Ubuntu Servers :: How To Setup SFTP In A Chroot
Aug 13, 2010
I'm wanting to setup SFTP in a chroot, which is simply enough to do and I already have it working; however I also want it so that when they connect via SFTP it goes directly to their home directory. Currently I have the following in "/etc/ssh/sshd_config":
Code:
Subsystem sftp internal-sftp
Match Group sftp-users
ChrootDirectory /home
AllowTCPForwarding no
ForceCommand internal-sftp
Which works perfectly fine, however when they connect there are shown the contents of the "/home" directory which they then have to "cd username" to get to their home directory. This I do not like, and it confuses our clients who connect saying they can see "random folders that aren't mine", or some that think they've "hacked" the server. I really need it so upon connection they go to "username" directory. I can do this by using:
Code:
usermod -d /username username
Which changes the users home directory to "/username", and then upon connection it works just fine, they are taken directory to their home directory. However, I really really do not like the fact that "/etc/passwd" shows a different home directory to their real home directory, i.e it states "/username" when actually it is "/home/username".I've spent the entire day looking a different ways of doing it, and I can't come up with anything.
View 3 Replies
ADVERTISEMENT
Nov 18, 2010
I want to connect to the same machine that that I have OpenSSH server on which uses keys and I have disabled password-based logins (for ssh). Apparently, this also affects SFTP which makes sense. How do I setup SFTP to use key-based authentication?
View 5 Replies
View Related
Mar 3, 2010
I need to set up ssh/sftp/network shares all authenticating with AD. I want to use likewise to do the auth, but to mount the network shares I need to use an older version of samba so it can connect with likewise.How can I go about installing an older version of samba onto this new distro of the OS? I've tried installing the lenny and etch versions but I always get an error during install just saying that samba errored.
View 4 Replies
View Related
Jul 6, 2011
I'm new around here and pretty new to ubuntu and linux in general. I am setting Up an sftp server. I set it up using openssh and it worked fine for a few months. Then recently we experienced a power outage. Now the server will boot fine, all users can login locally, but when they try to login remotely they enter their user info and then are denied with some generic network error. Again, being a noob at this I tried to trouble shoot this a little bit but I'm not quite sure what to look for. I believe the ssh service is running but I don't know what else to look for.
View 9 Replies
View Related
Jul 12, 2011
recently we decided to make our own panel (like Plesk or cPanel) but for Ubuntu and it will be licenced under GPL (like any other professional sofware).want to make a panel not only that fits our needs but also the needs of other system administrators and domain owners. We researched other panels and found out that non of them has security/look/ease of use in one package. Bad codig is another problem found in other panels.I made a short overwiev of what I think we have to have in the beginning.I Security :1. Completely chroot enviornoment where every single service is in chroot mode (bind,mysql, postfix, .... )2. Easily managed IPtables trough web-based interface. 3. Coding rules has to be strict.
II Software selection :
1. MTA - Postfix
2. POP - dovecot
[code]....
View 7 Replies
View Related
Apr 12, 2011
I see this questioned asked a lot and figured this tutorialThis tutorial explains how to create an SFTP server which confines (or chroot) users to their own home directory and deny them shell access.
View 1 Replies
View Related
Nov 16, 2009
Had my chroot jail all set up and working nicely in OpenSUSE 11.1, upgraded to OpenSUSE 11.2 and had to set:
Subsystem sftp internal-sftp
(which was:
Subsystem sftp /usr/lib64/ssh/sftp-server)
and:
ForceCommand internal-sftp
[Code]...
Of which with-pam is mandatory. I used prefix to put the binaries in a place that would not conflict with the standard distribution, this meant I also needed to change /etc/init.d/sshd so that it referenced the newly compiled version of sshd, and copy /etc/ssh/sshd_config to /opt/etc/sshd_config.
View 9 Replies
View Related
Sep 26, 2010
I tried setting up sftp for my users. Each of my user have their home directory at "/var/www/public_html/$USER". When my users are using sftp, they can only see their own directories and unable to move to other locations of the system. I followed through the following tutorials: [URL]
The users are able to sftp into the system successfully. However, they are able to see the whole system. Somehow, it appears that the users are not jailed in their home directory although in the tutorial it states otherwise. The difference of my system against the tutorial is that I am using Dropbear for SSH server while it is using Openssh server. Although dropbear does not support sftp, I am able to login through sftp through the use of sftp-server. For the internal mechanics, I am not sure how though.
