Fedora Servers :: 9 - ACl And Chrooted SFTP
Mar 17, 2009
i'm on 9, x86_64, and have successfully created chrooted SFTp users following this [URL] tutorial. however, i need to get into the sftp account programmatically to move and delete the deposited files. so i enabled ACL and set setfacl -R -m u:$USER:rwx,d:u:$USER:rwx /home/$SFTPUSER
this works well EXCEPT that now the sftp user cannot log in. the latter, of course, is the problem at hand! it's driving me crazy. as soon as i remove the acl and revert back to the plain old chmod/chown scheme, the sftp user can log in ... but i can't delete files in the sftp account. i tried to set facl to the sftp group ('jailed') but to no avail.
View 1 Replies
ADVERTISEMENT
Sep 3, 2009
I'm trying to set up a Fedora 11 server so that users have only SFTP access. The relevant lines from my "/etc/ssh/sshd_config" are:
[Code]....
I can log in okay, I can type "cd /" and "cd upload", but when I try an "ls" command, I get: Couldn't get handle: Permission deniedand when I try to get the file "junk" (listed above), I get: Couldn't stat remote file: Permission deniedAnyone know what I'm doing wrong?
View 2 Replies
View Related
Apr 13, 2011
i have a vsftpd server running well but i want to make/force all users to use sftp and not just ftp is this possible?
View 1 Replies
View Related
Jul 21, 2011
I'm trying to get ChrootDirectory working with SFTP. I understand the chroot directory is not writable by the user, so I have to create a sub-directory the user is supposed to write to. I keeping getting write permission denied when uploading a file to this sub directory? how to troubleshoot this or know what i'm doing wrong? Here's how I have it setup.
Fedora 15, OpenSSH 5.6p1
/etc/ssh/sshd_config looks like this
Code:
Subsystem sftp internal-sftp
Match Group sftp
ChrootDirectory %h
[code]...
I created the sftp group and created a test user.
Code:
groupadd sftp
useradd -g sftp -s /bin/false -d /home/test test
Then gave root access to the test user's home directory so chroot will work.
Code:
chown root:root /home/test
chmod 755 /home/test
Since the user's home directory is the chroot directory, the user will not have write access to it. So I created a sub-directory that the user will have write access to.
Code:
mkdir /home/test/data
chown test:test /home/test/data
chmod 755 /home/test/data
I can successfully sftp into the server and download files. But I cannot upload files to the data directory? I get write permission denied.
View 1 Replies
View Related
Dec 20, 2009
I have FileZilla installed on this machine, and OpenSSH (with an open port 22) on another machine on my home network. When I try and connect, I get: Quote: Status:Connecting to 192.168.2.3... Response:fzSftp started Command: open "alphatwo@192.168.2.3" 22 Error:Connection refused Error:Could not connect to server
Which has left me puzzled as I have an open port. Does the username have to be defined somewhere? E.g. the machine acting as my SFTP server can be logged on to locally as alphatwo so that's what I logged in as (with the correct password). Is this correct? If so, does anyone have any ideas as to how I might rectify it? I want SFTP set up so I can copy PHP files from my laptop to /var/www/html/ on another PC (across the home network).
View 4 Replies
View Related
Aug 13, 2010
I'm wanting to setup SFTP in a chroot, which is simply enough to do and I already have it working; however I also want it so that when they connect via SFTP it goes directly to their home directory. Currently I have the following in "/etc/ssh/sshd_config":
Code:
Subsystem sftp internal-sftp
Match Group sftp-users
ChrootDirectory /home
AllowTCPForwarding no
ForceCommand internal-sftp
Which works perfectly fine, however when they connect there are shown the contents of the "/home" directory which they then have to "cd username" to get to their home directory. This I do not like, and it confuses our clients who connect saying they can see "random folders that aren't mine", or some that think they've "hacked" the server. I really need it so upon connection they go to "username" directory. I can do this by using:
Code:
usermod -d /username username
Which changes the users home directory to "/username", and then upon connection it works just fine, they are taken directory to their home directory. However, I really really do not like the fact that "/etc/passwd" shows a different home directory to their real home directory, i.e it states "/username" when actually it is "/home/username".I've spent the entire day looking a different ways of doing it, and I can't come up with anything.
