Configure sftp

Currently, I'm running a windows based sftp.  I want to setup sftp on my Centos 5.0 virtual server.  It is running OpenSSH v4.3p2.  

I would like customers to sftp files into this server only.  They shouldn't be able to leave their home directory or ssh into the box to run commands.  Does someone have a a link with instructions to setup sftp on my server?

I appreciate the help.
LVL 1
magnusthorneAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
pawwaCommented:
You could easily setup a SFTP chroot with OpenSSH using it's internal SFTP system.

1. Add the following lines in your /etc/ssh/sshd_config file :

--------------------------------------
Subsystem sftp internal-sftp
Match group users
ChrootDirectory /chroot/users/%u
ForceCommand internal-sftp
--------------------------------------

(if you have a Subsystem command already in your config then comment it, and use the example I have provided)

2. Then add a group users if you don't have it (I think CentOS should have it already), and add some users in this group.

3. Create a /chroot/users/user1/home/user1 (replace user1 with your username of choice)

4. Restart sshd i try to connect to sftp (from Linux you could test it with sftp user1@localhost)
0
pawwaCommented:
BTW if you want to control users who can or can not log in to SSH, you could set another group, say ssh-users, and use AllowUsers ssh-users line in your sshd_config. This will mean that _only_ the users in this group could log into your SSH so be careful when setting that.
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

pawwaCommented:
Ups, I meant AllowGroups (not AllowUsers)!
0
magnusthorneAuthor Commented:
[root@22054_1_15876_87620 ~]# service sshd restart
Stopping sshd:                                             [  OK  ]
Starting sshd: /etc/ssh/sshd_config: line 121: Bad configuration option: Match
/etc/ssh/sshd_config: line 123: Bad configuration option: ForceCommand
/etc/ssh/sshd_config: terminating, 2 bad configuration options
                                                           [FAILED]

It didn't like  the Match and ForceCommand.  Do I need a newer version of ssh?

My configuration:
Subsystem sftp internal-sftp
Match Group sftponly
ChrootDirectory /chroot/users/%u
ForceCommand internal-sftp
0
magnusthorneAuthor Commented:
ganjos, where do I find the mkchroot.sh mentioned in your link?  The website it references is down.
0
pawwaCommented:
Yes magnusthorne, you probably have an older version of OpenSSH, where some of the described commands are not implemented. Get the latest OpenSSH package and it will be OK.

Try following this link:

http://binblog.info/2009/02/27/packaging-openssh-on-centos/
0
magnusthorneAuthor Commented:
OpenSSH is upgraded.  OpenSSH_5.4p1, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008

However, it still doesn't like the sshd_config changes.
Starting sshd:WARNING: initlog is deprecated and will be removed in a future release
/etc/ssh/sshd_config: line 120: Bad configuration option: Match
/etc/ssh/sshd_config: line 122: Bad configuration option: ForceCommand
/etc/ssh/sshd_config: terminating, 2 bad configuration options


0
Joseph GanSystem AdminCommented:
Here is another link on How to Setup a chroot jail for ssh / scp / sftp with Linux:

http://www.fuschlberger.net/programs/ssh-scp-sftp-chroot-jail/

You can download a similar script there.
0
uaynebCommented:
Are you sure that the sshd you are starting now is the upgraded openssh that you installed?  

I'm guessing you're still starting the older version of ssh.  

Take out the commands it's complaining about, start ssh, and do a

telnet localhost 22

and see what version it responds with.

bash-3.2# telnet localhost 22
Trying...
Connected to loopback.
Escape character is '^]'.
SSH-2.0-OpenSSH_5.2
quit

telnet> quit
Connection closed.
bash-3.2#




0
magnusthorneAuthor Commented:
I'm gave up on configuring it.  I installed Core FTP on another Windows box.  
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.