SFTP client connection fails using hostname

perissf

8/2/23, 10:31 AM

I have configured a debian server, hosting a website, for FTPS access using vsftpd. Port 22, SSL enabled. When testing the connection with FileZilla, I successfully connect if I put the server's IP address in the host field. If I put the wesbsite's hostname, it fails. The server is under a private router with dynamic IP. Therefore, I am using a dynamic DNS service provided by Dynu DNS (my internet provider gives me the possibility to connect the router to Dynu, in order to let the router inform Dynu when the IP has changed). DNS records in Dynu are the A record, updated by my router, and the AAAA record (updated by Dynu).

Hostname	Type	Data
*.myhostname	A	12.34.567.89
*.myhostname	AAAA	[IPv6 address]

And in FileZilla:

Host	Connection Status	FileZilla logs
12.34.567.89	Success	Command: open "[email protected]" 22 Trace: Looking up host "12.34.567.89" for SSH connection Trace: Connecting to 12.34.567.89 port 22
myhostname	Failed	Command: open "username@myhostname" 22 Trace: Looking up host "myhostname" for SSH connection Trace: Connecting to [IPv6 address] port 22

0 + 0

domain-name-system

debian

ftp

dynamic-dns

vsftpd

Patrick Mevzek

8/2/23, 8:41 PM

`12.34.567.89` is not an IPv4 address.

perissf

8/3/23, 7:26 AM

@PatrickMevzek thanks for your precious comment... and if the IPv4 were a fake?

Patrick Mevzek

8/3/23, 7:42 PM

You are welcome. Please read RFC 5737. Or just improve your question substantially by giving the real name and IP involved instead of bad and useless obfuscation.

Score:0

Server

Rob

8/2/23, 2:07 PM

Too long to comment and possibly completely wrong, but:

It looks like the problem is not related to your hostname but more the difference between accessing your system over IPv4 versus IPv6.

It also seems that you're using port forwarding or something similar to expose port 22. That is needed when your server uses an RFC 1918 private use IPv4 address and your router performs NAT.

With a correct IPv6 setup though your server has a globally unique and routable IPv6 address and you don't do NAT. And after granting access in your firewall, you should be able to access the server directly by its own IPv6 address, rather than by the IPv6 address of the router. That means that you should also register the server's IPv6 address, rather than your routers IPv6 address with the dynamic dns provider.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: SFTP client connection fails using hostname

TH: การเชื่อมต่อไคลเอนต์ SFTP ล้มเหลวโดยใช้ชื่อโฮสต์

RO: Conexiunea clientului SFTP eșuează folosind numele gazdă

RU: Сбой подключения клиента SFTP с использованием имени хоста

VI: Kết nối máy khách SFTP không thành công khi sử dụng tên máy chủ

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.