Your best friend for file transfer.Fetch
Can't connect over SFTP ... Unsupported option KerberosGetAFSToken (2 posts)
- Started 4 years ago by Bob
- Latest reply 4 years ago from Scott McGuire
I am trying to help a couple of Mac users connect to a Mac OS X Server over SFTP using Fetch. I can connect fine from every machine I try; however, every time one of these two users try to connect, they get an error from Fetch stating:
"SFTP connection to <servername> could not be opened because the connection to the SFTP server could not be established or was lost."
I've tried deleting and readding their accounts on the server but the issue persists, so now I am thinking it must be something Fetch is doing, because they say they can connect fine from a Windows machine in the same location using WinScp.
Here's what I see on the server, when they try to connect and fail:
/etc/sshd_config line 74: Unsupported option KerberosGetAFSToken
Scott McGuire Administrator
The first thing we'd like to do is make sure this isn't some other problem entirely; the "Unsupported option KerberosGetAFSToken" error message on the server may be a red herring.
As you may know, each SFTP server has an "SSH host key" that enables secure transfers. When you connect to an SFTP server, Mac OS X stores that server's key for future use. If the server's key changes and no longer matches the one stored on your Macintosh, this could indicate a security problem. Some programs ignore the error; Fetch instead refuses to make the connection. (Fetch should give a better error message in this case; we are planning to improve that in the next release.)
One common cause of certain computers not being able to connect via SFTP when others can is that the users with a problem connecting have an out of date host key.
Could you ask one of the users who is having a problem to try the following instructions to clear their Mac's store of SSH keys, so that they'll get a fresh key from the server?
* In Fetch, choose Fetch Help from the Help menu.
* In the help window, search for "known hosts".
* Double-click on the "RSA host key differs warning" help topic (it should be the one at the top of the list).
* A help topic opens in the help window.
* Scroll down to the "Delete the known_hosts file for me" link.
* Click the link, and follow the instructions.
Once that's done, they should try connecting again.
If that fixes the problem for the first user, ask the other users to try it.
Please let us know how it goes, either way.
- Page 1