FTP password and web interface password

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

FTP password and web interface password

Yec'han Laizet
Hello,

I set up a FTP server with SFTP support on my galaxy instance. I have a
strange behavior when trying to connect by SFTP. Some users cannot
authentify (access denied) whereas other can.
As all users can login to the web interface with their credentials, I
wanted to check if the length of the password could be the problem with
SFTP. To do so, I went to the admin interface to reset the password of a
user who could connect by SFTP. Then, this user can connect to the
galaxy web interface with the new password but not by SFTP ; if we use
the old password, it still works for SFTP authenfication as if both
passwords are independent.

Could you help me to solve the problem?

Yec'han


================================================

Dr. Yec'han LAIZET
Ingenieur Bioinformatique
Tel: +33 (0)5 57 12 27 75
_________________________________

INRA-UMR BIOGECO 1202
Equipe Genetique
69 route d'Arcachon
33612 CESTAS
================================================

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  http://lists.bx.psu.edu/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/
Reply | Threaded
Open this post in threaded view
|

Re: FTP password and web interface password

Björn Grüning-3
Hi Yec'han,

please have a look at

https://wiki.galaxyproject.org/Admin/Config/Upload%20via%20FTP

If you are running postgres and you only newly created users can't
access the server its probably due to encryption changes. Set use_pbkdf2
= False and reset all passwort for new users.

Cheers,
Bjoern


Am 17.02.2014 17:27, schrieb Yec'han Laizet:

> Hello,
>
> I set up a FTP server with SFTP support on my galaxy instance. I have
> a strange behavior when trying to connect by SFTP. Some users cannot
> authentify (access denied) whereas other can.
> As all users can login to the web interface with their credentials, I
> wanted to check if the length of the password could be the problem
> with SFTP. To do so, I went to the admin interface to reset the
> password of a user who could connect by SFTP. Then, this user can
> connect to the galaxy web interface with the new password but not by
> SFTP ; if we use the old password, it still works for SFTP
> authenfication as if both passwords are independent.
>
> Could you help me to solve the problem?
>
> Yec'han
>
>
> ================================================
>
> Dr. Yec'han LAIZET
> Ingenieur Bioinformatique
> Tel: +33 (0)5 57 12 27 75
> _________________________________
>
> INRA-UMR BIOGECO 1202
> Equipe Genetique
> 69 route d'Arcachon
> 33612 CESTAS
> ================================================
>
> ___________________________________________________________
> Please keep all replies on the list by using "reply all"
> in your mail client.  To manage your subscriptions to this
> and other Galaxy lists, please use the interface at:
>  http://lists.bx.psu.edu/
>
> To search Galaxy mailing lists use the unified search at:
>  http://galaxyproject.org/search/mailinglists/

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  http://lists.bx.psu.edu/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/
Reply | Threaded
Open this post in threaded view
|

Re: FTP password and web interface password

Yec'han Laizet
Hi Bjoern,

I indeed followed the wiki tutorial to set up my FTP service some time
ago. It seems, as you suggest, that newly created users cannot connect
by SFTP.
I followed the fix by putting the use_pbkdf2 = False line just below the
[app:main] and restarted the galaxy server. I have reseted a newly
created user password but it still does not work.

Yec'han


================================================

Dr. Yec'han LAIZET
Ingenieur Bioinformatique
Tel: +33 (0)5 57 12 27 75
_________________________________

INRA-UMR BIOGECO 1202
Equipe Genetique
69 route d'Arcachon
33612 CESTAS
================================================

Le 17/02/2014 18:12, Björn Grüning a écrit :

> Hi Yec'han,
>
> please have a look at
>
> https://wiki.galaxyproject.org/Admin/Config/Upload%20via%20FTP
>
> If you are running postgres and you only newly created users can't
> access the server its probably due to encryption changes. Set
> use_pbkdf2 = False and reset all passwort for new users.
>
> Cheers,
> Bjoern
>
>
> Am 17.02.2014 17:27, schrieb Yec'han Laizet:
>> Hello,
>>
>> I set up a FTP server with SFTP support on my galaxy instance. I have
>> a strange behavior when trying to connect by SFTP. Some users cannot
>> authentify (access denied) whereas other can.
>> As all users can login to the web interface with their credentials, I
>> wanted to check if the length of the password could be the problem
>> with SFTP. To do so, I went to the admin interface to reset the
>> password of a user who could connect by SFTP. Then, this user can
>> connect to the galaxy web interface with the new password but not by
>> SFTP ; if we use the old password, it still works for SFTP
>> authenfication as if both passwords are independent.
>>
>> Could you help me to solve the problem?
>>
>> Yec'han
>>
>>
>> ================================================
>>
>> Dr. Yec'han LAIZET
>> Ingenieur Bioinformatique
>> Tel: +33 (0)5 57 12 27 75
>> _________________________________
>>
>> INRA-UMR BIOGECO 1202
>> Equipe Genetique
>> 69 route d'Arcachon
>> 33612 CESTAS
>> ================================================
>>
>> ___________________________________________________________
>> Please keep all replies on the list by using "reply all"
>> in your mail client.  To manage your subscriptions to this
>> and other Galaxy lists, please use the interface at:
>>  http://lists.bx.psu.edu/
>>
>> To search Galaxy mailing lists use the unified search at:
>>  http://galaxyproject.org/search/mailinglists/
>
> ___________________________________________________________
> Please keep all replies on the list by using "reply all"
> in your mail client.  To manage your subscriptions to this
> and other Galaxy lists, please use the interface at:
>  http://lists.bx.psu.edu/
>
> To search Galaxy mailing lists use the unified search at:
>  http://galaxyproject.org/search/mailinglists/

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  http://lists.bx.psu.edu/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/
Reply | Threaded
Open this post in threaded view
|

Re: FTP password and web interface password

Yec'han Laizet
Hello,

does anybody have any idea of what I can do to fix the problem?

Maybe an update is required? I currently use the changeset:
11219:5c789ab4144a

thanks

Yec'han


================================================

Dr. Yec'han LAIZET
Ingenieur Bioinformatique
Tel: +33 (0)5 57 12 27 75
_________________________________

INRA-UMR BIOGECO 1202
Equipe Genetique
69 route d'Arcachon
33612 CESTAS
================================================

Le 18/02/2014 08:39, Yec'han Laizet a écrit :

> Hi Bjoern,
>
> I indeed followed the wiki tutorial to set up my FTP service some time
> ago. It seems, as you suggest, that newly created users cannot connect
> by SFTP.
> I followed the fix by putting the use_pbkdf2 = False line just below
> the [app:main] and restarted the galaxy server. I have reseted a newly
> created user password but it still does not work.
>
> Yec'han
>
>
> ================================================
>
> Dr. Yec'han LAIZET
> Ingenieur Bioinformatique
> Tel: +33 (0)5 57 12 27 75
> _________________________________
>
> INRA-UMR BIOGECO 1202
> Equipe Genetique
> 69 route d'Arcachon
> 33612 CESTAS
> ================================================
>
> Le 17/02/2014 18:12, Björn Grüning a écrit :
>> Hi Yec'han,
>>
>> please have a look at
>>
>> https://wiki.galaxyproject.org/Admin/Config/Upload%20via%20FTP
>>
>> If you are running postgres and you only newly created users can't
>> access the server its probably due to encryption changes. Set
>> use_pbkdf2 = False and reset all passwort for new users.
>>
>> Cheers,
>> Bjoern
>>
>>
>> Am 17.02.2014 17:27, schrieb Yec'han Laizet:
>>> Hello,
>>>
>>> I set up a FTP server with SFTP support on my galaxy instance. I
>>> have a strange behavior when trying to connect by SFTP. Some users
>>> cannot authentify (access denied) whereas other can.
>>> As all users can login to the web interface with their credentials,
>>> I wanted to check if the length of the password could be the problem
>>> with SFTP. To do so, I went to the admin interface to reset the
>>> password of a user who could connect by SFTP. Then, this user can
>>> connect to the galaxy web interface with the new password but not by
>>> SFTP ; if we use the old password, it still works for SFTP
>>> authenfication as if both passwords are independent.
>>>
>>> Could you help me to solve the problem?
>>>
>>> Yec'han
>>>
>>>
>>> ================================================
>>>
>>> Dr. Yec'han LAIZET
>>> Ingenieur Bioinformatique
>>> Tel: +33 (0)5 57 12 27 75
>>> _________________________________
>>>
>>> INRA-UMR BIOGECO 1202
>>> Equipe Genetique
>>> 69 route d'Arcachon
>>> 33612 CESTAS
>>> ================================================
>>>
>>> ___________________________________________________________
>>> Please keep all replies on the list by using "reply all"
>>> in your mail client.  To manage your subscriptions to this
>>> and other Galaxy lists, please use the interface at:
>>>  http://lists.bx.psu.edu/
>>>
>>> To search Galaxy mailing lists use the unified search at:
>>>  http://galaxyproject.org/search/mailinglists/
>>
>> ___________________________________________________________
>> Please keep all replies on the list by using "reply all"
>> in your mail client.  To manage your subscriptions to this
>> and other Galaxy lists, please use the interface at:
>>  http://lists.bx.psu.edu/
>>
>> To search Galaxy mailing lists use the unified search at:
>>  http://galaxyproject.org/search/mailinglists/
>
> ___________________________________________________________
> Please keep all replies on the list by using "reply all"
> in your mail client.  To manage your subscriptions to this
> and other Galaxy lists, please use the interface at:
>  http://lists.bx.psu.edu/
>
> To search Galaxy mailing lists use the unified search at:
>  http://galaxyproject.org/search/mailinglists/

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  http://lists.bx.psu.edu/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/
Reply | Threaded
Open this post in threaded view
|

Re: FTP password and web interface password

Nate Coraor (nate@bx.psu.edu)
Hi Yec'han,

Could you check that the 'password' column for the user in question in
the 'galaxy_user' table in the database does not begin with $PBKDF2$?

If not, do you have any debug logs from the FTP session and server
that provide details on the failure?

