guacamole-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Richard Gallamore (JIRA)" <>
Subject [jira] [Commented] (GUACAMOLE-379) SFTP put requests fail on rdp and SFTP server
Date Wed, 13 Sep 2017 03:42:00 GMT


Richard Gallamore commented on GUACAMOLE-379:

Ah, yeah I failed to mention that, when guacd is started in trace log_level, there are no
errors provided.

I actually finally wised up and checked the browser console and noticed I am receiving  http
error 413. Guacamole is also running on tomcat8 behind nginx which I suspect must be the issue.
I am using the following configuration:

http    {   

include                         mime.types;

types {
        text/plain      log;
default_type                    application/octet-stream;

sendfile                        on; 
keepalive_timeout               65; 

# don't send the nginx version number in error pages and Server header
server_tokens                   off;
add_header X-XSS-Protection     "1; mode=block";

ssl_session_cache               shared:SSL:10m;
ssl_session_timeout             1d; 
ssl_session_tickets             off;
ssl_prefer_server_ciphers       on; 
ssl_protocols                   TLSv1.2;
ssl_ciphers                     "EECDH+AES256GCM:EDH+AES256GCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve                  P-521:P-384;
ssl_dhparam                     /usr/local/etc/ssl/keys/dhparams_4096.pem;
ssl_stapling                    on; 
ssl_stapling_verify             on; 

resolver                        private;
resolver_timeout                5s; 

add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
server  {
        listen          80;
#       listen          [::]:80;
        return 301 https://$host$request_uri;
server  {
        listen          443 default_server ssl http2;
#       listen          [::]:443 default_server ssl http2;
        root            /usr/local/www/nginx;
        index           index.php index.htm index.html;

        ssl_certificate         omitted;
        ssl_certificate_key     omitted;
        ssl_trusted_certificate omitted;

        error_page      500 502 503 504 /50x.html;
        location = 50x.html {
                root   /usr/local/www/nginx-dist;
...REMOVED more irrelevant code...
location /guacamole {
                add_header X-Frame-Options "";
#               proxy_set_header X-Forwarded-Host $host:$server_port;
#               proxy_set_header X-Forwarded-Server $host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection $http_connection;
                proxy_pass http://private:8080/guacamole;
                proxy_buffering off;
                proxy_http_version 1.1;
                access_log off;

> SFTP put requests fail on rdp and SFTP server
> ---------------------------------------------
>                 Key: GUACAMOLE-379
>                 URL:
>             Project: Guacamole
>          Issue Type: Bug
>          Components: guacamole
>    Affects Versions: 0.9.13-incubating
>         Environment: FreeBSD Current r323109 using 11-STABLE r323103 user land. ZFS file
>            Reporter: Richard Gallamore
> Currently I have attempted to use SFTP with a few different configurations. Most if not
90% of all the configurations I have attempted fail with:
> {quote}
> You do not have permission to upload this file. If you require access, please check your
system settings, or check with your system administrator.
> {quote}
> sshd_config: all defaults with this conditional
> {code:none}
> Match User guacamole
> ChrootDirectory /home/guacamole
> X11Forwarding no
> AllowTcpForwarding no
> ForceCommand internal-sftp
> AuthenticationMethods publickey #,keyboard-interactive # using both Methods will fail
> {code}
> This is not a permissions issue,
> {code:none}
> # ls /home/guacamole/home/guacamole
> # echo "put -p /home/guacamole/a /home/guacamole" | sftp -P22 
> Enter passphrase for key '/root/.ssh/id_rsa':                                       
> Connected to                                                           
> sftp> put -p /home/guacamole/a /home/guacamole                                   
> Uploading /home/guacamole/a to /home/guacamole/a                                    
> /home/guacamole/a
> # ls /home/guacamole/home/guacamole
> a
> {code}
> Have also tested using rdp drive option and received mostly the same results. Randomly
it will work on some files but I have not been able to figure out why. Does not seem to be
related to filename or size.

This message was sent by Atlassian JIRA

View raw message