Find the answer to your Linux question:
Page 2 of 3 FirstFirst 1 2 3 LastLast
Results 11 to 20 of 22
There is a great deal of confusion on the net regarding this. Here's the scoop: Your /etc/vsftpd.conf sets the parameters for regular FTP, NOT for SFTP. SFTP is a subsystem ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #11
    Just Joined!
    Join Date
    Jul 2011
    Location
    Cincinnati, OH
    Posts
    6

    There is a great deal of confusion on the net regarding this. Here's the scoop: Your /etc/vsftpd.conf sets the parameters for regular FTP, NOT for SFTP. SFTP is a subsystem of SSH and does not use the settings in /etc/vsftpd.conf. The vsftpd daemon doesn't even have to be running to do SFTP. If you enable "chroot_local_user=YES" in /etc/vsftpd.conf, that will jail users coming in via regular FTP, but NOT SFTP. To do chroot in SFTP, the settings are in /etc/ssh/sshd_config and it depends on what version you have. I've read that you need OpenSSH 5 or newer for it to work with SFTP.

  2. #12
    Linux Newbie amithad's Avatar
    Join Date
    Sep 2006
    Location
    Sri Lanka
    Posts
    160

    Thumbs up

    Dear All,

    Thank you so much for allocating your time for my problem. Finally I was able to get the thing working using just FTP but not via SFTP. I installed system-config-vsftpd GUI tool to my server and enable "enable list of allowed/denied users and deny user in the list (otherwise allow)" options in the access control section of FTP Administration GUI. The I enable the options " allow local users, change root directory for the users to their home directory and Chrootjail-place only users from list below to 'chroot-jail' in users section of FTP Administration GUI. in the chroot_list file I put the users that allow to browse the file hierarchy. It worked fine

    I'm trying how I can figure out SFTP access also according to your valuable suggestions. I did this since I had a deadline. So again thank you all for your wonderful help

    Best Regards

    amitha

    N.B. you have to save your changes twice and reload the changes in FTP administration GUI

  3. #13
    Just Joined!
    Join Date
    Jul 2011
    Location
    Cincinnati, OH
    Posts
    6
    I have a follow up for my previous post: If you use SSH to configure chroot jail, you need SSH version 5 or higher.
    The directory to which you chroot the user (and I think, any directories above that) must be owned by root and not be writable by the user. Set the directory to 755 and make sure it's owned by root. Then, create a directory one level down from there with write permissions for the user. The configuration is in either /etc/ssh/sshd_config or /etc/sshd_config depending on what version of Unix you are using. In that file, you want:

    Subsystem sftp internal-sftp

    and

    Match User username
    ChrootDirectory /directoryname
    ForceCommand internal-sftp

    There may be other requirements for your version of Linux. I'm using SuSE SLES 10, SP 4.


    Quote Originally Posted by amithad View Post
    Dear All,

    Thank you so much for allocating your time for my problem. Finally I was able to get the thing working using just FTP but not via SFTP. I installed system-config-vsftpd GUI tool to my server and enable "enable list of allowed/denied users and deny user in the list (otherwise allow)" options in the access control section of FTP Administration GUI. The I enable the options " allow local users, change root directory for the users to their home directory and Chrootjail-place only users from list below to 'chroot-jail' in users section of FTP Administration GUI. in the chroot_list file I put the users that allow to browse the file hierarchy. It worked fine

    I'm trying how I can figure out SFTP access also according to your valuable suggestions. I did this since I had a deadline. So again thank you all for your wonderful help

    Best Regards

    amitha

    N.B. you have to save your changes twice and reload the changes in FTP administration GUI
    Last edited by gflorko; 07-25-2011 at 02:21 PM.

  4. $spacer_open
    $spacer_close
  5. #14
    Linux Newbie amithad's Avatar
    Join Date
    Sep 2006
    Location
    Sri Lanka
    Posts
    160
    Hi gflorko,

    Followed what you have mentioned, but when connecting using WinScp gives an authentication failure

    thanks amitha

  6. #15
    Just Joined!
    Join Date
    Jul 2011
    Location
    Cincinnati, OH
    Posts
    6
    Can you connect from a Unix command prompt?

    sftp username@localhost?

    In WinSCP, are you sure you're using protocol SFTP? Not SCP?


    Greg


    Quote Originally Posted by amithad View Post
    Hi gflorko,

    Followed what you have mentioned, but when connecting using WinScp gives an authentication failure

    thanks amitha

  7. #16
    Linux Newbie amithad's Avatar
    Join Date
    Sep 2006
    Location
    Sri Lanka
    Posts
    160
    Quote Originally Posted by gflorko View Post
    Can you connect from a Unix command prompt?

    sftp username@localhost?

    In WinSCP, are you sure you're using protocol SFTP? Not SCP?


    Greg
    Yes I use SFTP function not the SCP function. Tried login locally it fails. Gives the error message " Write failed: broken pipe" error.
    Last edited by amithad; 07-29-2011 at 05:29 AM.

  8. #17
    Just Joined!
    Join Date
    Jul 2011
    Location
    Cincinnati, OH
    Posts
    6
    Are you getting that broken pipe when trying:

    ftp username@localhost

    from a Unix command prompt?

    Greg


    Quote Originally Posted by amithad View Post
    Yes I use SFTP function not the SCP function. Tried login locally it fails. Gives the error message " Write failed: broken pipe" error.

  9. #18
    Linux Newbie amithad's Avatar
    Join Date
    Sep 2006
    Location
    Sri Lanka
    Posts
    160
    Quote Originally Posted by gflorko View Post
    Are you getting that broken pipe when trying:

    ftp username@localhost

    from a Unix command prompt?

    Greg
    yes Greg I'm getting it while login locally using command prompt

    Thanks

    Amitha

  10. #19
    Just Joined!
    Join Date
    Jul 2011
    Location
    Cincinnati, OH
    Posts
    6
    Well, if you're getting that from a Unix command prompt, you're getting ahead of yourself trying to use WinSCP. You need to get it working in Unix first before trying it from any WinPC client. I would ensure that the directory to which you chroot has Unix permissions of 755 and is owned by root. Also, check to see which version of SSH you have. You need 5 or higher for chroot to work.


    Quote Originally Posted by amithad View Post
    yes Greg I'm getting it while login locally using command prompt

    Thanks

    Amitha

  11. #20
    Linux Newbie amithad's Avatar
    Join Date
    Sep 2006
    Location
    Sri Lanka
    Posts
    160
    Dear Greg,

    I'm using Fedora 13 as my server OS, OpenSSH_5.4pl for my ssh server version.

    when I type ls -l command for the users home directory which resides in /tmp/amitha2 folder permissions are as follows

    drwxrwxr-x. 2 amitha amitha 4096 Jul 28 14:26 amitha2

Page 2 of 3 FirstFirst 1 2 3 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •