Yec'han
================================================
Dr. Yec'han LAIZET Ingenieur Bioinformatique Tel: +33 (0)5 57 12 27 75 _________________________________
INRA-UMR BIOGECO 1202 Equipe Genetique 69 route d'Arcachon 33612 CESTAS ================================================
Le 05/03/2014 20:44, Nate Coraor a écrit :
Hi Yec'han,
Could you check that the 'password' column for the user in question in the 'galaxy_user' table in the database does not begin with $PBKDF2$?
If not, do you have any debug logs from the FTP session and server that provide details on the failure?
--nate
On Wed, Mar 5, 2014 at 10:36 AM, Yec'han Laizet <ylaizet@pierroton.inra.fr> wrote:
Hello,
does anybody have any idea of what I can do to fix the problem?
Maybe an update is required? I currently use the changeset: 11219:5c789ab4144a
thanks
Yec'han
================================================
Dr. Yec'han LAIZET Ingenieur Bioinformatique Tel: +33 (0)5 57 12 27 75 _________________________________
INRA-UMR BIOGECO 1202 Equipe Genetique 69 route d'Arcachon 33612 CESTAS ================================================
Le 18/02/2014 08:39, Yec'han Laizet a écrit :
Hi Bjoern,
I indeed followed the wiki tutorial to set up my FTP service some time ago. It seems, as you suggest, that newly created users cannot connect by SFTP. I followed the fix by putting the use_pbkdf2 = False line just below the [app:main] and restarted the galaxy server. I have reseted a newly created user password but it still does not work.
Yec'han
================================================
Dr. Yec'han LAIZET Ingenieur Bioinformatique Tel: +33 (0)5 57 12 27 75 _________________________________
INRA-UMR BIOGECO 1202 Equipe Genetique 69 route d'Arcachon 33612 CESTAS ================================================
Le 17/02/2014 18:12, Björn Grüning a écrit :
Hi Yec'han,
please have a look at
https://wiki.galaxyproject.org/Admin/Config/Upload%20via%20FTP
If you are running postgres and you only newly created users can't access the server its probably due to encryption changes. Set use_pbkdf2 = False and reset all passwort for new users.
Cheers, Bjoern
Am 17.02.2014 17:27, schrieb Yec'han Laizet: > Hello, > > I set up a FTP server with SFTP support on my galaxy instance. I have > a > strange behavior when trying to connect by SFTP. Some users cannot > authentify (access denied) whereas other can. > As all users can login to the web interface with their credentials, I > wanted to check if the length of the password could be the problem > with > SFTP. To do so, I went to the admin interface to reset the password of > a > user who could connect by SFTP. Then, this user can connect to the > galaxy > web interface with the new password but not by SFTP ; if we use the > old > password, it still works for SFTP authenfication as if both passwords > are > independent. > > Could you help me to solve the problem? > > Yec'han > > > ================================================ > > Dr. Yec'han LAIZET > Ingenieur Bioinformatique > Tel: +33 (0)5 57 12 27 75 > _________________________________ > > INRA-UMR BIOGECO 1202 > Equipe Genetique > 69 route d'Arcachon > 33612 CESTAS > ================================================ > > ___________________________________________________________ > Please keep all replies on the list by using "reply all" > in your mail client. To manage your subscriptions to this > and other Galaxy lists, please use the interface at: > http://lists.bx.psu.edu/ > > To search Galaxy mailing lists use the unified search at: > http://galaxyproject.org/search/mailinglists/
___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/
To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/
___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/
To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/
___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/
To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/