Ubuntu Servers :: Authentication Methods Over Network Shares And SFTP
Feb 15, 2010
I run some IT systems for my schools Engineering student organization.
We are upgrading our systems and I just purchased a new server system which I am configuring.
I am using Ubuntu 10.04 Lucid Lynx and the new likewise-open packages.
The points I bring up following this sentence are to fulfill this final goal : Get SFTP, SSH, and Network Share's over our private network all using the schools Active Directory for auth and it's groups to derive privs.
So... Here's what i've done and what i've tried to do.
1 ) I set up likewise-open and got it to join the domain. When I do this I can ssh to localhost as 'schoolnetworkADname'. So that part works (hurray). To get a network share to use these same auth methods I have tried installing likewise-open-server. Everything launches find and the daemons run, but when I go into computer management on a windows server to set up the actual shares, I get permission denied. The account it is giving permission denied to is the same AD account that join likewise-open to the network, so... what is going on.
2 ) Samba, fail. I can't seem to get samba to run on this machine at all, which is strange because even my Samba expert was puzzled. It just won't let Samba join the domain properly, and due to this, I want to keep on the newer likewise package... unless I have to switch to this.
How I can get the lame likewise-open-server to work?
I need to set up ssh/sftp/network shares all authenticating with AD. I want to use likewise to do the auth, but to mount the network shares I need to use an older version of samba so it can connect with likewise.How can I go about installing an older version of samba onto this new distro of the OS? I've tried installing the lenny and etch versions but I always get an error during install just saying that samba errored.
I want to connect to the same machine that that I have OpenSSH server on which uses keys and I have disabled password-based logins (for ssh). Apparently, this also affects SFTP which makes sense. How do I setup SFTP to use key-based authentication?
I am posting this as I have tried several times to work this out. I have read article after article, post after post and tutorial after to tutorial to sort this issue. I have an Ubuntu 10.04 machine running as the LDAP and NFS server with two Opensuse 11.3 desktop machines. Both of the Opensuse machines can login using the LDAP server for authentication and this works fine. The server also exports the NFS Shares no problem but I am unable to mount the shares from the Opensuse machines. I have been using Yast, NFS Client to mount them.
Yast NFS Client can see the shares and lists them however when I apply the settings it states:
'Unable to mount entries in etc/fstab' I need to mount the shares according to the LDAP details as I want the users to be able to access their files no matter which machine they login at. Can anyone shed any light on the issue. Any help would be great and I would be enternally grateful as I am now beginning to pull my hear out slightly.
I keep getting the above message when trying to login to my server using a private key,is there something I am missing from the configs here?Quote:
#$OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information.
I'm new around here and pretty new to ubuntu and linux in general. I am setting Up an sftp server. I set it up using openssh and it worked fine for a few months. Then recently we experienced a power outage. Now the server will boot fine, all users can login locally, but when they try to login remotely they enter their user info and then are denied with some generic network error. Again, being a noob at this I tried to trouble shoot this a little bit but I'm not quite sure what to look for. I believe the ssh service is running but I don't know what else to look for.
I work with python and I use emacs as my IDE tool. I have been running Debian Squeeze (6.0.9) for some time now with emacs 23.2.1 and ecb 2.32. I am able to access my python methods in the ecb-methods window with no problems. However I recently upgraded my desktop to Debian Wheezy (7.5) running emacs 23.4.1 and ecb 2.40 but I have lost access to the methods in the ecb-methods window. The window is just empty while the others (directories, sources and history) are all populated. I have a second laptop which I decided to upgrade to Debian Jessie, however Jessie recommends emacs 23.4.1 which is running with ecb 2.40 also. The result is the same as on Wheezy.
I have used the ecb menus and googled for a solution or even just a mention that such a problem exists but have come up with nothing. Either I have a unique situation here or am doing something really dumb.
I would like to upgrade to Wheezy or Jessie but I need access to methods in the ecb methods window. How to keep my upgrade and see the methods in the methods window of the ecb system ....
I am trying to ssh a remote box from putty but I am getting following error. "No supported authentication methods available" I don't have access to the server so I must have make my ssh client compatible to ssh server. This is the trace from another client
[SSH] Protocol Version 2 (OpenSSH_5.3p1 Debian-3ubuntu6) [SSH] Cipher: aes128-ctr [SSH] FAIL: Unable to authenticate [SSH] INFO: DISCONNECT
Server A: Generated RSA Key Server B: Added the RSA Key to authorized_keys list SFTP from A to B. Still prompts for password.