Assuming that when I tried to SFTP, the sftp-server is ran with the sshd_config, then everything should be working fine right? Do i need to run chroot command at all? The following is the procedure I used to attempt the objective:
1) Add a new user to the group: SFTPonly
2) Chown user:SFTPonly user/home/directory
2) Modify the sshd_config to what is reflected in the tutorial and other paths.
View 1 Replies
View Related
Apr 13, 2011
i have a vsftpd server running well but i want to make/force all users to use sftp and not just ftp is this possible?
View 1 Replies
View Related
Mar 9, 2010
I am using Ubuntu 9.10 to configure telecom equipments. The software downloading process to the equipment requires that my Ubuntu laptop should act as a SFTP server where the software bundle for the equipment is stored. The equipment act as a SFTP client and requests the software from the server. The equipment have SFTP client hardwired in its memory. The same process i did with windows and i used Putty and FreeFtpD and it worked. Now i want to move to Ubuntu as i want to show that it is better. I have installed OpenSSH server in my laptop and now i need to know few things that i could not find anywhere straight forword.
1)I am using a ubuntu live usb drive with persistancy. How do i set username and password for the client, that is how to create the account in OpenSSH server?
2)I need to keep the software for the equipment in a folder inside server, so that it can be transferred to client upon request. In windows I give the path of the folder to FreeFtpD server. How to do the same in OpenSSH server?
Setting up servers and clients in linux is completely new for me.If this is done (as i know it can be but dont know how) then i can completely move from windows to Ubuntu environment.
View 1 Replies
View Related
Mar 31, 2010
I have tried, to set this up, but failed what kind of ftp would you guys recomend, as i have been having slight problems over recent days, with unknowns logging onto my annon ftp server, delt with mind.
I am thinking about a proper login even for the annon account, fairly easy to setup.
View 9 Replies
View Related
Jul 14, 2010
I cant seem to find any new good working How to setup SFTP from scratch. Im running CentOS 5.4
View 2 Replies
View Related
Mar 23, 2010
I'm attempting to give a few buddies encrypted storage space through sftp using truecrypt.I have it worked out to the point where the truecrypt volume is automatically mounted when the user logs on, and dismounted when they log off.I would like to restrict each person to their individual home folders. This way, I can control exactly how much space each user is able to use (through the size of the truecrypt volume), while maintaining security through the network due to using SFTP.
I've been looking around, and the only thing I can see is restricting a large group of users to a single directory, this won't work, I need each person to be locked down to their personal home directory.My end goal is to have these volumes "mountable" in Windows through the use of Windows network drives (on a wide network, not through samba on local), or by using expandrive or a similar program. how I can lock these users to their respective home folders?
View 9 Replies
View Related
Nov 22, 2010
I have setup SFTP and it is running without any problems. The problem I have is finding a client that supports key based logins through Linux. I do not want user based logins available and so far the solution works through my Windows machines using WinSCP. The only client I have found for Linux seems to be FileZilla but I have to convert my private key to the FileZilla format which removes the passphrase leaving it nice and insecure.
View 4 Replies
View Related
Jul 14, 2010
I've been searching the web, without finding any sollution to my problem.vsFTPd is acting really weird. I've never seen this problem before, and I've been using vsftpd for some years nowWell.. The thing is, I've made a user that chroots to the folder /var/www on my server. And when I then try to chmod the file /var/www/htdocs/testsite/index.html through my ftp-client, I only get the error "550 SITE CHMOD command failed.", and when I then check in my /var/log/vsftpd.log it says
Code:
FAIL CHMOD: Client "192.168.50.58", "/htdocs/testsite/index.html 777"
Which I think would mean that it tries to chmod the file "/htdocs/testsite/index.html" instead of chmod the
[code]....
View 7 Replies
View Related
May 21, 2010
I have an SFTP server using OpenSSH on a server running Fedora 12. I want to chroot my sftponly users into their home directory but I want to let them have write access to their upload/ folder. Right now users can log in and view & download items, but for some reason I can't get write access to work. Here's some info:
username: testuser
group: sftponly
from /etc/passwd:
testuser:x:501:501::/home/testuser/:/bin/false
[code]...
