Fedora Servers :: Get ChrootDirectory Working With SFTP?
Jul 21, 2011
I'm trying to get ChrootDirectory working with SFTP. I understand the chroot directory is not writable by the user, so I have to create a sub-directory the user is supposed to write to. I keeping getting write permission denied when uploading a file to this sub directory? how to troubleshoot this or know what i'm doing wrong? Here's how I have it setup.
Fedora 15, OpenSSH 5.6p1
/etc/ssh/sshd_config looks like this
Code:
Subsystem sftp internal-sftp
Match Group sftp
ChrootDirectory %h
[code]...
I created the sftp group and created a test user.
Code:
groupadd sftp
useradd -g sftp -s /bin/false -d /home/test test
Then gave root access to the test user's home directory so chroot will work.
Code:
chown root:root /home/test
chmod 755 /home/test
Since the user's home directory is the chroot directory, the user will not have write access to it. So I created a sub-directory that the user will have write access to.
i'm on 9, x86_64, and have successfully created chrooted SFTp users following this [URL] tutorial. however, i need to get into the sftp account programmatically to move and delete the deposited files. so i enabled ACL and set setfacl -R -m u:$USER:rwx,d:u:$USER:rwx /home/$SFTPUSER
this works well EXCEPT that now the sftp user cannot log in. the latter, of course, is the problem at hand! it's driving me crazy. as soon as i remove the acl and revert back to the plain old chmod/chown scheme, the sftp user can log in ... but i can't delete files in the sftp account. i tried to set facl to the sftp group ('jailed') but to no avail.
I have FileZilla installed on this machine, and OpenSSH (with an open port 22) on another machine on my home network. When I try and connect, I get: Quote: Status:Connecting to 192.168.2.3... Response:fzSftp started Command: open "alphatwo@192.168.2.3" 22 Error:Connection refused Error:Could not connect to server
Which has left me puzzled as I have an open port. Does the username have to be defined somewhere? E.g. the machine acting as my SFTP server can be logged on to locally as alphatwo so that's what I logged in as (with the correct password). Is this correct? If so, does anyone have any ideas as to how I might rectify it? I want SFTP set up so I can copy PHP files from my laptop to /var/www/html/ on another PC (across the home network).
I have ubuntu server 9.10 running in which I selected the option to automatically installed security updates. It's been running file for 4 months with both ssh and SFTP, which I installed the openssh-server.Today I really need to upload something to the server, which is in another city and SFTP isn't working. It's not allowing me to connected, I tried connecting with multiple FTP clients, command line...etc and on both windows and linux and SFTP just isn't working.The only changed I've done to the configuration file was changing the port from 22 to another port and did this 4 months ago. Been using it every few weeks since then.
I'm wanting to setup SFTP in a chroot, which is simply enough to do and I already have it working; however I also want it so that when they connect via SFTP it goes directly to their home directory. Currently I have the following in "/etc/ssh/sshd_config":
Code:
Subsystem sftp internal-sftp Match Group sftp-users ChrootDirectory /home AllowTCPForwarding no ForceCommand internal-sftp
Which works perfectly fine, however when they connect there are shown the contents of the "/home" directory which they then have to "cd username" to get to their home directory. This I do not like, and it confuses our clients who connect saying they can see "random folders that aren't mine", or some that think they've "hacked" the server. I really need it so upon connection they go to "username" directory. I can do this by using:
Code:
usermod -d /username username
Which changes the users home directory to "/username", and then upon connection it works just fine, they are taken directory to their home directory. However, I really really do not like the fact that "/etc/passwd" shows a different home directory to their real home directory, i.e it states "/username" when actually it is "/home/username".I've spent the entire day looking a different ways of doing it, and I can't come up with anything.
I have recently configured sshd_config to have chrooted SFTP service. I'm using SFTP internal-sftp config. However now I have to figure out how to log file transfers happening using the SFTP service. I'm using the Ubuntu Server 10.04 (64bit)
I have a openSSH server, it works to connect to it within the local network but I can't connect to it from the Internet. What I would like to do is to connect to the server using filezilla client, simply by using username and password.To make it secure from brute force attacks will I only allow connections from specific IP number.
I have a server with the static internal ip 192.168.1.5, port is 2222. My global ip is 10.4.5.6 and I would like to connect with filezilla client from ip 11.1.2.3. How do I connect?
I`ve the following internet configuration at home -
WORLD to ADSL modem in BRIDGE mode with DHCP
[code]....
All internet browsing function are ok, but when I try to upload file using sftp to a remote compute - it hangs. This is not a problem of remote computer. Download is working ok. I disabled firewall on wireless router but this did not help.
