Dave Glover

Issues with setting up SFTP agent collection

Discussion created by Dave Glover Employee on Sep 17, 2020

Lately I have been using the sftpagent quite a bit for moving log files to NetWitness.  I have been running into the same issue on installs recently.

 

The issue happens on the first sftpagent agent connection to a log collector.

 

After installing the agent and creating a ssh key you need to run the following command to accept the log collector host key

 

psftp -i private.ppk -l sftp -v log_collector_IP_address

 

When that command runs it connects to the log collector and stores the host key. 

 

After accepting the key and storing it you get the following error:

 

 

 

In checking the 'secure' log on the log collector you see:

 

 

The issue is that the 'sftp' account has expired.  You need to change the password in order to activate the account.

 

This is done my issuing the following command

 

passwd sftp

 

You will then be prompted to change the password.  It does not matter what password you pick, although it should be  documented.  The sftpagent uses certificate authentication vs password auth, which is why it does not matter what you set the password to.

 

Once this is done you can rerun the "psftp -i private.ppk -l sftp -v log_collector_IP_address" command

 

You should see the following:

 

 

Once you see the "Access granted" line, you are good to continue setting up the sftpagent config.

 

Thanks

 

Dave

 

 

 

Outcomes