I will be sftp-ing both from Server B to Server A and 'A to B'. Sever B to Server A works fine. No prompting for password. But from A-B it this is what is happening sftp -v log...
debug1: Offering public key: ~InfAdmin-.ssh-id_rsa debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug1: Trying private key: ~InfAdmin-.ssh-id_dsa debug1: Next authentication method: password InfAdminATServerB's password:
Why is this trying id_dsa private key? From Server B to Server A when I do the same, it does not say 'Trying Private Key -id_dsa' This is what it says
debug1: Server accepts key: pkalg ssh-rsa blen 277 debug1: read PEM private key done: type RSA debug1: Authentication succeeded (publickey).
How do I enforce that Server A does the same? Why is it trying the dsa private key when I have used RSA.
I am attempting to set up an automatic transfer via sftp using public key authentication. I have created a public/private key pair to connect to the remote server without using a password. I have also been able to use this key pair to login from the command line: sftp -vvv -oPort=<server-side port> user@server.Debug info from interactive command:
Code: debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey
I have to execute certain commands (like shutdown Tomcat) on several servers so I'm using a loop and ssh. I put the server's IP on a CSV file which I parse, execute the commands for each line and send the output to a file. The problem is that after processing one line the program stops execution. I wonder if someone could lend me a hand with this, I'm new in bash scripting and I ran out of ideas.
The CSV (servers.csv) file looks like this:
Code:
192.168.254.5:Server 1 192.168.254.6:Server 2 ...
And the script looks like this:
Code:
#!/bin/bash while IFS=: read ip name do sshpass -p "pass" ssh -o "StrictHostKeyChecking no" root@"$ip" 'sh <CATALINA_BASE>/bin/shutdown.sh' >> output.log done < servers.csv
On Ubuntu server 10.10, with a relay smtp server with authentication via postfix; I keep getting 535: Incorrect authentication data. I'm sure my username and password is correct. Heres how I set up postfix: I created a file called smarthosts.conf in my /etc/postfix/ directory that contains the following:
[Code].....
my server uses plain text authentication on port 25. I would like to use security like SSL, but this particular server is unsecured.
I am giving 10.04RC a try instead of Windows 7, so far so good. I can connect to my network shares fine using "Connect to a Server" & bookmark with the file browser, however when I use OpenOffice writer Spreadsheet to open/save files the shares disappear in the"Open/Places". Is this a bug in Ubuntu or Open Office? Is there an update/fix?
I've been running a Samba server under RedHat 8 for five years without a hiccup. I want to cut over to a F10 box but cannot get shares accessible. smbclient attempts fail over NT password error. SELinux is disabled. Server is visible on the network. Users require no password access to shared data.
smb.conf follows:
# Samba config file created using SWAT # from UNKNOWN (>) # Date: 2009/06/12 14:15:15
I'm wanting to setup SFTP in a chroot, which is simply enough to do and I already have it working; however I also want it so that when they connect via SFTP it goes directly to their home directory. Currently I have the following in "/etc/ssh/sshd_config":
Code:
Subsystem sftp internal-sftp Match Group sftp-users ChrootDirectory /home AllowTCPForwarding no ForceCommand internal-sftp
Which works perfectly fine, however when they connect there are shown the contents of the "/home" directory which they then have to "cd username" to get to their home directory. This I do not like, and it confuses our clients who connect saying they can see "random folders that aren't mine", or some that think they've "hacked" the server. I really need it so upon connection they go to "username" directory. I can do this by using:
Code:
usermod -d /username username
Which changes the users home directory to "/username", and then upon connection it works just fine, they are taken directory to their home directory. However, I really really do not like the fact that "/etc/passwd" shows a different home directory to their real home directory, i.e it states "/username" when actually it is "/home/username".I've spent the entire day looking a different ways of doing it, and I can't come up with anything.
I have recently configured sshd_config to have chrooted SFTP service. I'm using SFTP internal-sftp config. However now I have to figure out how to log file transfers happening using the SFTP service. I'm using the Ubuntu Server 10.04 (64bit)
I have a openSSH server, it works to connect to it within the local network but I can't connect to it from the Internet. What I would like to do is to connect to the server using filezilla client, simply by using username and password.To make it secure from brute force attacks will I only allow connections from specific IP number.
I have a server with the static internal ip 192.168.1.5, port is 2222. My global ip is 10.4.5.6 and I would like to connect with filezilla client from ip 11.1.2.3. How do I connect?
i want to allow some friends to ssh/sftp/scp into my system but i only want them to have access to my external hard drive (/media/externalHD/), and i dont want them to be able to delete or add anything, only download.i have found instructions on how to limit a user to his/her home directory and thought about just creating a user with the home directory /media/externalHD but idk if this will work and im afraid i might make a mistake and delete 800gb of 'files'
I've searched the interwebs and have never had this problem before but I can connect with ssh no problem. The problem arises when I try to connect with sftp. I get code...
i'm on 9, x86_64, and have successfully created chrooted SFTp users following this [URL] tutorial. however, i need to get into the sftp account programmatically to move and delete the deposited files. so i enabled ACL and set setfacl -R -m u:$USER:rwx,d:u:$USER:rwx /home/$SFTPUSER
this works well EXCEPT that now the sftp user cannot log in. the latter, of course, is the problem at hand! it's driving me crazy. as soon as i remove the acl and revert back to the plain old chmod/chown scheme, the sftp user can log in ... but i can't delete files in the sftp account. i tried to set facl to the sftp group ('jailed') but to no avail.