View 3 Replies
View Related
Oct 27, 2010
I have recently configured sshd_config to have chrooted SFTP service. I'm using SFTP internal-sftp config. However now I have to figure out how to log file transfers happening using the SFTP service. I'm using the Ubuntu Server 10.04 (64bit)
View 3 Replies
View Related
Nov 14, 2010
I have a openSSH server, it works to connect to it within the local network but I can't connect to it from the Internet. What I would like to do is to connect to the server using filezilla client, simply by using username and password.To make it secure from brute force attacks will I only allow connections from specific IP number.
I have a server with the static internal ip 192.168.1.5, port is 2222. My global ip is 10.4.5.6 and I would like to connect with filezilla client from ip 11.1.2.3. How do I connect?
View 1 Replies
View Related
Apr 8, 2010
In Nautilus I have a sftp:// mount as favorite, how can I see where it is mounted ?
View 5 Replies
View Related
Nov 18, 2010
I want to connect to the same machine that that I have OpenSSH server on which uses keys and I have disabled password-based logins (for ssh). Apparently, this also affects SFTP which makes sense. How do I setup SFTP to use key-based authentication?
View 5 Replies
View Related
Mar 20, 2011
i want to allow some friends to ssh/sftp/scp into my system but i only want them to have access to my external hard drive (/media/externalHD/), and i dont want them to be able to delete or add anything, only download.i have found instructions on how to limit a user to his/her home directory and thought about just creating a user with the home directory /media/externalHD but idk if this will work and im afraid i might make a mistake and delete 800gb of 'files'
View 2 Replies
View Related
Sep 1, 2011
I've searched the interwebs and have never had this problem before but I can connect with ssh no problem. The problem arises when I try to connect with sftp. I get code...
View 1 Replies
View Related
Feb 1, 2010
I have this strange problem which I am unable to web search on and not sure what to do next. My Linux knowledge is between basic to intermediate but I know how to troubleshoot general hardware problems.
My problem is that Ubuntu 9.04 Jaunty 64-bit hangs while SFTP is active and dynamic IP changes. For example, I SFTP into my home server and transfer file then suddenly my ISP decides to renew my IP and give me a new IP while my SFTP client is still uploading files to my home server. This causes my SFTP client to stop working. Upon checking, my router is still running with a new IP lease from my ISP. My Linux box still powers on but typing anything from the keyboard does not make it "wake up" and put things on the monitor. Nothing seems to make it respond and the only way is to get about it is to power off and on. During that time, you cannot SSH into the server as there is no respond. SFTP into the server is not possible too because connection fails.
The server has all new hardware, latest BIOS, etc. Memtest86 shows no errors after running for more then 5 hours. I am unable to find anything out of the norm in /var/log/kern.log or in dmesg. All hardware seems to be working.
When I think about it, I tend to think OpenSSH (probably that is the default package in Jaunty) is causing this system hang whenever there is an interrupted connection from the outside world. However, I fail to agree with this is because I am sure the daemon and Linux can tolerate this situation without resorting to system hang. FYI, I have installed vsftp as well but this should not be a problem.
View 2 Replies
View Related
Feb 15, 2010
I run some IT systems for my schools Engineering student organization.
We are upgrading our systems and I just purchased a new server system which I am configuring.
I am using Ubuntu 10.04 Lucid Lynx and the new likewise-open packages.
The points I bring up following this sentence are to fulfill this final goal : Get SFTP, SSH, and Network Share's over our private network all using the schools Active Directory for auth and it's groups to derive privs.
So... Here's what i've done and what i've tried to do.
1 ) I set up likewise-open and got it to join the domain. When I do this I can ssh to localhost as 'schoolnetworkADname'. So that part works (hurray). To get a network share to use these same auth methods I have tried installing likewise-open-server. Everything launches find and the daemons run, but when I go into computer management on a windows server to set up the actual shares, I get permission denied. The account it is giving permission denied to is the same AD account that join likewise-open to the network, so... what is going on.
2 ) Samba, fail. I can't seem to get samba to run on this machine at all, which is strange because even my Samba expert was puzzled. It just won't let Samba join the domain properly, and due to this, I want to keep on the newer likewise package... unless I have to switch to this.
