After performing the hardening on the VLC, the sftp agent cannot connect to the VLC.
On sftp agent, running psftp command produces following error:
C:\sasftpagent>psftp -i private.ppk -l sftp -v x.x.x.x
Looking up host "x.x.x.x"
Connecting to x.x.x.x port 22
Server version: SSH-2.0-OpenSSH_5.3
Using SSH protocol version 2
We claim version: SSH-2.0-PuTTY_Local:_Aug_13_2014_15:13:55
Doing Diffie-Hellman group exchange
Doing Diffie-Hellman key exchange with hash SHA-256
Host key fingerprint is:
ssh-rsa 2048 f6:a4:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:18
Initialised AES-256 SDCTR client->server encryption
Initialised HMAC-SHA1 client->server MAC algorithm
Initialised AES-256 SDCTR server->client encryption
Initialised HMAC-SHA1 server->client MAC algorithm
Reading private key file "private.ppk"
Using username "sftp".
Offered our public key null
Offered public key
Offer of public key accepted
Authenticating with public key "rsa-key-20160610"
Sent public key signature
Opening session as main channel
Opened main channel
Started a shell/command
Connected to x.x.x.x
Fatal: Received unexpected end-of-file from SFTP server
The SSH debug log /var/log/secure shows following error: ............................
VLC sshd: pam_unix(sshd:account): expired password for user sftp (root enforced)
VLC sshd: debug3: PAM: sshpam_store_conv called with 1 messages
VLC sshd: debug3: PAM: do_pam_account pam_acct_mgmt = 12 (Authentication token is no longer valid; new one required)
VLC sshd: debug3: channel 0: close_fds r -1 w -1 e -1
VLC sshd: debug3: Wrote 88 bytes for a total of 4269
VLC sshd: debug1: Received SIGCHLD.
The trace log "pam_unix(sshd:account): expired password for user sftp (root enforced)" indicates that the password for user sftp need reset. So you must reset the password for sftp account on the VLC as follows: 1. SSH to VLC using a normal user account(After hardening, super user access to a host through SSH is blocked).
2. Switch to root account with command "su -" and provide root's password, or switch to root account with command "sudo su -" and provide normal user's password.