Thanks a lot for your report!

I've failed to reproduce this problem myself, so can I ask you to provide us with more details on how to go ahead and repeat this. Preferably with a command line or a stand-alone program we can run from our ends against a public URL to trigger the problem?

Also: please tell us the full curl -V output, as the SSH library and version you use is is probably relevant here.

from curl.

when we transfer file using SFTP cmd: "sftp://10.68.196.198:22/OMSFTPVerify.testfile -> /tmp/OMSFTPVerify.testfile", its showing error in curl : "Access denied to remote resource(9)".

This the curl -v output
[root@CLA-0(OMS-857) /root]

curl -V

curl 8.7.1 (x86_64-pc-linux-gnu) libcurl/8.7.1 OpenSSL/3.0.7 zlib/1.2.11 brotli/1.0.9 zstd/1.5.1 libidn2/2.3.0 libssh2/1.11.0
Release-Date: 2024-03-27
Protocols: dict file ftp ftps gopher gophers http https ipfs ipns mqtt rtsp scp sftp smb smbs telnet tftp
Features: alt-svc AsynchDNS brotli HSTS HTTPS-proxy IDN IPv6 Largefile libz NTLM SSL threadsafe TLS-SRP UnixSockets zstd

let us know if you required any information and aslo how could it be fixed.

Thanks,

from curl.

"Access denied to remote resource(9)".

So there's a SSH authentication problem. What method are you using?

from curl.

we are using password authentication method for SSH authentication.

from curl.

We need more in order to help. curl returns an error because your are denied access. That's not a curl bug.

from curl.

Hello, Any inputs or query required, let us know how to check further

from curl.

Hi we have try sftp alone in our machine its working, see the logs

sftp -v [email protected] <<EOF

put /root/prabhat/test /root/sankar
exit
EOF
OpenSSH_8.7p1, OpenSSL 3.0.7 1 Nov 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug1: configuration requests final Match pass
debug1: re-parsing configuration
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug1: Connecting to 10.68.196.252 [10.68.196.252] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa_sk type -1
debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_ed25519_sk type -1
debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.7
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.7
debug1: compat_banner: match: OpenSSH_8.7 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 10.68.196.252:22 as 'root'
debug1: load_hostkeys: fopen /root/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: aes256-ctr MAC: [email protected] compression: none
debug1: kex: client->server cipher: aes256-ctr MAC: [email protected] compression: none
debug1: kex: curve25519-sha256 need=32 dh_need=32
debug1: kex: curve25519-sha256 need=32 dh_need=32
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-rsa SHA256:TfxUZ9NKhWLf0+duRkKs7uibahM/eZ2qbUQ61ghebck
debug1: load_hostkeys: fopen /root/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '10.68.196.252' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: ssh_packet_send2_wrapped: resetting send seqnr 3
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: ssh_packet_read_poll2: resetting read seqnr 3
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: /root/.ssh/id_rsa
debug1: Will attempt key: /root/.ssh/id_dsa
debug1: Will attempt key: /root/.ssh/id_ecdsa
debug1: Will attempt key: /root/.ssh/id_ecdsa_sk
debug1: Will attempt key: /root/.ssh/id_ed25519
debug1: Will attempt key: /root/.ssh/id_ed25519_sk
debug1: Will attempt key: /root/.ssh/id_xmss
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,[email protected],ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected]>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/id_rsa
Authenticated to 10.68.196.252 ([10.68.196.252]:22) using "publickey".
debug1: pkcs11_del_provider: called, provider_id = (null)
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: pledge: filesystem full
debug1: client_input_global_request: rtype [email protected] want_reply 0
debug1: client_input_hostkeys: searching /root/.ssh/known_hosts for 10.68.196.252 / (none)
debug1: client_input_hostkeys: searching /root/.ssh/known_hosts2 for 10.68.196.252 / (none)
debug1: client_input_hostkeys: hostkeys file /root/.ssh/known_hosts2 does not exist
debug1: client_input_hostkeys: no new or deprecated keys from server
debug1: Remote: /root/.ssh/authorized_keys2:2: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug1: Sending subsystem: sftp
debug1: Using server download size 261120
debug1: Using server upload size 261120
debug1: Server handle limit 1019; using 64
Connected to 10.68.196.252.
sftp> put /root/prabhat/test /root/sankar
Uploading /root/prabhat/test to /root/sankar/test
test 100% 4 9.9KB/s 00:00
sftp> exit
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 2864, received 3572 bytes, in 0.1 seconds
Bytes per second: sent 55740.9, received 69520.4
debug1: Exit status 0