How I can get the lame likewise-open-server to work?
View 1 Replies
View Related
Mar 3, 2010
I need to set up ssh/sftp/network shares all authenticating with AD. I want to use likewise to do the auth, but to mount the network shares I need to use an older version of samba so it can connect with likewise.How can I go about installing an older version of samba onto this new distro of the OS? I've tried installing the lenny and etch versions but I always get an error during install just saying that samba errored.
View 4 Replies
View Related
Jun 6, 2010
I am currently running Ubuntu Server 9.10 as an FTP server. It has become a necessity to allow users access via SSH terminal or sftp via WinSCP. I need to be able to monitor what users are doing at any given time and be able to pull up each users activity history. Essentially I need to be able to pinpoint who modified a file at what time. Also what is the best method to monitor things like nmap probes?
View 1 Replies
View Related
Jul 6, 2011
I'm new around here and pretty new to ubuntu and linux in general. I am setting Up an sftp server. I set it up using openssh and it worked fine for a few months. Then recently we experienced a power outage. Now the server will boot fine, all users can login locally, but when they try to login remotely they enter their user info and then are denied with some generic network error. Again, being a noob at this I tried to trouble shoot this a little bit but I'm not quite sure what to look for. I believe the ssh service is running but I don't know what else to look for.
View 9 Replies
View Related
Dec 11, 2010
I want to share files over the web with only a few people and limiting them to certain folders. I have been doing a remote access (ssh) to my server to access it from a pc on the local network. I later found out the same program doing ssh (open_ssh) was also doing sftp, great I could do both with one system account. Problem I couldn't find away to configure another user to go over the web with limited folder access without messing up my user to access the pc. I tried ftps by using vsftpd, I couldn't get chroot set up correctly or even log in. So my question is what program and/or protocol should I use to do secure ftp over the web?
OS: Ubuntu 64bit 10.04
View 4 Replies
View Related
May 31, 2010
I am trying to find out, if an application is chrooted jail or not. I have tried to do as suggested here, but something is wrong I believe. [URL]
pidof apache2
24714 24404 24366 24365 24364 24363 24362 4923
ls -ld /proc/24714/root
lrwxrwxrwx 1 root root 0 May 31 19:05 /proc/24714/root -> /
So far so good. Now we try with postfix, ups, nothing to show ? pidof postfix Lets try with the postfix master process instead. pidof master 2623
ls -ld /proc/2623/root
lrwxrwxrwx 1 root root 0 May 31 19:07 /proc/2623/root -> /
It shows it as not being chrooted jail, which I do not understand, since I KNOW that postfix runs chrooted jail.
View 3 Replies
View Related
Aug 30, 2011
Is it possible to load a new kernel while in a chrooted environment. Say I have one linux distro and want to chroot into another and load its kernel
View 1 Replies
View Related
Jul 29, 2010
I am unable to send emails throught smtp class with auth server. Whenever i send the email even throught mybb smtp class in forum i see blank page and apache logs shows: Code: [Thu Jul 29 16:41:49 2010] [notice] child pid 23716 exit signal Segmentation fault (11) any idea what i have to add for proper work of this?
View 1 Replies
View Related
Dec 23, 2010
How to allow users to change their password in chrooted ssh as long as the modifications in the shadow file in the chrooted environment will not be applied on the system itself ?
View 2 Replies
View Related
Aug 10, 2010
I had to copy the lib64 libs since I am working on a Cent OS 5.5 Xen VM. And used username enemy-territory instead of et adjusting the relevant init script lines accordingly. I am able to run "chroot /usr/local/enemy-territory" and get to shell, I am root when I run that, of course.
starting /enemy-territory/etded I get: [I have no name!@cobra /]#/enemy-territory/etded
bash: /enemy-territory/etded: /bin/sh: bad interpreter: Permission denied
starting /enemy-territory/etded.x86 I get:
[I have no name!@cobra /]#/enemy-territory/etded.x86
ET 2.55 linux-i386 May 27 2003
----- FS_Startup -----
Sys_Error: Unable to create directory "/root/.etwolf", error is No such file or directory(2)
I have set all files to be owned by root but are part of group enemy-territory. I can see the files in chroot.