I want to connect to the same machine that that I have OpenSSH server on which uses keys and I have disabled password-based logins (for ssh). Apparently, this also affects SFTP which makes sense. How do I setup SFTP to use key-based authentication?
i want to allow some friends to ssh/sftp/scp into my system but i only want them to have access to my external hard drive (/media/externalHD/), and i dont want them to be able to delete or add anything, only download.i have found instructions on how to limit a user to his/her home directory and thought about just creating a user with the home directory /media/externalHD but idk if this will work and im afraid i might make a mistake and delete 800gb of 'files'
I've searched the interwebs and have never had this problem before but I can connect with ssh no problem. The problem arises when I try to connect with sftp. I get code...
I have this strange problem which I am unable to web search on and not sure what to do next. My Linux knowledge is between basic to intermediate but I know how to troubleshoot general hardware problems.
My problem is that Ubuntu 9.04 Jaunty 64-bit hangs while SFTP is active and dynamic IP changes. For example, I SFTP into my home server and transfer file then suddenly my ISP decides to renew my IP and give me a new IP while my SFTP client is still uploading files to my home server. This causes my SFTP client to stop working. Upon checking, my router is still running with a new IP lease from my ISP. My Linux box still powers on but typing anything from the keyboard does not make it "wake up" and put things on the monitor. Nothing seems to make it respond and the only way is to get about it is to power off and on. During that time, you cannot SSH into the server as there is no respond. SFTP into the server is not possible too because connection fails.
The server has all new hardware, latest BIOS, etc. Memtest86 shows no errors after running for more then 5 hours. I am unable to find anything out of the norm in /var/log/kern.log or in dmesg. All hardware seems to be working.
When I think about it, I tend to think OpenSSH (probably that is the default package in Jaunty) is causing this system hang whenever there is an interrupted connection from the outside world. However, I fail to agree with this is because I am sure the daemon and Linux can tolerate this situation without resorting to system hang. FYI, I have installed vsftp as well but this should not be a problem.
I run some IT systems for my schools Engineering student organization.
We are upgrading our systems and I just purchased a new server system which I am configuring.
I am using Ubuntu 10.04 Lucid Lynx and the new likewise-open packages.
The points I bring up following this sentence are to fulfill this final goal : Get SFTP, SSH, and Network Share's over our private network all using the schools Active Directory for auth and it's groups to derive privs.
So... Here's what i've done and what i've tried to do.
1 ) I set up likewise-open and got it to join the domain. When I do this I can ssh to localhost as 'schoolnetworkADname'. So that part works (hurray). To get a network share to use these same auth methods I have tried installing likewise-open-server. Everything launches find and the daemons run, but when I go into computer management on a windows server to set up the actual shares, I get permission denied. The account it is giving permission denied to is the same AD account that join likewise-open to the network, so... what is going on.
2 ) Samba, fail. I can't seem to get samba to run on this machine at all, which is strange because even my Samba expert was puzzled. It just won't let Samba join the domain properly, and due to this, I want to keep on the newer likewise package... unless I have to switch to this.
How I can get the lame likewise-open-server to work?
I need to set up ssh/sftp/network shares all authenticating with AD. I want to use likewise to do the auth, but to mount the network shares I need to use an older version of samba so it can connect with likewise.How can I go about installing an older version of samba onto this new distro of the OS? I've tried installing the lenny and etch versions but I always get an error during install just saying that samba errored.
I am currently running Ubuntu Server 9.10 as an FTP server. It has become a necessity to allow users access via SSH terminal or sftp via WinSCP. I need to be able to monitor what users are doing at any given time and be able to pull up each users activity history. Essentially I need to be able to pinpoint who modified a file at what time. Also what is the best method to monitor things like nmap probes?
I'm new around here and pretty new to ubuntu and linux in general. I am setting Up an sftp server. I set it up using openssh and it worked fine for a few months. Then recently we experienced a power outage. Now the server will boot fine, all users can login locally, but when they try to login remotely they enter their user info and then are denied with some generic network error. Again, being a noob at this I tried to trouble shoot this a little bit but I'm not quite sure what to look for. I believe the ssh service is running but I don't know what else to look for.
I want to share files over the web with only a few people and limiting them to certain folders. I have been doing a remote access (ssh) to my server to access it from a pc on the local network. I later found out the same program doing ssh (open_ssh) was also doing sftp, great I could do both with one system account. Problem I couldn't find away to configure another user to go over the web with limited folder access without messing up my user to access the pc. I tried ftps by using vsftpd, I couldn't get chroot set up correctly or even log in. So my question is what program and/or protocol should I use to do secure ftp over the web?
As a Windows user, I generated a pair of DSA keys from CoreFTP Lite and sent it to a third party that runs an SFTP server. They told me that a valid DSA key needs to have ssh-dsa at the start and the username@systemname at the end. CoreFTP generated neither the ssh-dsa header nor the username@systemname footer. I tried with WinSCP and it didn't generate them either. Is there a difference between how SFTP works between Windows and Linux? If I put a useraccount@systemname at the end of the text will it work? How would the Linux system validate that my system is called "systemname"? If it can't validate, what is the purpose of adding it?
