WinSCP : Cannot initialize SFTP protocol. Is the host running an SFTP server?

Question

I can edit all the files using WinSCP on my server using root, but for security, I disabled root on my Ubuntu server and now have a problem using an admin user or sudo <user> to edit files/folders via chmod 755.

I changed WinSCP's Protocol Option (Advanced... Environment SFTP server ) to the following and received the below error:
```
sudo su -c /bin/sftp-server
```
```
 Cannot initialize SFTP protocol. Is the host running an SFTP server?
```

Is there any way to resolve this problem or do I have to enable/disable root every time in my server?

Log:

16:41:33.348 --------------------------------------------------------------------------
16:41:33.348 WinSCP Version 5.17.6 (Build 10516) (OS 10.0.17763 - Windows 10 Enterprise LTSC 2019)
16:41:33.348 Configuration: HKCU\Software\Martin Prikryl\WinSCP 2\
16:41:33.348 Log level: Normal
16:41:33.348 Local account: DESKTOP-LDVV9BM\Ehsan
16:41:33.348 Working directory: C:\Program Files (x86)\WinSCP
16:41:33.348 Process ID: 2672
16:41:33.348 Command-line: "C:\Program Files (x86)\WinSCP\WinSCP.exe"
16:41:33.348 Time zone: Current: GMT+4:30, Standard: GMT+3:30 (Iran Standard Time), DST: GMT+4:30 (Iran Daylight Time), DST Start: 3/21/2020, DST End: 9/20/2020
16:41:33.348 Login time: Monday, June 22, 2020 4:41:33 PM
16:41:33.348 --------------------------------------------------------------------------
16:41:33.348 Session name: ehsan1362@192.168.67.134 (Site)
16:41:33.348 Host name: 192.168.67.134 (Port: 22)
16:41:33.348 User name: ehsan1362 (Password: No, Key file: No, Passphrase: No)
16:41:33.348 Tunnel: No
16:41:33.348 Transfer Protocol: SFTP
16:41:33.348 Ping type: Off, Ping interval: 30 sec; Timeout: 15 sec
16:41:33.348 Disable Nagle: No
16:41:33.348 Proxy: None
16:41:33.352 Send buffer: 262144
16:41:33.352 SSH protocol version: 2; Compression: No
16:41:33.352 Bypass authentication: No
16:41:33.352 Try agent: Yes; Agent forwarding: No; TIS/CryptoCard: No; KI: Yes; GSSAPI: Yes
16:41:33.352 GSSAPI: Forwarding: No; Libs: gssapi32,sspi,custom; Custom:
16:41:33.352 Ciphers: aes,chacha20,blowfish,3des,WARN,arcfour,des; Ssh2DES: No
16:41:33.352 KEX: ecdh,dh-gex-sha1,dh-group14-sha1,rsa,WARN,dh-group1-sha1
16:41:33.352 SSH Bugs: Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto
16:41:33.352 Simple channel: Yes
16:41:33.352 Return code variable: Autodetect; Lookup user groups: Auto
16:41:33.352 Shell: sudo su -
16:41:33.352 EOL: LF, UTF: Auto
16:41:33.352 Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes; Follow directory symlinks: No
16:41:33.352 LS: ls -la, Ign LS warn: Yes, Scp1 Comp: No; Exit code 1 is error: No
16:41:33.352 SFTP Bugs: Auto,Auto
16:41:33.352 SFTP Server: sudo su -c /bin/sftp-server
16:41:33.352 Local directory: C:\Users\Ehsan\Desktop, Remote directory: /, Update: Yes, Cache: Yes
16:41:33.352 Cache directory changes: Yes, Permanent: Yes
16:41:33.352 Recycle bin: Delete to: No, Overwritten to: No, Bin path:
16:41:33.352 DST mode: Win
16:41:33.352 --------------------------------------------------------------------------
16:41:33.412 Looking up host "192.168.67.134" for SSH connection
16:41:33.412 Connecting to 192.168.67.134 port 22
16:41:33.436 We claim version: SSH-2.0-WinSCP_release_5.17.6
16:41:33.436 Remote version: SSH-2.0-OpenSSH_8.2p1 Ubuntu-4
16:41:33.436 Using SSH protocol version 2
16:41:33.436 Have a known host key of type ssh-ed25519
16:41:33.440 Doing ECDH key exchange with curve Curve25519 and hash SHA-256
16:41:33.514 Server also has ecdsa-sha2-nistp256/ssh-rsa host keys, but we don't know any of them
16:41:33.514 Host key fingerprint is:
16:41:33.514 ssh-ed25519 255 b9:6f:37:38:99:fc:e4:f6:84:3c:88:64:20:cf:43:36 qtGAL1C/LIGDwsC/YoXlDtU/7VxgnuQTLPXT4lwj6fE=
16:41:33.542 Host key matches cached key
16:41:33.542 Initialised AES-256 SDCTR (AES-NI accelerated) outbound encryption
16:41:33.542 Initialised HMAC-SHA-256 outbound MAC algorithm
16:41:33.542 Initialised AES-256 SDCTR (AES-NI accelerated) inbound encryption
16:41:33.542 Initialised HMAC-SHA-256 inbound MAC algorithm
16:41:33.542 Using username "ehsan1362".
16:41:33.572 Server offered these authentication methods: publickey,password
16:41:33.572 Prompt (password, "SSH password", <no instructions>, "&Password: ")
16:41:36.915 Sent password
16:41:36.926 Access granted
16:41:36.926 Opening main session channel
16:41:37.297 Opened main channel
16:41:37.297 Started a shell/command
16:41:37.332 --------------------------------------------------------------------------
16:41:37.332 Using SFTP protocol.
16:41:37.332 Doing startup conversation with host.
16:41:37.348 Type: SSH_FXP_INIT, Size: 5, Number: -1
16:41:37.348 sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper
16:41:37.348 Session sent command exit status 1
16:41:37.348 Main session channel closed
16:41:37.348 All channels closed
16:41:37.348 Attempt to close connection due to fatal exception:
16:41:37.348 **Connection has been unexpectedly closed.** Server sent command exit status 1.
16:41:37.348 Closing connection.
16:41:37.375 (EFatal) **Connection has been unexpectedly closed.** Server sent command exit status 1.
16:41:37.375 Cannot initialize SFTP protocol. Is the host running an SFTP server?