I have this strange problem which I am unable to web search on and not sure what to do next. My Linux knowledge is between basic to intermediate but I know how to troubleshoot general hardware problems.
My problem is that Ubuntu 9.04 Jaunty 64-bit hangs while SFTP is active and dynamic IP changes. For example, I SFTP into my home server and transfer file then suddenly my ISP decides to renew my IP and give me a new IP while my SFTP client is still uploading files to my home server. This causes my SFTP client to stop working. Upon checking, my router is still running with a new IP lease from my ISP. My Linux box still powers on but typing anything from the keyboard does not make it "wake up" and put things on the monitor. Nothing seems to make it respond and the only way is to get about it is to power off and on. During that time, you cannot SSH into the server as there is no respond. SFTP into the server is not possible too because connection fails.
The server has all new hardware, latest BIOS, etc. Memtest86 shows no errors after running for more then 5 hours. I am unable to find anything out of the norm in /var/log/kern.log or in dmesg. All hardware seems to be working.
When I think about it, I tend to think OpenSSH (probably that is the default package in Jaunty) is causing this system hang whenever there is an interrupted connection from the outside world. However, I fail to agree with this is because I am sure the daemon and Linux can tolerate this situation without resorting to system hang. FYI, I have installed vsftp as well but this should not be a problem.
I am currently running Ubuntu Server 9.10 as an FTP server. It has become a necessity to allow users access via SSH terminal or sftp via WinSCP. I need to be able to monitor what users are doing at any given time and be able to pull up each users activity history. Essentially I need to be able to pinpoint who modified a file at what time. Also what is the best method to monitor things like nmap probes?
I'm trying to get ChrootDirectory working with SFTP. I understand the chroot directory is not writable by the user, so I have to create a sub-directory the user is supposed to write to. I keeping getting write permission denied when uploading a file to this sub directory? how to troubleshoot this or know what i'm doing wrong? Here's how I have it setup.
Fedora 15, OpenSSH 5.6p1
/etc/ssh/sshd_config looks like this
Code:
Subsystem sftp internal-sftp Match Group sftp ChrootDirectory %h
[code]...
I created the sftp group and created a test user.
Code:
groupadd sftp useradd -g sftp -s /bin/false -d /home/test test
Then gave root access to the test user's home directory so chroot will work.
Code:
chown root:root /home/test chmod 755 /home/test
Since the user's home directory is the chroot directory, the user will not have write access to it. So I created a sub-directory that the user will have write access to.
I've been instructed to set up an sftp server this weekend. I was going to just use vsftpd b/c it's awsome, but then someone said it's supposed to use ssh. so here's my question:
Is Vsftpd the same thing as Sftp? is it the same openssh protocol for encryption and file transport? I've set up Vsftpd before and it just uses port 21, and it doesn't seem to ask all the same questions as ssh, so is it the same thing? or should/could I tunnel vsftpd through ssh?
I`ve the following internet configuration at home -
WORLD to ADSL modem in BRIDGE mode with DHCP
[code]....
All internet browsing function are ok, but when I try to upload file using sftp to a remote compute - it hangs. This is not a problem of remote computer. Download is working ok. I disabled firewall on wireless router but this did not help.
I want to share files over the web with only a few people and limiting them to certain folders. I have been doing a remote access (ssh) to my server to access it from a pc on the local network. I later found out the same program doing ssh (open_ssh) was also doing sftp, great I could do both with one system account. Problem I couldn't find away to configure another user to go over the web with limited folder access without messing up my user to access the pc. I tried ftps by using vsftpd, I couldn't get chroot set up correctly or even log in. So my question is what program and/or protocol should I use to do secure ftp over the web?
I have FileZilla installed on this machine, and OpenSSH (with an open port 22) on another machine on my home network. When I try and connect, I get: Quote: Status:Connecting to 192.168.2.3... Response:fzSftp started Command: open "alphatwo@192.168.2.3" 22 Error:Connection refused Error:Could not connect to server
Which has left me puzzled as I have an open port. Does the username have to be defined somewhere? E.g. the machine acting as my SFTP server can be logged on to locally as alphatwo so that's what I logged in as (with the correct password). Is this correct? If so, does anyone have any ideas as to how I might rectify it? I want SFTP set up so I can copy PHP files from my laptop to /var/www/html/ on another PC (across the home network).