--nate

On Wed, Mar 5, 2014 at 10:36 AM, Yec'han Laizet
<[hidden email]> wrote:

> Hello,
>
> does anybody have any idea of what I can do to fix the problem?
>
> Maybe an update is required? I currently use the changeset:
> 11219:5c789ab4144a
>
> thanks
>
>
> Yec'han
>
>
> ================================================
>
> Dr. Yec'han LAIZET
> Ingenieur Bioinformatique
> Tel: +33 (0)5 57 12 27 75
> _________________________________
>
> INRA-UMR BIOGECO 1202
> Equipe Genetique
> 69 route d'Arcachon
> 33612 CESTAS
> ================================================
>
> Le 18/02/2014 08:39, Yec'han Laizet a écrit :
>
>> Hi Bjoern,
>>
>> I indeed followed the wiki tutorial to set up my FTP service some time
>> ago. It seems, as you suggest, that newly created users cannot connect by
>> SFTP.
>> I followed the fix by putting the use_pbkdf2 = False line just below the
>> [app:main] and restarted the galaxy server. I have reseted a newly created
>> user password but it still does not work.
>>
>> Yec'han
>>
>>
>> ================================================
>>
>> Dr. Yec'han LAIZET
>> Ingenieur Bioinformatique
>> Tel: +33 (0)5 57 12 27 75
>> _________________________________
>>
>> INRA-UMR BIOGECO 1202
>> Equipe Genetique
>> 69 route d'Arcachon
>> 33612 CESTAS
>> ================================================
>>
>> Le 17/02/2014 18:12, Björn Grüning a écrit :
>>>
>>> Hi Yec'han,
>>>
>>> please have a look at
>>>
>>> https://wiki.galaxyproject.org/Admin/Config/Upload%20via%20FTP
>>>
>>> If you are running postgres and you only newly created users can't access
>>> the server its probably due to encryption changes. Set use_pbkdf2 = False
>>> and reset all passwort for new users.
>>>
>>> Cheers,
>>> Bjoern
>>>
>>>
>>> Am 17.02.2014 17:27, schrieb Yec'han Laizet:
>>>>
>>>> Hello,
>>>>
>>>> I set up a FTP server with SFTP support on my galaxy instance. I have a
>>>> strange behavior when trying to connect by SFTP. Some users cannot
>>>> authentify (access denied) whereas other can.
>>>> As all users can login to the web interface with their credentials, I
>>>> wanted to check if the length of the password could be the problem with
>>>> SFTP. To do so, I went to the admin interface to reset the password of a
>>>> user who could connect by SFTP. Then, this user can connect to the galaxy
>>>> web interface with the new password but not by SFTP ; if we use the old
>>>> password, it still works for SFTP authenfication as if both passwords are
>>>> independent.
>>>>
>>>> Could you help me to solve the problem?
>>>>
>>>> Yec'han
>>>>
>>>>
>>>> ================================================
>>>>
>>>> Dr. Yec'han LAIZET
>>>> Ingenieur Bioinformatique
>>>> Tel: +33 (0)5 57 12 27 75
>>>> _________________________________
>>>>
>>>> INRA-UMR BIOGECO 1202
>>>> Equipe Genetique
>>>> 69 route d'Arcachon
>>>> 33612 CESTAS
>>>> ================================================
>>>>
>>>> ___________________________________________________________
>>>> Please keep all replies on the list by using "reply all"
>>>> in your mail client.  To manage your subscriptions to this
>>>> and other Galaxy lists, please use the interface at:
>>>>  http://lists.bx.psu.edu/
>>>>
>>>> To search Galaxy mailing lists use the unified search at:
>>>>  http://galaxyproject.org/search/mailinglists/
>>>
>>>
>>> ___________________________________________________________
>>> Please keep all replies on the list by using "reply all"
>>> in your mail client.  To manage your subscriptions to this
>>> and other Galaxy lists, please use the interface at:
>>>  http://lists.bx.psu.edu/
>>>
>>> To search Galaxy mailing lists use the unified search at:
>>>  http://galaxyproject.org/search/mailinglists/
>>
>>
>> ___________________________________________________________
>> Please keep all replies on the list by using "reply all"
>> in your mail client.  To manage your subscriptions to this
>> and other Galaxy lists, please use the interface at:
>>  http://lists.bx.psu.edu/
>>
>> To search Galaxy mailing lists use the unified search at:
>>  http://galaxyproject.org/search/mailinglists/
>
>
> ___________________________________________________________
> Please keep all replies on the list by using "reply all"
> in your mail client.  To manage your subscriptions to this
> and other Galaxy lists, please use the interface at:
>  http://lists.bx.psu.edu/
>
> To search Galaxy mailing lists use the unified search at:
>  http://galaxyproject.org/search/mailinglists/

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  http://lists.bx.psu.edu/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/
Reply | Threaded
Open this post in threaded view
|

Re: FTP password and web interface password

Yec'han Laizet
Hi Nate,

I have reseted the password of a newly created user, so now, it does not
begin with $PBKDF2$. With the reseted password, I can access the web
interface but I can not connect by SFTP.

Here is the log of filezilla:

Statut :    Connexion à galaxy-pgtp.pierroton.inra.fr...
Suivi :    Going to execute /usr/bin/fzsftp
Réponse :    fzSftp started
Suivi :    CSftpControlSocket::ConnectParseResponse(fzSftp started)
Suivi :    CSftpControlSocket::SendNextCommand()
Suivi :    CSftpControlSocket::ConnectSend()
Commande :    open "[hidden email]@galaxy-pgtp.pierroton.inra.fr" 22
Suivi :    Server version: SSH-2.0-mod_sftp/0.9.8
Suivi :    Using SSH protocol version 2
Suivi :    We claim version: SSH-2.0-PuTTY_Local:_Sep_14_2013_01:12:43
Suivi :    Doing Diffie-Hellman group exchange
Suivi :    Doing Diffie-Hellman key exchange with hash SHA-256
Suivi :    Host key fingerprint is:
Suivi :    ssh-rsa ***************************************************
Suivi :    Initialised AES-256 SDCTR client->server encryption
Suivi :    Initialised HMAC-SHA1 client->server MAC algorithm
Suivi :    Initialised AES-256 SDCTR server->client encryption
Suivi :    Initialised HMAC-SHA1 server->client MAC algorithm
Suivi :    Pageant is running. Requesting keys.
Suivi :    Pageant has 1 SSH-2 keys
Commande :    Pass: ******
Suivi :    Sent password
Suivi :    Access denied
Erreur :    Échec de l'authentification.
Suivi :    CControlSocket::DoClose(1030)
Suivi :    CSftpControlSocket::ResetOperation(1094)
Suivi :    CControlSocket::ResetOperation(1094)
Erreur :    Erreur critique
Erreur :    Impossible d'établir une connexion au serveur
Suivi :    CFileZillaEnginePrivate::ResetOperation(1094)



If I use my own account which has been created a long time ago
(understand here that some updates of galaxy have been done since this
time...), the password is not PBKDF2$ encrypted and I can access both
the web interface and the sftp. The filezilla log here is similar to the
one shown above but of course, I get an "Access granted" instead of
"denied".

I don't understand why old accounts can connect whereas new ones cannot
although passwords are not PBKDF2$.

Yec'han


================================================

Dr. Yec'han LAIZET
Ingenieur Bioinformatique
Tel: +33 (0)5 57 12 27 75
_________________________________

INRA-UMR BIOGECO 1202
Equipe Genetique
69 route d'Arcachon
33612 CESTAS
================================================

Le 05/03/2014 20:44, Nate Coraor a écrit :

> Hi Yec'han,
>
> Could you check that the 'password' column for the user in question in
> the 'galaxy_user' table in the database does not begin with $PBKDF2$?
>
> If not, do you have any debug logs from the FTP session and server
> that provide details on the failure?
>
> --nate
>
> On Wed, Mar 5, 2014 at 10:36 AM, Yec'han Laizet
> <[hidden email]> wrote:
>> Hello,
>>
>> does anybody have any idea of what I can do to fix the problem?
>>
>> Maybe an update is required? I currently use the changeset:
>> 11219:5c789ab4144a
>>
>> thanks
>>
>>
>> Yec'han
>>
>>
>> ================================================
>>
>> Dr. Yec'han LAIZET
>> Ingenieur Bioinformatique
>> Tel: +33 (0)5 57 12 27 75
>> _________________________________
>>
>> INRA-UMR BIOGECO 1202
>> Equipe Genetique
>> 69 route d'Arcachon
>> 33612 CESTAS
>> ================================================
>>
>> Le 18/02/2014 08:39, Yec'han Laizet a écrit :
>>
>>> Hi Bjoern,
>>>
>>> I indeed followed the wiki tutorial to set up my FTP service some time
>>> ago. It seems, as you suggest, that newly created users cannot connect by
>>> SFTP.
>>> I followed the fix by putting the use_pbkdf2 = False line just below the
>>> [app:main] and restarted the galaxy server. I have reseted a newly created
>>> user password but it still does not work.
>>>
>>> Yec'han
>>>
>>>
>>> ================================================
>>>
>>> Dr. Yec'han LAIZET
>>> Ingenieur Bioinformatique
>>> Tel: +33 (0)5 57 12 27 75
>>> _________________________________
>>>
>>> INRA-UMR BIOGECO 1202
>>> Equipe Genetique
>>> 69 route d'Arcachon
>>> 33612 CESTAS
>>> ================================================
>>>
>>> Le 17/02/2014 18:12, Björn Grüning a écrit :
>>>> Hi Yec'han,
>>>>
>>>> please have a look at
>>>>
>>>> https://wiki.galaxyproject.org/Admin/Config/Upload%20via%20FTP
>>>>
>>>> If you are running postgres and you only newly created users can't access
>>>> the server its probably due to encryption changes. Set use_pbkdf2 = False
>>>> and reset all passwort for new users.
>>>>
>>>> Cheers,
>>>> Bjoern
>>>>
>>>>
>>>> Am 17.02.2014 17:27, schrieb Yec'han Laizet:
>>>>> Hello,
>>>>>
>>>>> I set up a FTP server with SFTP support on my galaxy instance. I have a
>>>>> strange behavior when trying to connect by SFTP. Some users cannot
>>>>> authentify (access denied) whereas other can.
>>>>> As all users can login to the web interface with their credentials, I
>>>>> wanted to check if the length of the password could be the problem with
>>>>> SFTP. To do so, I went to the admin interface to reset the password of a
>>>>> user who could connect by SFTP. Then, this user can connect to the galaxy
>>>>> web interface with the new password but not by SFTP ; if we use the old
>>>>> password, it still works for SFTP authenfication as if both passwords are
>>>>> independent.
>>>>>
>>>>> Could you help me to solve the problem?
>>>>>
>>>>> Yec'han
>>>>>
>>>>>
>>>>> ================================================
>>>>>
>>>>> Dr. Yec'han LAIZET
>>>>> Ingenieur Bioinformatique
>>>>> Tel: +33 (0)5 57 12 27 75
>>>>> _________________________________
>>>>>
>>>>> INRA-UMR BIOGECO 1202
>>>>> Equipe Genetique
>>>>> 69 route d'Arcachon
>>>>> 33612 CESTAS
>>>>> ================================================
>>>>>
>>>>> ___________________________________________________________
>>>>> Please keep all replies on the list by using "reply all"
>>>>> in your mail client.  To manage your subscriptions to this
>>>>> and other Galaxy lists, please use the interface at:
>>>>>   http://lists.bx.psu.edu/
>>>>>
>>>>> To search Galaxy mailing lists use the unified search at:
>>>>>   http://galaxyproject.org/search/mailinglists/
>>>>
>>>> ___________________________________________________________
>>>> Please keep all replies on the list by using "reply all"
>>>> in your mail client.  To manage your subscriptions to this
>>>> and other Galaxy lists, please use the interface at:
>>>>   http://lists.bx.psu.edu/
>>>>
>>>> To search Galaxy mailing lists use the unified search at:
>>>>   http://galaxyproject.org/search/mailinglists/
>>>
>>> ___________________________________________________________
>>> Please keep all replies on the list by using "reply all"
>>> in your mail client.  To manage your subscriptions to this
>>> and other Galaxy lists, please use the interface at:
>>>   http://lists.bx.psu.edu/
>>>
>>> To search Galaxy mailing lists use the unified search at:
>>>   http://galaxyproject.org/search/mailinglists/
>>
>> ___________________________________________________________
>> Please keep all replies on the list by using "reply all"
>> in your mail client.  To manage your subscriptions to this
>> and other Galaxy lists, please use the interface at:
>>   http://lists.bx.psu.edu/
>>
>> To search Galaxy mailing lists use the unified search at:
>>   http://galaxyproject.org/search/mailinglists/

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  http://lists.bx.psu.edu/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/
Reply | Threaded
Open this post in threaded view
|

Re: FTP password and web interface password

Nate Coraor (nate@bx.psu.edu)
Hi Yec'han,

Sorry for the delayed response - I would guess that something is
different about the configuration of the SFTP server. Could you check
the server logs?

--nate

On Thu, Mar 6, 2014 at 8:13 AM, Yec'han Laizet
<[hidden email]> wrote:

> Hi Nate,
>
> I have reseted the password of a newly created user, so now, it does not
> begin with $PBKDF2$. With the reseted password, I can access the web
> interface but I can not connect by SFTP.
>
> Here is the log of filezilla:
>
> Statut :    Connexion à galaxy-pgtp.pierroton.inra.fr...
> Suivi :    Going to execute /usr/bin/fzsftp
> Réponse :    fzSftp started
> Suivi :    CSftpControlSocket::ConnectParseResponse(fzSftp started)
> Suivi :    CSftpControlSocket::SendNextCommand()
> Suivi :    CSftpControlSocket::ConnectSend()
> Commande :    open "[hidden email]@galaxy-pgtp.pierroton.inra.fr" 22
> Suivi :    Server version: SSH-2.0-mod_sftp/0.9.8
> Suivi :    Using SSH protocol version 2
> Suivi :    We claim version: SSH-2.0-PuTTY_Local:_Sep_14_2013_01:12:43
> Suivi :    Doing Diffie-Hellman group exchange
> Suivi :    Doing Diffie-Hellman key exchange with hash SHA-256
> Suivi :    Host key fingerprint is:
> Suivi :    ssh-rsa ***************************************************
> Suivi :    Initialised AES-256 SDCTR client->server encryption
> Suivi :    Initialised HMAC-SHA1 client->server MAC algorithm
> Suivi :    Initialised AES-256 SDCTR server->client encryption
> Suivi :    Initialised HMAC-SHA1 server->client MAC algorithm
> Suivi :    Pageant is running. Requesting keys.
> Suivi :    Pageant has 1 SSH-2 keys
> Commande :    Pass: ******
> Suivi :    Sent password
> Suivi :    Access denied
> Erreur :    Échec de l'authentification.
> Suivi :    CControlSocket::DoClose(1030)
> Suivi :    CSftpControlSocket::ResetOperation(1094)
> Suivi :    CControlSocket::ResetOperation(1094)
> Erreur :    Erreur critique
> Erreur :    Impossible d'établir une connexion au serveur
> Suivi :    CFileZillaEnginePrivate::ResetOperation(1094)
>
>
>
> If I use my own account which has been created a long time ago (understand
> here that some updates of galaxy have been done since this time...), the
> password is not PBKDF2$ encrypted and I can access both the web interface
> and the sftp. The filezilla log here is similar to the one shown above but
> of course, I get an "Access granted" instead of "denied".
>
> I don't understand why old accounts can connect whereas new ones cannot
> although passwords are not PBKDF2$.
>
>
> Yec'han
>
>
> ================================================
>
> Dr. Yec'han LAIZET
> Ingenieur Bioinformatique
> Tel: +33 (0)5 57 12 27 75
> _________________________________
>
> INRA-UMR BIOGECO 1202
> Equipe Genetique
> 69 route d'Arcachon
> 33612 CESTAS
> ================================================
>
> Le 05/03/2014 20:44, Nate Coraor a écrit :
>
>> Hi Yec'han,
>>
>> Could you check that the 'password' column for the user in question in
>> the 'galaxy_user' table in the database does not begin with $PBKDF2$?
>>
>> If not, do you have any debug logs from the FTP session and server
>> that provide details on the failure?
>>
>> --nate
>>
>> On Wed, Mar 5, 2014 at 10:36 AM, Yec'han Laizet
>> <[hidden email]> wrote:
>>>
>>> Hello,
>>>
>>> does anybody have any idea of what I can do to fix the problem?
>>>
>>> Maybe an update is required? I currently use the changeset:
>>> 11219:5c789ab4144a
>>>
>>> thanks
>>>
>>>
>>> Yec'han
>>>
>>>
>>> ================================================
>>>
>>> Dr. Yec'han LAIZET
>>> Ingenieur Bioinformatique
>>> Tel: +33 (0)5 57 12 27 75
>>> _________________________________
>>>
>>> INRA-UMR BIOGECO 1202
>>> Equipe Genetique
>>> 69 route d'Arcachon
>>> 33612 CESTAS
>>> ================================================
>>>
>>> Le 18/02/2014 08:39, Yec'han Laizet a écrit :
>>>
>>>> Hi Bjoern,
>>>>
>>>> I indeed followed the wiki tutorial to set up my FTP service some time
>>>> ago. It seems, as you suggest, that newly created users cannot connect
>>>> by
>>>> SFTP.
>>>> I followed the fix by putting the use_pbkdf2 = False line just below the
>>>> [app:main] and restarted the galaxy server. I have reseted a newly
>>>> created
>>>> user password but it still does not work.
>>>>
>>>> Yec'han
>>>>
>>>>
>>>> ================================================
>>>>
>>>> Dr. Yec'han LAIZET
>>>> Ingenieur Bioinformatique
>>>> Tel: +33 (0)5 57 12 27 75
>>>> _________________________________
>>>>
>>>> INRA-UMR BIOGECO 1202
>>>> Equipe Genetique
>>>> 69 route d'Arcachon
>>>> 33612 CESTAS
>>>> ================================================
>>>>
>>>> Le 17/02/2014 18:12, Björn Grüning a écrit :
>>>>>
>>>>> Hi Yec'han,
>>>>>
>>>>> please have a look at
>>>>>
>>>>> https://wiki.galaxyproject.org/Admin/Config/Upload%20via%20FTP
>>>>>
>>>>> If you are running postgres and you only newly created users can't
>>>>> access
>>>>> the server its probably due to encryption changes. Set use_pbkdf2 =
>>>>> False
>>>>> and reset all passwort for new users.
>>>>>
>>>>> Cheers,
>>>>> Bjoern
>>>>>
>>>>>
>>>>> Am 17.02.2014 17:27, schrieb Yec'han Laizet:
>>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> I set up a FTP server with SFTP support on my galaxy instance. I have
>>>>>> a
>>>>>> strange behavior when trying to connect by SFTP. Some users cannot
>>>>>> authentify (access denied) whereas other can.
>>>>>> As all users can login to the web interface with their credentials, I
>>>>>> wanted to check if the length of the password could be the problem
>>>>>> with
>>>>>> SFTP. To do so, I went to the admin interface to reset the password of
>>>>>> a
>>>>>> user who could connect by SFTP. Then, this user can connect to the
>>>>>> galaxy
>>>>>> web interface with the new password but not by SFTP ; if we use the
>>>>>> old
>>>>>> password, it still works for SFTP authenfication as if both passwords
>>>>>> are
>>>>>> independent.
>>>>>>
>>>>>> Could you help me to solve the problem?
>>>>>>
>>>>>> Yec'han
>>>>>>
>>>>>>
>>>>>> ================================================
>>>>>>
>>>>>> Dr. Yec'han LAIZET
>>>>>> Ingenieur Bioinformatique
>>>>>> Tel: +33 (0)5 57 12 27 75
>>>>>> _________________________________
>>>>>>
>>>>>> INRA-UMR BIOGECO 1202
>>>>>> Equipe Genetique
>>>>>> 69 route d'Arcachon
>>>>>> 33612 CESTAS
>>>>>> ================================================
>>>>>>
>>>>>> ___________________________________________________________
>>>>>> Please keep all replies on the list by using "reply all"
>>>>>> in your mail client.  To manage your subscriptions to this
>>>>>> and other Galaxy lists, please use the interface at:
>>>>>>   http://lists.bx.psu.edu/
>>>>>>
>>>>>> To search Galaxy mailing lists use the unified search at:
>>>>>>   http://galaxyproject.org/search/mailinglists/
>>>>>
>>>>>
>>>>> ___________________________________________________________
>>>>> Please keep all replies on the list by using "reply all"
>>>>> in your mail client.  To manage your subscriptions to this
>>>>> and other Galaxy lists, please use the interface at:
>>>>>   http://lists.bx.psu.edu/
>>>>>
>>>>> To search Galaxy mailing lists use the unified search at:
>>>>>   http://galaxyproject.org/search/mailinglists/
>>>>
>>>>
>>>> ___________________________________________________________
>>>> Please keep all replies on the list by using "reply all"
>>>> in your mail client.  To manage your subscriptions to this
>>>> and other Galaxy lists, please use the interface at:
>>>>   http://lists.bx.psu.edu/
>>>>
>>>> To search Galaxy mailing lists use the unified search at:
>>>>   http://galaxyproject.org/search/mailinglists/
>>>
>>>
>>> ___________________________________________________________
>>> Please keep all replies on the list by using "reply all"
>>> in your mail client.  To manage your subscriptions to this
>>> and other Galaxy lists, please use the interface at:
>>>   http://lists.bx.psu.edu/
>>>
>>> To search Galaxy mailing lists use the unified search at:
>>>   http://galaxyproject.org/search/mailinglists/
>
>

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  http://lists.bx.psu.edu/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/
Reply | Threaded
Open this post in threaded view
|

Re: FTP password and web interface password

Yec'han Laizet
Hi Nate,

after severall modification before the week end, it finally worked out.
I guess there was something in the configuration that I changed but I
cannot say which one because of the number of trials...

Thanks for helping.

Yec'han


================================================

Dr. Yec'han LAIZET
Ingenieur Bioinformatique
Tel: +33 (0)5 57 12 27 75
_________________________________

INRA-UMR BIOGECO 1202
Equipe Genetique
69 route d'Arcachon
33612 CESTAS
================================================

Le 14/03/2014 16:43, Nate Coraor a écrit :

> Hi Yec'han,
>
> Sorry for the delayed response - I would guess that something is
> different about the configuration of the SFTP server. Could you check
> the server logs?
>
> --nate
>
> On Thu, Mar 6, 2014 at 8:13 AM, Yec'han Laizet
> <[hidden email]> wrote:
>> Hi Nate,
>>
>> I have reseted the password of a newly created user, so now, it does not
>> begin with $PBKDF2$. With the reseted password, I can access the web
>> interface but I can not connect by SFTP.
>>
>> Here is the log of filezilla:
>>
>> Statut :    Connexion à galaxy-pgtp.pierroton.inra.fr...
>> Suivi :    Going to execute /usr/bin/fzsftp
>> Réponse :    fzSftp started
>> Suivi :    CSftpControlSocket::ConnectParseResponse(fzSftp started)
>> Suivi :    CSftpControlSocket::SendNextCommand()
>> Suivi :    CSftpControlSocket::ConnectSend()
>> Commande :    open "[hidden email]@galaxy-pgtp.pierroton.inra.fr" 22
>> Suivi :    Server version: SSH-2.0-mod_sftp/0.9.8
>> Suivi :    Using SSH protocol version 2
>> Suivi :    We claim version: SSH-2.0-PuTTY_Local:_Sep_14_2013_01:12:43
>> Suivi :    Doing Diffie-Hellman group exchange
>> Suivi :    Doing Diffie-Hellman key exchange with hash SHA-256
>> Suivi :    Host key fingerprint is:
>> Suivi :    ssh-rsa ***************************************************
>> Suivi :    Initialised AES-256 SDCTR client->server encryption
>> Suivi :    Initialised HMAC-SHA1 client->server MAC algorithm
>> Suivi :    Initialised AES-256 SDCTR server->client encryption
>> Suivi :    Initialised HMAC-SHA1 server->client MAC algorithm
>> Suivi :    Pageant is running. Requesting keys.
>> Suivi :    Pageant has 1 SSH-2 keys
>> Commande :    Pass: ******
>> Suivi :    Sent password
>> Suivi :    Access denied
>> Erreur :    Échec de l'authentification.
>> Suivi :    CControlSocket::DoClose(1030)
>> Suivi :    CSftpControlSocket::ResetOperation(1094)
>> Suivi :    CControlSocket::ResetOperation(1094)
>> Erreur :    Erreur critique
>> Erreur :    Impossible d'établir une connexion au serveur
>> Suivi :    CFileZillaEnginePrivate::ResetOperation(1094)
>>
>>
>>
>> If I use my own account which has been created a long time ago (understand
>> here that some updates of galaxy have been done since this time...), the
>> password is not PBKDF2$ encrypted and I can access both the web interface
>> and the sftp. The filezilla log here is similar to the one shown above but
>> of course, I get an "Access granted" instead of "denied".
>>
>> I don't understand why old accounts can connect whereas new ones cannot
>> although passwords are not PBKDF2$.
>>
>>
>> Yec'han
>>
>>
>> ================================================
>>
>> Dr. Yec'han LAIZET
>> Ingenieur Bioinformatique
>> Tel: +33 (0)5 57 12 27 75
>> _________________________________
>>
>> INRA-UMR BIOGECO 1202
>> Equipe Genetique
>> 69 route d'Arcachon
>> 33612 CESTAS
>> ================================================
>>
>> Le 05/03/2014 20:44, Nate Coraor a écrit :
>>
>>> Hi Yec'han,
>>>
>>> Could you check that the 'password' column for the user in question in
>>> the 'galaxy_user' table in the database does not begin with $PBKDF2$?
>>>
>>> If not, do you have any debug logs from the FTP session and server
>>> that provide details on the failure?
>>>
>>> --nate
>>>
>>> On Wed, Mar 5, 2014 at 10:36 AM, Yec'han Laizet
>>> <[hidden email]> wrote:
>>>> Hello,
>>>>
>>>> does anybody have any idea of what I can do to fix the problem?
>>>>
>>>> Maybe an update is required? I currently use the changeset:
>>>> 11219:5c789ab4144a
>>>>
>>>> thanks
>>>>
>>>>
>>>> Yec'han
>>>>
>>>>
>>>> ================================================
>>>>
>>>> Dr. Yec'han LAIZET
>>>> Ingenieur Bioinformatique
>>>> Tel: +33 (0)5 57 12 27 75
>>>> _________________________________
>>>>
>>>> INRA-UMR BIOGECO 1202
>>>> Equipe Genetique
>>>> 69 route d'Arcachon
>>>> 33612 CESTAS
>>>> ================================================
>>>>
>>>> Le 18/02/2014 08:39, Yec'han Laizet a écrit :
>>>>
>>>>> Hi Bjoern,
>>>>>