View 1 Replies
View Related
Oct 27, 2010
I have recently configured sshd_config to have chrooted SFTP service. I'm using SFTP internal-sftp config. However now I have to figure out how to log file transfers happening using the SFTP service. I'm using the Ubuntu Server 10.04 (64bit)
View 3 Replies
View Related
Nov 14, 2010
I have a openSSH server, it works to connect to it within the local network but I can't connect to it from the Internet. What I would like to do is to connect to the server using filezilla client, simply by using username and password.To make it secure from brute force attacks will I only allow connections from specific IP number.
I have a server with the static internal ip 192.168.1.5, port is 2222. My global ip is 10.4.5.6 and I would like to connect with filezilla client from ip 11.1.2.3. How do I connect?
View 1 Replies
View Related
Apr 8, 2010
In Nautilus I have a sftp:// mount as favorite, how can I see where it is mounted ?
View 5 Replies
View Related
Mar 20, 2011
i want to allow some friends to ssh/sftp/scp into my system but i only want them to have access to my external hard drive (/media/externalHD/), and i dont want them to be able to delete or add anything, only download.i have found instructions on how to limit a user to his/her home directory and thought about just creating a user with the home directory /media/externalHD but idk if this will work and im afraid i might make a mistake and delete 800gb of 'files'
View 2 Replies
View Related
Sep 1, 2011
I've searched the interwebs and have never had this problem before but I can connect with ssh no problem. The problem arises when I try to connect with sftp. I get code...
View 1 Replies
View Related
Mar 17, 2009
i'm on 9, x86_64, and have successfully created chrooted SFTp users following this [URL] tutorial. however, i need to get into the sftp account programmatically to move and delete the deposited files. so i enabled ACL and set setfacl -R -m u:$USER:rwx,d:u:$USER:rwx /home/$SFTPUSER
this works well EXCEPT that now the sftp user cannot log in. the latter, of course, is the problem at hand! it's driving me crazy. as soon as i remove the acl and revert back to the plain old chmod/chown scheme, the sftp user can log in ... but i can't delete files in the sftp account. i tried to set facl to the sftp group ('jailed') but to no avail.
View 1 Replies
View Related
Feb 1, 2010
I have this strange problem which I am unable to web search on and not sure what to do next. My Linux knowledge is between basic to intermediate but I know how to troubleshoot general hardware problems.
My problem is that Ubuntu 9.04 Jaunty 64-bit hangs while SFTP is active and dynamic IP changes. For example, I SFTP into my home server and transfer file then suddenly my ISP decides to renew my IP and give me a new IP while my SFTP client is still uploading files to my home server. This causes my SFTP client to stop working. Upon checking, my router is still running with a new IP lease from my ISP. My Linux box still powers on but typing anything from the keyboard does not make it "wake up" and put things on the monitor. Nothing seems to make it respond and the only way is to get about it is to power off and on. During that time, you cannot SSH into the server as there is no respond. SFTP into the server is not possible too because connection fails.
The server has all new hardware, latest BIOS, etc. Memtest86 shows no errors after running for more then 5 hours. I am unable to find anything out of the norm in /var/log/kern.log or in dmesg. All hardware seems to be working.
When I think about it, I tend to think OpenSSH (probably that is the default package in Jaunty) is causing this system hang whenever there is an interrupted connection from the outside world. However, I fail to agree with this is because I am sure the daemon and Linux can tolerate this situation without resorting to system hang. FYI, I have installed vsftp as well but this should not be a problem.
View 2 Replies
View Related
Feb 15, 2010
I run some IT systems for my schools Engineering student organization.
We are upgrading our systems and I just purchased a new server system which I am configuring.
I am using Ubuntu 10.04 Lucid Lynx and the new likewise-open packages.
The points I bring up following this sentence are to fulfill this final goal : Get SFTP, SSH, and Network Share's over our private network all using the schools Active Directory for auth and it's groups to derive privs.
So... Here's what i've done and what i've tried to do.
1 ) I set up likewise-open and got it to join the domain. When I do this I can ssh to localhost as 'schoolnetworkADname'. So that part works (hurray). To get a network share to use these same auth methods I have tried installing likewise-open-server. Everything launches find and the daemons run, but when I go into computer management on a windows server to set up the actual shares, I get permission denied. The account it is giving permission denied to is the same AD account that join likewise-open to the network, so... what is going on.
