I have a need to access my USB attached 20TB storage from the WAN and I purchased a new Asus RT-BE58U as they advertised FTP over TLS (rather than using straight FTP (which is not secure). I can conduct an SSH session to the router as it is running a cut down version of Linux:
Linux version 4.19.294 (root@asus) (gcc version 10.3.0 (Buildroot 2021.02.4)) #1 SMP PREEMPT Mon Oct 28 14:28:14 CST 2024)
and the router itself is running under firmware version: 3.0.0.6.102_37032-g8276097_968-gc6148_BB0B
I configured the Asus GUI-Administration>System>Service and enabled SSH and connection and set the SSH port to a number for a number between 1024 to 65535 as suggested in the GUI. I also enabled the Local Access Config for Authentication Method of "Both"
When I attempt to run an SFTP session using FileZilla, the session connects but after the logon credentials are passed to the server, I get disconnected. Putting FileZilla in debug mode, I see that the following (my comments in red):
Command: open "xxxxx@x.x.x.x" ***** (x'd out administrator name and gateway IP address followed by port number set in GUI-Administration>System>Service)
Trace: Looking up host "x.x.x.x" for SSH connection (x'd out local gateway IP address)
Trace: Connecting to x.x.x.x port xxxxx (x'd out administrator name and gateway IP address followed by port number set in GUI-Administration>System>Service)
Trace: We claim version: SSH-2.0-FileZilla_3.68.1
Trace: Connected to x.x.x.x (x'd out local gateway IP address)
Trace: Remote version: SSH-2.0-dropbear
Trace: Using SSH protocol version 2
Trace: Enabling strict key exchange semantics
Trace: Doing ECDH key exchange with curve Curve25519 and hash SHA-256 (SHA-NI accelerated)
Trace: Server also has ecdsa-sha2-nistp256/rsa-sha2-256/ssh-rsa host keys, but we don't know any of them
Trace: Host key fingerprint is:
Trace: ssh-ed25519 255 SHA256:Ml/xxxxxxxxxxxx/myxxxxxxxxxxxxxxxxx (x'd out for security)
Trace: CSftpControlSocket::SetAsyncRequestReply
Command: Trust new Hostkey: Once
Trace: Initialised AES-256 SDCTR (AES-NI accelerated) outbound encryption
Trace: Initialised HMAC-SHA-256 (SHA-NI accelerated) outbound MAC algorithm
Trace: Initialised AES-256 SDCTR (AES-NI accelerated) inbound encryption
Trace: Initialised HMAC-SHA-256 (SHA-NI accelerated) inbound MAC algorithm
Status: Using username "xxxxx". (x'd - I'm using my local gateway IP address)
Command: Pass: **********
Trace: Sent password
Trace: Access granted
Trace: Opening main session channel
Trace: Opened main channel
Trace: Started a shell/command
Status: Connected to x.x.x.x (x'd out - gateway IP address returned)
Trace: Got eof from child process (child process appears to be the culprit)
Trace: CControlSocket::ResetOperation(66)
Trace: CSftpConnectOpData::Reset(66) in state 3
Error: Could not connect to server
"Got eof from child process" means that the session unexpectedly closed, often due to issues with the server's SFTP subsystem or configuration. It may also suggest that the server is not properly handling the session or that there are network-related problems.
Thinking that maybe the drive might not have been mounted, I ssh'd into the router's console and ran a df command and found by USB drive was mounted:
/dev/sda1 15625844732 8245319364 7380525368 53% /tmp/mnt/Elements
Also the Linux SAMBA service on the router is apparently running correctly because I can see the drive on my Windows-based systems, but I have not attempted to mount the USB drive on my Linux systems yet.
I have a call into Asus support and they have escalated this issue but have not yet spoken to anyone from Asus who knows about their SFTP (FTP over TLS) . So, I thought I'd post in this community chat to see if anyone may have attempted SFTP to the Asus USB-attached storage?
