SSH2 SFTP in Dreamweaver
The short fix for (Macromedia) Adobe's Dreamweaver and Contribute failure to connect to a default SSHd sFTP account configuration is thus: you must enable
It's an interestingly undocumented requirement, but is required to connect from these Windows/Mac tools. The default SSHd configs seem to cause troubles. So, if you are an admin, just adjust the sshd_config appropriately and then:
ps -aux | grep sshd
(find the pid that matches sshd, then:
kill -HUP [the pid number you just found]
I originally thought the problem I experienced was due to ssh version incompatibilities, AKA: Even JasonN makes mistakes :(
I recently consulted a client against using SFTP with Macromedia's Dreamweaver, because I was erroneously led to believe that Macromedia's use of SFTP used SSH1 implementation. SSH1, is subject to something called "Man in the Middle" attacks.
In SSH1, only one session key is used throughout the ssh
session, however long the session takes. Potentially, this gives
the cryptanalyst more data encrypted with the same key, and hence
greatly increases the chances of the key being discovered. SSH-2
on the other hand, allows for session-rekeying, whereby a new
session key is generated as agreed upon by both client and server. - TACC's Detailed Review of SSH
Basically, this means that a person can get between the two sides of the SSH connection and intercept, even alter the communications. If Dreamweaver used SSH1 to do this, the advice I gave would have been solid. However, according to my own tests and Macromedia's website, it seems that they in fact only support the SSH2 implimentation of SFTP.
Use Secure File Transfer Protocol over SSH2 to prevent would-be snoopers
from being able to determine a user’s authentication details (username
and password) or a file’s content. It works by automatically encrypting
and protecting a user’s authentication details and data. It also verifies
that the remote host the user is connecting to is really the host it
claims to be. - Macromedia
Whoops! I came to this conclusion after having problems with SSHd on their server refusing connections. Of course, I still don't know why it refused connections. I do know I've absolutely blocked SSH1 connections in the configuration, and tested it to make sure it really does block SSH1. Macromedia's site says the technology is SSH2, and it still connects. So, I can make a very unscientific assumption that it's connecting via SSH2 SFTP.
You know, unscientific assumptions are exactly what got me in this mess. I'm backtracking once on bad advice, Maybe I should verify through testing output that this is indeed the case this time.
Here's the output of my SSH1 attempt from my personal server:
% ssh -1 -vvv clients_domain.com
OpenSSH_3.5p1 FreeBSD-20030924, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to clientsdomain.com [192.168.1.2] port 22.
debug1: Connection established.
debug1: identity file /home/myusername/.ssh/identity type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.8.1p1 FreeBSD-20040419
debug1: match: OpenSSH_3.8.1p1 FreeBSD-20040419 pat OpenSSH*
Protocol major versions differ: 1 vs. 2
debug1: Calling cleanup 0x804c158(0x0)
Well, that settles that. In case you wonder what the ssh -1 -vvv does, it simply passes arguments that my ssh client (my server's client software in this case) use only ssh1 and gives me very verbose feedback (more v's equals more information up to three). SSH's Manual explains in more detail.
But, I can't be sure that the SFTP client on Dreamweaver's SFTP connection is passing the data in SSH1, even though I know their server isn't taking SSH1 connections until I prove it with testing output. So:
Apr 14 14:17:57 clientserver sshd: Accepted password for imjasonn from 126.96.36.199 port 50043 ssh2
Apr 14 14:17:58 clientserver sshd: subsystem request for sftp
There you go. It clearly shows the connection using the SSH2 protocol. So, the conclusion is that Macromedia's Dreamweaver does use SFTP over SSH2 protocol.
The next interesting thing to learn would be why choosing SSH1 only in Putty gives someone an SSH2 connection. That's another article about misleading and misunderstanding GUIs.