I've been administrating a dedicated Linux CentOS 5 (Linux 2.6.26.5-rootserver-20080917a) server for around 2 years, and although not a network or Linux expert, been learning to configure as need arises. Primarily using Plesk for day-to-day, but occasionally using Putty to SSH into server.
For all the time I've had the server, I've been connecting to my server via sFTP using "root" password. ( Although, I know this is really bad practice, I assume made safer by connecting with SSH FTP)
After spending another normal day in the office developing websites, connecting to my server as root using SFTP in Filezilla AND Dreamweaver I left for the night.
Returned next morning, after having done no manual updates or amends to my server; I could no longer SFTP into my server?
Thought it may be related to my office network, so tried it from home over the weekend, same result; can no longer connect SFTP for root?
I can connect to the server via Putty using my "root" username and password.
After spending hours looking on the internet for a solution, I'm lost for ideas as I didn't make any changes?
What happens when I open my Filezilla and try connecting as SFTP is it states:
Error:Connection timed out Error:Could not connect to server
I checked server log /var/log/secure and it states:
Accepted password for root from UNKNOWN port 49212 ssh2 Apr 9 07:41:41 s15320264 sshd[7122]: fatal: Write failed: Connection reset by peer
Odd part is, it's worked fine for weeks, months without ever failing to connect?
Also, notice that Putty connection seems to take much longer to authenticate root user than it used to?
Checked via Plesk Health Monitoring and all CPU, Memory and Disk Levels are well below any alarm levels.
I have run all Plesk updates to 10.2.0 in the hope that it resolved it, but to no avail.
I am running a Fedora 3 that I had installed from a slightly outdated disk. and I have been making updates by using YUM. But I have a policy of only updating just what is needed and leaving the rest alone. This was fine until some time (I think is was) last year, when our friends at fedora had discontinued support for Fedora 3 and then unwisely deleted all the packages for fedora 3 and fedora 4 off there server. Now it has been a struggle just administer updates when application that I am adding become unhappy with the version that come off of the disk, and I end up with versions that are more current then I wanted. All I wanted is to have access to the packages that were left when the music stopped.
Hear is my current pediment. I now need to run PHP (something I never used until now) and version that came with the disk (ver 4.3.9) is too low for the scripts that I will be running. They need PHP 5. Now I know that were up to something like PHP 5.3.x. But I don't really need that. I am shore there is a version of PHP 5, like versions 5.1, that was available though YUM. If they only just left it there. At least Microsoft leaves all of there window 98 updates on there server for people to use, even though they don't support windows 98 any more.
The biggest reason I want to use YUM or even up2date for my installs and updates, is they minimized the risk of screwing something up.
Here is my question. Dos, anyone know where there is a mirror of fedora 3 updates that fedora used to have on there site?
I am hopping to be able to adjust the baseurl= line in the fedora.repo file to point it to this new mirror and make YUM work like NEW.
I use sftp in nautilus to transfert file to my server but it's very slow. For example for tthe same file to the same IP with nautilus i upload at 1.8Mb/s adn with Filezilla I upload at 8.0mb/s.
I am trying to install ftp or sftp or just something for my friend to download some files from my fedora 13. I have googled and found some useless/nonworking guides. Has anyone been able to set up these services in fedora 13. I want to have a special user for my friend which he can log in as.
I've read through these pages [URL] but can't seem to get Samba server working. I am using Gnome and I go to System - Administration - Services
In there I can see smb and nmb. Both are enabled, but both have a status of unknown. I can't seem to start or stop either of them. I can just enable or disable them. I've tried using the gui, as well as command line.
I'd really like to get this going as I'd like to copy files from my XP Pro box to my Linux box (F9). I have WinSCP, but am having permission issues and I can only copy to a folder on my desktop on the Linux box (I'd like to get this fixed too, but that's a different thread at a later time)
I've been running a F10 based Samba Server a few months without trouble. Now, after an update, samba is not working any more. When I try to start it manually, it reports the following error:
I tried to set up vnc following the steps of this webpage:
[URL]
which did not work. I changed everything back the way it was, but when I tried to ssh in to my remote server, the connection timed out? It showed nothing in secure logs. I tried to ssh in through webmin, in asked for auth but did not connect. The logs said this:
Jul 30 12:05:10 server sshd[2829]: Did not receive identification string from 209.139.209.100
I tried to telnet port 22 through the shell in webmin and got this:
> telnet 209.139.209.100 22 Trying 209.139.209.100... Connected to 209.139.209.100. Escape character is '^]'. Connection closed by foreign host.
I tried reinstalling ssh, but got the same errors...It worked fine before the howto. I can't imagine how it changed something in ssh...
