It's been a while since the last upgrade and I've skipped some versions, so forgive me if I missed something in the announcements.

I've been using scp to copy over backups from Mikrotik to the host machine on a daily basis. After the upgrade it stopped working with the following error:

exec request failed on channel 0

which after some googling revealed that sftp server might be missing.

Were there any changes in the latest build that might have affected sftp? I've got 2 routers with different configs, both give the same error when trying to scp files from them.

Bump. Anyone?

Interestingly using sftp with password works without any problems. Here's the bit from the verbose output:

debug2: channel 0: request env confirm 0
debug1: Sending command: scp -v -f /backup.bak
debug2: channel 0: request exec confirm 1
debug2: fd 3 setting TCP_NODELAY
debug2: callback done
debug2: channel 0: open confirm rwindow 2621440 rmax 262144
debug2: channel_input_status_confirm: type 100 id 0
exec request failed on channel 0

I have that problem too.
I tried to upgrade to 6.34.1 but it doesn't solved.

I may have a similar issue. I have backups copied by ftp(not sftp) each week. Today's ftp job failed for all routers v6.34 and above. Routers below v6.34 still work. My backup utility(Cobian Backup) says:

2016-02-12 15:15 The user "ftp" has initiated a session on "1.2.3.4:21"
2016-02-12 15:15 The remote directory has been changed to "/"
2016-02-12 15:15 Downloading the remote directory "/" to "C:\Users\tempuser\AppData\Local\Temp\Root directory"
ERR 2016-02-12 15:15 Couldn't get the remote directory list: 'LIST': not enough permissions

When I try to ftp with a command line in Windows, I get similar:

C:\Users\tempuser>ftp
ftp> open 1.2.3.4
Connected to 1.2.3.4.
220 Mikrotik FTP server (MikroTik 6.34.1) ready
User (1.2.3.4:(none)): ftp
331 Password required for ftp
Password:
230 User ftp logged in
ftp> get log.0.txt
200 PORT command successful
550 'RETR': not enough permissions
ftp>

Looking at the v6.34 changelog, maybe it's this?

ssh, ftp - make read, write user group policy aware

But is this a bug or is there a workaround?

You found the answer. If your ftp or ssh user belongs to group with just ftp/ssh policy, it won't be able to do anything useful. Add read and write as needed and problem solved. Also sensitive seems to be required if you want to access *.backup.

Read policy was what was required. I would assume the write policy would be required if I wanted to use ftp put command, but I am only getting backups.

My mistake. I had already set up the group with ftp and sensitive policy. I thought I had enabled all policies for the group the user belongs to during my testing to confirm the permissions issue, but I must have missed something.

So, as of 6.34, read and/or write policy is now also required.

Thanks!

Amazing! Thanks for the find!

Here's the full policy needed to get it: ssh,ftp,read,write,sensitive

I used an user with full permissions but it didn't work. Now I upgraded to version 6.34.2 and my problem was solved.