2 ) Samba, fail. I can't seem to get samba to run on this machine at all, which is strange because even my Samba expert was puzzled. It just won't let Samba join the domain properly, and due to this, I want to keep on the newer likewise package... unless I have to switch to this.
How I can get the lame likewise-open-server to work?
View 1 Replies
View Related
Jun 6, 2010
I am currently running Ubuntu Server 9.10 as an FTP server. It has become a necessity to allow users access via SSH terminal or sftp via WinSCP. I need to be able to monitor what users are doing at any given time and be able to pull up each users activity history. Essentially I need to be able to pinpoint who modified a file at what time. Also what is the best method to monitor things like nmap probes?
View 1 Replies
View Related
Jul 21, 2011
I'm trying to get ChrootDirectory working with SFTP. I understand the chroot directory is not writable by the user, so I have to create a sub-directory the user is supposed to write to. I keeping getting write permission denied when uploading a file to this sub directory? how to troubleshoot this or know what i'm doing wrong? Here's how I have it setup.
Fedora 15, OpenSSH 5.6p1
/etc/ssh/sshd_config looks like this
Code:
Subsystem sftp internal-sftp
Match Group sftp
ChrootDirectory %h
[code]...
I created the sftp group and created a test user.
Code:
groupadd sftp
useradd -g sftp -s /bin/false -d /home/test test
Then gave root access to the test user's home directory so chroot will work.
Code:
chown root:root /home/test
chmod 755 /home/test
Since the user's home directory is the chroot directory, the user will not have write access to it. So I created a sub-directory that the user will have write access to.
Code:
mkdir /home/test/data
chown test:test /home/test/data
chmod 755 /home/test/data
I can successfully sftp into the server and download files. But I cannot upload files to the data directory? I get write permission denied.
View 1 Replies
View Related
Dec 11, 2010
I want to share files over the web with only a few people and limiting them to certain folders. I have been doing a remote access (ssh) to my server to access it from a pc on the local network. I later found out the same program doing ssh (open_ssh) was also doing sftp, great I could do both with one system account. Problem I couldn't find away to configure another user to go over the web with limited folder access without messing up my user to access the pc. I tried ftps by using vsftpd, I couldn't get chroot set up correctly or even log in. So my question is what program and/or protocol should I use to do secure ftp over the web?
OS: Ubuntu 64bit 10.04
View 4 Replies
View Related
Mar 14, 2010
I ended up setting up a basic linux file server as a pdc for that office. Our main office is a windows 2000 ads domain. The two offices are connected with a vpn. I only have two users at the new location so I simply have the linux and samba usernames/passwords setup manually. I would like to know if it is possible to setup a domain trust between the two sites so I don't have to create a username/password in the remote site for every user at the main office to access. I did some searching but came up empty.
View 5 Replies
View Related
Dec 20, 2009
I have FileZilla installed on this machine, and OpenSSH (with an open port 22) on another machine on my home network. When I try and connect, I get: Quote: Status:Connecting to 192.168.2.3... Response:fzSftp started Command: open "alphatwo@192.168.2.3" 22 Error:Connection refused Error:Could not connect to server
Which has left me puzzled as I have an open port. Does the username have to be defined somewhere? E.g. the machine acting as my SFTP server can be logged on to locally as alphatwo so that's what I logged in as (with the correct password). Is this correct? If so, does anyone have any ideas as to how I might rectify it? I want SFTP set up so I can copy PHP files from my laptop to /var/www/html/ on another PC (across the home network).
View 4 Replies
View Related
Oct 16, 2010
I'm fairly new to linux, and a few days ago, as I was updating my system, I got the "EBDA is big ; kernel setup stack overlaps LILO second stage" error after reboot. I use a 3- boot, ( Win XP / Debian / Debian) and Windows XP works fine, but I can't launch any of the Debian. I googled the message, and I found this link :
[URL]
The only problem problem is that when I try to chroot, I got another message, "chroot: failed to run command `/bin/bash': No such file or directory" I googled this message too, but found no relevant answers. I am now using a knoppix usb drive to try to repair the lilo, but I ran out of ideas ...
View 4 Replies
View Related