@ehsan_kabiri_33 Have you tried the connection via SCP (Session File Protocol), which does support sudo passphrase support IIRC? To piggyback on Martin's answer, SSH is most efficient and secure when using keys (preferably passphrase protected), adding the public key to the remote user's ~/.ssh/authorized_keys. (Also, please don't direct link files, instead placing their content within a code box; if the content exceeds the character limit, please use PasteBin and link to that.) — JW0914, Jun 22 '20 at 12:58

Martin Prikryl · Answer 1 · 2020-06-26T07:05:15.627

2

Your log file says:

sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper

WinSCP cannot prompt you for a sudo password. That's technically nearly impossible with SFTP protocol (or SCP).

If you want to use sudo with WinSCP, you cannot require password prompt.

See WinSCP FAQ How do I change user after login?

edited Jun 26 '20 at 07:05

answered Jun 22 '20 at 12:31

Martin Prikryl

22,271

@ehsan_kabiri_33 Since SCP doesn't support sudo in the manner it's meant to be utilized, a workaround would be to use a normal terminal (PuTTY, Win32-OpenSSH, etc.) when needing to execute sudo commands. WinSCP natively supports this via CTRL+P (Commands → Open in PuTTY) , which will open the session in PuTTY as well – JW0914 Jun 26 '20 at 11:48

score 0 · Answer 2 · answered Oct 13 '22 at 13:26

I had similar issue, and I solved it after a few hours of troubleshooting like this way:

Go to Options / Preferences
Select the Background menu under the Transfer
Uncheck the "Transfer on background by default"
Press OK

After that it worked for me.

score -1 · Answer 3 · answered Apr 30 '21 at 18:59

-1

sorry if I bring up this topic, for two days I could not get the same on my vcenter server, having root rights I received the error "Cannot initialize SFTP protocol. Is the host running an SFTP server". For me, everything was decided by enabling bash for the account, maybe this will help someone, found the information here.

answered Apr 30 '21 at 18:59

Ivan Semin

1

1

Please give more information than a link. – Charles Kenyon Apr 30 '21 at 19:43

score -1 · Answer 4 · answered Jul 26 '22 at 10:35

I had same issue. Added the path to the OpenSSH directory to the Path environment variable (System Properties -> Advanced tab -> Environment Variables -> Select and edit the Path system variable -> Add the path to the OpenSSH folder). Works for me.

WinSCP : Cannot initialize SFTP protocol. Is the host running an SFTP server?

4 Answers4