Ask a Question

Tiny SFTP Server - Error while initializing subsystem (): The 'shell' subsystem is not enabled.

0 votes
by (120 points)

Using the default settings, version 1.0.5 of Tiny SFTP Server, there is an issue whenever the user tries to connect, which says the 'shell' subsystem is not enabled.

Full log:
Log level changed to Debug.
Binding SFTP server to port 22...
Starting...
13:35:34.738 Info Server: Starting server.
13:35:34.738 Info Server: Listening for connections at 0.0.0.0:22.
13:35:34.738 Info Server: Server started.
SFTP server has started and is ready to accept connections.
13:37:23.738 Debug Server: Accepted connection from 192.168.56.1:57160.
13:37:23.754 Info Server: Session 1: Started on connection from 192.168.56.1:57160.
13:37:23.754 Debug SSH: Session 1: Local SSH version: SSH-2.0-RebexSSH1.0.5.25508
13:37:23.769 Debug SSH: Session 1: Remote SSH version: SSH-2.0-OpenSSHforWindows7.7
13:37:23.769 Debug SSH: Session 1: Performing algorithm negotiation and key exchange.
13:37:23.894 Debug SSH: Session 1: Performing key exchange using diffie-hellman-group-exchange-sha256 with rsa-sha2-512.
13:37:24.269 Debug SSH: Session 1: Current encryptor is aes128-ctr/hmac-sha2-256.
13:37:25.831 Debug SSH: Session 1: Current decryptor is aes128-ctr/hmac-sha2-256.
13:37:25.831 Debug SSH: Session 1: Key exchange finished.
13:37:25.895 Debug SSH: Session 1: Performing authentication.
13:37:25.895 Debug SSH: Session 1: Starting authentication as 'tester' for 'ssh-connection'.
13:37:29.285 Info Server: Session 1: Authentication for 'tester' succeeded.
13:37:29.301 Debug SSH: Session 1: Authenticated as 'tester' for 'ssh-connection'.
13:37:29.316 Debug Server: Session 1: Rejected 'shell' subsystem.
13:37:29.316 Error SSH: Session 1: Error while initializing subsystem (): The 'shell' subsystem is not enabled.
13:37:29.316 Info SSH: Session 1: Connection reset by peer.
13:37:29.331 Info Server: Session 1: Closed connection from 192.168.56.1:57160.

This was tried using Windows Server 2016 as well as Windows Server 2012 R2.

Are there any additional configuration properties or libraries that need to be installed first to have this working?

Applies to: Rebex SFTP, Rebex Terminal Emulation

1 Answer

0 votes
by (2.0k points)

Hi,

Tiny SFTP Server does not allow shell subsystem, only SFTP connections. You can try our Buru SFTP Server which has some SSH shell functionality (see the docs for details). Please note that it is only an emulated shell, nowhere close to what real Linux SSH shell offers - the major difference being you have to specify which commands will be supported as there are only few built-in commands available.

by
Dobry den Lukasi,
This seems to be a default behavior of a recent Cisco IOS to request 'shell' subsystem functionality for an scp transfer - even it has nothing to use shell for. See the below logs where I've tried to simply transfer a file to and from an IOS device to Tiny SFTP. Possibly it's a way how IOS transfers a file (exec command...?)

Upload from an IOS device to server:
12:26:07.091 Info Server: Session 1: Started on connection from .....:16034.
12:26:10.754 Info Server: Session 1: Authentication for 'tac' succeeded.
12:26:10.801 Error SSH: Session 1: Error while initializing subsystem (, scp -v -t isr4400-universalk9.17.06.03a.SPA.bin): The 'shell' subsystem is not enabled.
12:26:10.816 Info SSH: Session 1: Connection closed by the remote host.
12:26:10.854 Info Server: Session 1: Closed connection from ...:16034.

Download from server to an IOS device with debug enabled:
12:30:17.944 Debug Server: Accepted connection from ...:25338.
12:30:17.944 Info Server: Session 2: Started on connection from 10.240.4.76:25338.
12:30:17.959 Debug SSH: Session 2: Local SSH version: SSH-2.0-RebexSSH_5.0.8062.0
12:30:17.975 Debug SSH: Session 2: Remote SSH version: SSH-2.0-Cisco-1.25
12:30:17.991 Debug SSH: Session 2: Performing algorithm negotiation and key exchange.
12:30:18.006 Debug SSH: Session 2: Performing key exchange using ecdh-sha2-nistp256 with rsa-sha2-512.
12:30:18.025 Debug SSH: Session 2: Cipher info: SSH 2.0, ecdh-sha2-nistp256, rsa-sha2-512, aes128-ctr/aes128-ctr, hmac-sha2-256-etm@openssh.com/hmac-sha2-256-etm@openssh.com
12:30:18.028 Debug SSH: Session 2: Key exchange finished.
12:30:18.044 Debug SSH: Session 2: Performing authentication.
12:30:18.059 Debug SSH: Session 2: Starting authentication as 'tac' for 'ssh-connection'.
12:30:20.629 Info Server: Session 2: Authentication for 'tac' succeeded.
12:30:20.629 Debug SSH: Session 2: Authenticated as 'tac' for 'ssh-connection'.
12:30:20.660 Debug SSH: Session 2: Received SSH_MSG_CHANNEL_REQUEST: exec('scp -v -f testfile.txt').
12:30:20.660 Debug Server: Session 2: Rejected 'shell' subsystem.
12:30:20.675 Error SSH: Session 2: Error while initializing subsystem (, scp -v -f testfile.txt): The 'shell' subsystem is not enabled.
12:30:20.691 Info SSH: Session 2: Connection closed by the remote host.
12:30:20.691 Info Server: Session 2: Closed connection from ...

This unfortunately limits Tiny SFTP usability for this use case.
By any chance can be considered adding a "dummy" shell support even to this product?

Thank you.
by
Well, for everyone's benefit. The key is to use from an IOS device sftp protocol, not scp protocol.

Following will work:
copy sftp://.../testfile.txt bootflash:

Following fails:
copy scp://.../testfile.txt bootflash:

Thank you guys for creating this software.
by (73.5k points)
Yes, this is the cause of the issue. The Rebex Tiny SFTP Server does not support SCP at the moment.
However, we are going to add support for SCP in a future version. I will post here a notification when support for SCP is released.
...