Running the start script yields:
[root@cobra local]#/etc/rc.d/init.d/rc.etded start
[root@cobra local]#Could not find a PID for /usr/local/enemy-territory/enemy-territory/etded.x86!
[code]....
As any normal user I can run the program fine without problems. I am wanting the chroot setup, so I can limit collateral damage if we get hacked, and to allow me to have a non chroot location to store backup copies of the working directory.
View 2 Replies
View Related
Feb 2, 2011
If someone has physical access to a machine, they can boot up with a live cd and chroot in to the filesystem as root. 1) Is there any way of a bash script script knowing if the computer was booted regularly or if it was chrooted into? 2) Is there a way to have a script run automatically when the user chroots in?
View 1 Replies
View Related
Jul 24, 2011
As a Windows user, I generated a pair of DSA keys from CoreFTP Lite and sent it to a third party that runs an SFTP server. They told me that a valid DSA key needs to have ssh-dsa at the start and the username@systemname at the end. CoreFTP generated neither the ssh-dsa header nor the username@systemname footer. I tried with WinSCP and it didn't generate them either. Is there a difference between how SFTP works between Windows and Linux? If I put a useraccount@systemname at the end of the text will it work? How would the Linux system validate that my system is called "systemname"? If it can't validate, what is the purpose of adding it?
View 2 Replies
View Related
Sep 1, 2011
I have a droid phone, and I have ubuntu 9 running on it. This is done by chrooting since the phone runs a linux kernel. And it works... I have a question though. tightvncserver does work, and its able to listen on 127.0.0.1.. Its how you view your X session. So you chroot to Ubuntu, then start vncserver. Then switch back to android and login to ubuntu via vnc client. but apache, mysql, and postgresql do not work. Well. They dont seem too.. except for mysql. Mysql will start but only if you tell it not to use networking by saying skip-networking in my.cnf
Mysql says: mysqld cant create ip socket permission denied Apache2 says it can find 127.0.0.1 but doesnt actually run same with postgresql... All seem to be compiled with arm architecture. So why does tightvncwork? Why is it so special? How can it listen on the loop back (127.0.0.1) when nothing else can...
I have /proc and /dev bind to the chroot side. I can run ifconfig okay, and I can run /etc/init.d/networking start okay.. But apache2, mysql, etc have problems binding. I have removed apparmor even though technically its not running, but I removed it and its configuration files, just because I thought perhaps mysql looks at apparmor, but I doubted it.
View 1 Replies
View Related
Feb 5, 2011
I use sftp in nautilus to transfert file to my server but it's very slow. For example for tthe same file to the same IP with nautilus i upload at 1.8Mb/s adn with Filezilla I upload at 8.0mb/s.
increase upload with nautilus?
View 2 Replies
View Related
Feb 12, 2011
I am trying to install ftp or sftp or just something for my friend to download some files from my fedora 13. I have googled and found some useless/nonworking guides. Has anyone been able to set up these services in fedora 13. I want to have a special user for my friend which he can log in as.
View 2 Replies
View Related
Apr 15, 2010
I want to allow users to user sftp to upload and download files frome one folder, as you know this uses ssh, my question is if i create user to access linux serverthrough ftpd they will be able to browse the root directry, can I create users and ristrict them to only specific directory?
View 1 Replies
View Related
Dec 5, 2010
Server A: Generated RSA Key
Server B: Added the RSA Key to authorized_keys list
SFTP from A to B.
Still prompts for password.
I will be sftp-ing both from Server B to Server A and 'A to B'. Sever B to Server A works fine. No prompting for password. But from A-B it this is what is happening sftp -v log...
debug1: Offering public key: ~InfAdmin-.ssh-id_rsa
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Trying private key: ~InfAdmin-.ssh-id_dsa
debug1: Next authentication method: password
InfAdminATServerB's password:
Why is this trying id_dsa private key? From Server B to Server A when I do the same, it does not say 'Trying Private Key -id_dsa' This is what it says
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
How do I enforce that Server A does the same? Why is it trying the dsa private key when I have used RSA.
View 4 Replies
View Related
