Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
When I test with Filezilla from my windows machine i get this:
Status: Connecting to 10.2030.178...
Response: fzSftp started
Command: open "user1@10.2030.178" 22
Error: ssh_init: Host does not exist
Error: Could not connect to server
Can someone please offer some guidance? First time building a production sftp server, it was fun at first :-)
#telnet 10.20.30.178 22
Trying 10.20.30.178...
Connected to 10.20.30.178 (10.20.30.178).
Escape character is '^]'.
SSH-2.0-OpenSSH_5.3
?
Protocol mismatch.
Connection closed by foreign host.
seems like telnet connected, however shouldnt I not get closed when i type ? then hit enter? Whats a good command to type when a telnet connection is open?
you missed a "." out in the IP... 10.2030.178. that's *not* a typo just here, right?
Oops! corrected that mistake and got the error I was getting all day:
Response: fzSftp started
Command: open "user1@10.20.30.178" 22
Command: Pass: ************
Error: Network error: Software caused connection abort
Error: Could not connect to server
looks like its permissions.. I'll take a stab at this again on Monday:
Sep 14 10:43:46 sftp sshd[2220]: Accepted password for user1 from 10.20.30.120 port 43039 ssh2
Sep 14 10:43:46 sftp sshd[2220]: pam_unix(sshd:session): session opened for user user1 by (uid=0)
Sep 14 10:43:46 sftp sshd[2225]: fatal: bad ownership or modes for chroot directory "/home/sftpuser/user1"
Sep 14 10:43:46 sftp sshd[2220]: pam_unix(sshd:session): session closed for user user1
1) Is there something else I am missing (permissions?, etc)?
2) Chroot directory is: /home/sftpuser/%u
This means that the user cant go back to sftpuser nor his home folder.. only can "work" in uploads right? Shouldnt sftpuser and user1 be owned by root?
what's all this uid=0 stuff? You've not created a second account wit roots uid have you??
it makes an utter mockery of the solution by letting root log in in some half arsed way, the user1 directory should be owned by user1, who should have a unique uid of at least 500, and a group to match or a "users" group.
what's all this uid=0 stuff? You've not created a second account wit roots uid have you??
it makes an utter mockery of the solution by letting root log in in some half arsed way, the user1 directory should be owned by user1, who should have a unique uid of at least 500, and a group to match or a "users" group.
Filezilla is stating:
Response: fzSftp started
Command: open "user1@10.20.30.178" 22
Command: Pass: *******
Status: Connected to 10.20.30.178
Status: Retrieving directory listing...
Command: pwd
Response: Current directory is: "/"
Command: ls
Status: Listing directory /
Error: Unable to open .: permission denied
Error: Connection timed out
Error: Failed to retrieve directory listing
Not really sure why tail -f /var/log/secure is stating uid=0:
Sep 19 07:13:49 sftp sshd[1987]: Accepted password for user1 from 10.20.30.172 port 57096 ssh2
Sep 19 07:13:49 sftp sshd[1987]: pam_unix(sshd:session): session opened for user user1 by (uid=0)
Sep 19 07:13:49 sftp sshd[1991]: subsystem request for sftp
Sep 19 07:14:09 sftp sshd[1987]: pam_unix(sshd:session): session closed for user user1
Sep 19 07:21:12 sftp sshd[2035]: Accepted password for user1 from 10.20.30.172 port 57287 ssh2
Sep 19 07:21:12 sftp sshd[2035]: pam_unix(sshd:session): session opened for user user1 by (uid=0)
Sep 19 07:21:12 sftp sshd[2039]: fatal: bad ownership or modes for chroot directory "/home/sftpuser/user1" Sep 19 07:21:12 sftp sshd[2035]: pam_unix(sshd:session): session closed for user user1
I guess I'll have to start digging into the internet / man pages more for permissions for this scenario.. couldnt find much before
Match Group sftponly
ChrootDirectory /home/%u
AllowTCPForwarding no
ForceCommand internal-sftp
[root@X home]# service sshd restart
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
however when I sftp from another box I get this:
sftp> lpwd
Local working directory: /root
This is confusing too.. it let me list the /root contents
sftp> lls
anaconda-ks.cfg install.log.syslog
IBM_Informix_Software_Bundle_InstallLog.log multicast-listener-v2
Then when I do this, I get this!:
sftp> ls -l
drwxr-xr-x 2 500 503 4096 Sep 19 13:26 upload
sftp>
Filezilla brings me right into the upload folder, which I cant upload a test.txt file to due to permissions error.. I can sort that out.. however whats with the sftp saying my local working directory is /root.. is that because its acutally /user1 but chroot? I'm not supposed to be able to list /roots contents though.. anyone have a better approach to this? I feel like im close.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.