And same way we tried with sftp curl its not working. see the logs below

curl -v -T /root/prabhat/test sftp://[email protected]/root/sankar
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 10.68.196.252:22...

• Connected to 10.68.196.252 (10.68.196.252) port 22
• Found host 10.68.196.252 in /root/.ssh/known_hosts
• Set "rsa-sha2-256,rsa-sha2-512,ssh-rsa" as SSH hostkey type
• SSH MD5 public key: NULL
• SSH SHA256 public key: NULL
• SSH host check: 0, key: AAAAB3NzaC1yc2EAAAADAQABAAABAQCeDnda33/11d2fOH6GWolL/UhcJaPU+NJIiAw4LrJZNOPRfS+6eV9sJvVE7rFnPLR+pjHxGZ/53Ky0DSIEONinVIfMKd26RHt4/mFzcozum8tv5hCE+ag+b/KqrgDHwmx6xxM4+t3AzRecgrNM/9SXDLwBAQanpdHuNrcfsissXnNBWNFvLxYCznFYQySVA1Wl9e+A3b5ROoqfvuDWt0acMJIzD87gkEmFQ2U2pptqel2ehrV8ZnyqF1XVacG6FJYU4dwYN7pinPKteZVfE3XcO+mK28VVZB1i0e299JR7QRsMttKZ1D0Jy2wmjt/nKcyuSPIcqe5XWzSdYgsGT0/l
• SSH authentication methods available: publickey,password,keyboard-interactive
• Using SSH private key file '/root/.ssh/id_rsa'
• Initialized SSH public key authentication
• Authentication complete
• Upload failed: Operation failed (4/-31)
  0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
  0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
• Connection #0 to host 10.68.196.252 left intact
  curl: (79) Upload failed: Operation failed (4/-31)

so with curl sftp only its not working in our machine.
let us know how we can configure curl to work sftp

from curl.

The original issue was about an authentication problem, but this last log shows authentication working, but the upload failing. I'm not able to reproduce this using curl and libssh2 from head writing a 261120 byte file to a OpenSSH 9.3 server.

from curl.

actually we are using curl api functions like curl_easy_setopt and curl_easy_perform functions to transfer the file using SFTP.
so its giving error when we transfer as "curlError: Access denied to remote resource(9)" in rhel9 system.

We are trying the same operation with FTP, HTTP and SFTP. All the setopt are same, and with curl_easy_perform FTP.HTTP is success and SFTP is failing. Snapshot from logs is:

The value of ulr with encode ftp://[2a00:8a00:8000:147:0:4:196:252]:21/OMSFTPVerify.testfile
FTP :WORKING (should be enabled) :OK

The value of ulr with encode sftp://[2a00:8a00:8000:147:0:4:196:252]:22/OMSFTPVerify.testfile
SFTP :NOT WORKING (should be enabled) :FAILED (Here it is returning error code 9 which states Access Denied)

The value of ulr with encode http://[2a00:8a00:8000:147:0:4:196:252]:80/OMSFTPVerify.testfile
HTTP :WORKING (should be enabled) :OK

In above snapshot, you can see that only the protocol type and port number are changed. Not sure why curl_easy_perform is saying access denied. We are using password authentication method here.

from curl.