Home / server / Questions

Questions[psftp](server)

Martin Hope
tb1
Asked: 2025-01-30 06:50:28 +0800 CST
  • 5

[moved from StackOverflow]

We use PSFTP, along with a ppk file and a batch command file, to upload a CSV to a remote SFTP host. This has been working for many (many) months and only recently the -b parameter fails with "Fatal: unable to open"

Details:
We run PSFTP.exe on Windows using a batch file or command prompt.

The batch command file we pass with -b paramenter is called "sftpcommands.txt" and has the following lines:

put "D:\batch\Upload.csv"
quit

Here is what we run from a batch file or command prompt:

psftp.exe -v -P 22 -i D:\batch\keyfile.ppk -b D:\batch\sftpcommands.txt [email protected]

Here is the result:

Looking up host "SFTPHost.domain.com" for SSH connection
Connecting to hostIP port 22
We claim version: SSH-2.0-PuTTY_Release_0.82
Connected to hostIP (from localIP:35022)
Remote version: SSH-2.0-AWS_SFTP_1.1
Using SSH protocol version 2
No GSSAPI security context available
Doing ECDH key exchange with curve nistp256, using hash SHA-256 (SHA-NI accelerated)
Host key fingerprint is:
ssh-rsa 4096 SHA256:ajIF+morestuffhere
Initialised AES-256 SDCTR (AES-NI accelerated) outbound encryption
Initialised HMAC-SHA-256 (SHA-NI accelerated) outbound MAC algorithm
Initialised AES-256 SDCTR (AES-NI accelerated) inbound encryption
Initialised HMAC-SHA-256 (SHA-NI accelerated) inbound MAC algorithm
Reading key file "D:\batch\keyfile.ppk"
Using username "OurUser".
Offered public key
Offer of public key accepted
Authenticating with public key "keynameinformation here"
Sent public key signature
Access granted
Opening main session channel
Remote debug message: SFTP: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
Remote debug message: SFTP: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
Opened main channel
Started a shell/command
Connected to some-host.server.transfer.us-east-1.amazonaws.com
Remote working directory is /
Fatal: unable to open
Session sent command exit status 0
Main session channel closed
All channels closed

Now the strange part: we can get rid of the -b script syntax and manually enter the same commands found in the sftpcommands.txt file when the psftp> prompt appears (e.g.):

psftp.exe -v -P 22 -i D:\batch\keyfile.ppk [email protected]

Looking up host "SFTPHost.domain.com" for SSH connection
Connecting to hostIP port 22
We claim version: SSH-2.0-PuTTY_Release_0.82
Connected to hostIP (from localIP:35022)
Remote version: SSH-2.0-AWS_SFTP_1.1
Using SSH protocol version 2
No GSSAPI security context available
Doing ECDH key exchange with curve nistp256, using hash SHA-256 (SHA-NI accelerated)
Host key fingerprint is:
ssh-rsa 4096 SHA256:ajIF+morestuffhere
Initialised AES-256 SDCTR (AES-NI accelerated) outbound encryption
Initialised HMAC-SHA-256 (SHA-NI accelerated) outbound MAC algorithm
Initialised AES-256 SDCTR (AES-NI accelerated) inbound encryption
Initialised HMAC-SHA-256 (SHA-NI accelerated) inbound MAC algorithm
Reading key file "D:\batch\keyfile.ppk"
Using username "OurUser".
Offered public key
Offer of public key accepted
Authenticating with public key "keynameinformation here"
Sent public key signature
Access granted
Opening main session channel
Remote debug message: SFTP: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
Remote debug message: SFTP: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
Opened main channel
Started a shell/command
Connected to some-host.server.transfer.us-east-1.amazonaws.com
Remote working directory is /
psftp> put "D:\batch\Upload.csv"
local:D:\batch\Upload.csv => remote:/Upload.csv
psftp> quit
Session sent command exit status 0
Main session channel closed
All channels closed

The third party did move SFTP servers a few months back, but to my knowledge the -b parameter was still working on their new host (however I could be wrong).

To my knowledge nothing has changed on our end, and as indicated we're A/B testing with the same local logged in Windows user, same local files, etc. There should be no local rights issues as, again, we're using Windows, and the logged-on account is what is opening /editing /accessing all files involved. I've also tried moving the -b parameter into different positions in the line command.

Could this error be a security, config or format setting on the remote SFTP server causing the confusion with the -b command file?

Note: I have a ticket open with the folks operating the remote SFTP host to triangulate the issue and if I can solve this, I'll post the answer here in case it helps someone else seeing the "Fatal: unable to open" on the -b switch

psftp
Martin Hope
DHoll
Asked: 2022-03-23 08:45:17 +0800 CST
  • 0

EDIT: Well, found (at least one) problem. We set up a new VM and installed the latest version of OpenSSH server for windows (v8.9) and it also fails to run correctly. The servers where it still works are running the older release, v8.6. I'm in the process of confirming that is the issue, and seeing what I'm doing wrong that causes 8.9 to fail.

I have been setting up some Windows Server 2012 VMs as SFTP servers using the OpenSSH for Windows portable. I got about a half dozen done successfully but ran into an issue with one where I'm getting the error "FATAL ERROR: Received unexpected end-of-file from SFTP server". The weird thing is this is on a server built off the same VM image, though older than the servers where it has worked. This makes me think it's a weird permissions issue.

These are the custom changes to c:\programdata\ssh\sshd_config file that I made, besides the port number which I've omitted:

AllowUsers ssh_user
PasswordAuthentication yes
Subsystem   sftp    internal-sftp
ChrootDirectory C:/Output/
SyslogFacility LOCAL0
LogLevel Debug3

I'm using psftp to connect and it connects successfully, but then gets the error. Here's what the verbose psftp command gives (minus some sensitive info):

Looking up host "[REDACTED]" for SSH connection
Connecting to [REDACTED] port [REDACTED]
We claim version: SSH-2.0-PuTTY_Release_0.76
Connected to [REDACTED]
Remote version: SSH-2.0-OpenSSH_for_Windows_8.9
Using SSH protocol version 2
No GSSAPI security context available
Doing ECDH key exchange with curve Curve25519 and hash SHA-256 (unaccelerated)
Server also has ecdsa-sha2-nistp256/rsa-sha2-512/rsa-sha2-256 host keys, but we
don't know any of them
Host key fingerprint is:
ssh-ed25519 255 SHA256:QOfqSphtid9jnXb2MWHvPS/6AerXYPQ9YUdhgORny5I
Initialised AES-256 SDCTR (AES-NI accelerated) outbound encryption
Initialised HMAC-SHA-256 (unaccelerated) outbound MAC algorithm
Initialised AES-256 SDCTR (AES-NI accelerated) inbound encryption
Initialised HMAC-SHA-256 (unaccelerated) inbound MAC algorithm
Using username "ssh_user".
Attempting keyboard-interactive authentication
Server refused keyboard-interactive authentication
Sent password
Access granted
Opening main session channel
Opened main channel
Started a shell/command
Connected to [REDACTED]
FATAL ERROR: Received unexpected end-of-file from SFTP server

I have a log file from the ssh server, but StackExchange thinks its spam. It's about 300 lines long.

I'm kind of at a loss here on what is actually causing this. The config file is the same on the other VMs without this issue. I've given the ssh user account full access to C:\Output as well as the programdata\ssh folders (though it shouldn't need the latter). I've also run the permission fix Powershell scripts that come with the OpenSSH install, but they haven't made a difference, nor has reinstalling OpenSSH.

ssh sftp psftp