>>>>> I indeed followed the wiki tutorial to set up my FTP service some time
>>>>> ago. It seems, as you suggest, that newly created users cannot connect
>>>>> by
>>>>> SFTP.
>>>>> I followed the fix by putting the use_pbkdf2 = False line just below the
>>>>> [app:main] and restarted the galaxy server. I have reseted a newly
>>>>> created
>>>>> user password but it still does not work.
>>>>>
>>>>> Yec'han
>>>>>
>>>>>
>>>>> ================================================
>>>>>
>>>>> Dr. Yec'han LAIZET
>>>>> Ingenieur Bioinformatique
>>>>> Tel: +33 (0)5 57 12 27 75
>>>>> _________________________________
>>>>>
>>>>> INRA-UMR BIOGECO 1202
>>>>> Equipe Genetique
>>>>> 69 route d'Arcachon
>>>>> 33612 CESTAS
>>>>> ================================================
>>>>>
>>>>> Le 17/02/2014 18:12, Björn Grüning a écrit :
>>>>>> Hi Yec'han,
>>>>>>
>>>>>> please have a look at
>>>>>>
>>>>>> https://wiki.galaxyproject.org/Admin/Config/Upload%20via%20FTP
>>>>>>
>>>>>> If you are running postgres and you only newly created users can't
>>>>>> access
>>>>>> the server its probably due to encryption changes. Set use_pbkdf2 =
>>>>>> False
>>>>>> and reset all passwort for new users.
>>>>>>
>>>>>> Cheers,
>>>>>> Bjoern
>>>>>>
>>>>>>
>>>>>> Am 17.02.2014 17:27, schrieb Yec'han Laizet:
>>>>>>> Hello,
>>>>>>>
>>>>>>> I set up a FTP server with SFTP support on my galaxy instance. I have
>>>>>>> a
>>>>>>> strange behavior when trying to connect by SFTP. Some users cannot
>>>>>>> authentify (access denied) whereas other can.
>>>>>>> As all users can login to the web interface with their credentials, I
>>>>>>> wanted to check if the length of the password could be the problem
>>>>>>> with
>>>>>>> SFTP. To do so, I went to the admin interface to reset the password of
>>>>>>> a
>>>>>>> user who could connect by SFTP. Then, this user can connect to the
>>>>>>> galaxy
>>>>>>> web interface with the new password but not by SFTP ; if we use the
>>>>>>> old
>>>>>>> password, it still works for SFTP authenfication as if both passwords
>>>>>>> are
>>>>>>> independent.
>>>>>>>
>>>>>>> Could you help me to solve the problem?
>>>>>>>
>>>>>>> Yec'han
>>>>>>>
>>>>>>>
>>>>>>> ================================================
>>>>>>>
>>>>>>> Dr. Yec'han LAIZET
>>>>>>> Ingenieur Bioinformatique
>>>>>>> Tel: +33 (0)5 57 12 27 75
>>>>>>> _________________________________
>>>>>>>
>>>>>>> INRA-UMR BIOGECO 1202
>>>>>>> Equipe Genetique
>>>>>>> 69 route d'Arcachon
>>>>>>> 33612 CESTAS
>>>>>>> ================================================
>>>>>>>
>>>>>>> ___________________________________________________________
>>>>>>> Please keep all replies on the list by using "reply all"
>>>>>>> in your mail client.  To manage your subscriptions to this
>>>>>>> and other Galaxy lists, please use the interface at:
>>>>>>>    http://lists.bx.psu.edu/
>>>>>>>
>>>>>>> To search Galaxy mailing lists use the unified search at:
>>>>>>>    http://galaxyproject.org/search/mailinglists/
>>>>>>
>>>>>> ___________________________________________________________
>>>>>> Please keep all replies on the list by using "reply all"
>>>>>> in your mail client.  To manage your subscriptions to this
>>>>>> and other Galaxy lists, please use the interface at:
>>>>>>    http://lists.bx.psu.edu/
>>>>>>
>>>>>> To search Galaxy mailing lists use the unified search at:
>>>>>>    http://galaxyproject.org/search/mailinglists/
>>>>>
>>>>> ___________________________________________________________
>>>>> Please keep all replies on the list by using "reply all"
>>>>> in your mail client.  To manage your subscriptions to this
>>>>> and other Galaxy lists, please use the interface at:
>>>>>    http://lists.bx.psu.edu/
>>>>>
>>>>> To search Galaxy mailing lists use the unified search at:
>>>>>    http://galaxyproject.org/search/mailinglists/
>>>>
>>>> ___________________________________________________________
>>>> Please keep all replies on the list by using "reply all"
>>>> in your mail client.  To manage your subscriptions to this
>>>> and other Galaxy lists, please use the interface at:
>>>>    http://lists.bx.psu.edu/
>>>>
>>>> To search Galaxy mailing lists use the unified search at:
>>>>    http://galaxyproject.org/search/mailinglists/
>>

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  http://lists.bx.psu.edu/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/