• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2428
  • Last Modified:

Configure sftp

Currently, I'm running a windows based sftp.  I want to setup sftp on my Centos 5.0 virtual server.  It is running OpenSSH v4.3p2.  

I would like customers to sftp files into this server only.  They shouldn't be able to leave their home directory or ssh into the box to run commands.  Does someone have a a link with instructions to setup sftp on my server?

I appreciate the help.
0
magnusthorne
Asked:
magnusthorne
  • 4
  • 4
  • 2
  • +1
2 Solutions
 
pawwaCommented:
You could easily setup a SFTP chroot with OpenSSH using it's internal SFTP system.

1. Add the following lines in your /etc/ssh/sshd_config file :

--------------------------------------
Subsystem sftp internal-sftp
Match group users
ChrootDirectory /chroot/users/%u
ForceCommand internal-sftp
--------------------------------------

(if you have a Subsystem command already in your config then comment it, and use the example I have provided)

2. Then add a group users if you don't have it (I think CentOS should have it already), and add some users in this group.

3. Create a /chroot/users/user1/home/user1 (replace user1 with your username of choice)

4. Restart sshd i try to connect to sftp (from Linux you could test it with sftp user1@localhost)
0
 
pawwaCommented:
BTW if you want to control users who can or can not log in to SSH, you could set another group, say ssh-users, and use AllowUsers ssh-users line in your sshd_config. This will mean that _only_ the users in this group could log into your SSH so be careful when setting that.
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
pawwaCommented:
Ups, I meant AllowGroups (not AllowUsers)!
0
 
magnusthorneAuthor Commented:
[root@22054_1_15876_87620 ~]# service sshd restart
Stopping sshd:                                             [  OK  ]
Starting sshd: /etc/ssh/sshd_config: line 121: Bad configuration option: Match
/etc/ssh/sshd_config: line 123: Bad configuration option: ForceCommand
/etc/ssh/sshd_config: terminating, 2 bad configuration options
                                                           [FAILED]

It didn't like  the Match and ForceCommand.  Do I need a newer version of ssh?

My configuration:
Subsystem sftp internal-sftp
Match Group sftponly
ChrootDirectory /chroot/users/%u
ForceCommand internal-sftp
0
 
magnusthorneAuthor Commented:
ganjos, where do I find the mkchroot.sh mentioned in your link?  The website it references is down.
0
 
pawwaCommented:
Yes magnusthorne, you probably have an older version of OpenSSH, where some of the described commands are not implemented. Get the latest OpenSSH package and it will be OK.

Try following this link:

http://binblog.info/2009/02/27/packaging-openssh-on-centos/
0
 
magnusthorneAuthor Commented:
OpenSSH is upgraded.  OpenSSH_5.4p1, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008

However, it still doesn't like the sshd_config changes.
Starting sshd:WARNING: initlog is deprecated and will be removed in a future release
/etc/ssh/sshd_config: line 120: Bad configuration option: Match
/etc/ssh/sshd_config: line 122: Bad configuration option: ForceCommand
/etc/ssh/sshd_config: terminating, 2 bad configuration options


0
 
Joseph GanSystem AdminCommented:
Here is another link on How to Setup a chroot jail for ssh / scp / sftp with Linux:

http://www.fuschlberger.net/programs/ssh-scp-sftp-chroot-jail/

You can download a similar script there.
0
 
uaynebCommented:
Are you sure that the sshd you are starting now is the upgraded openssh that you installed?  

I'm guessing you're still starting the older version of ssh.  

Take out the commands it's complaining about, start ssh, and do a

telnet localhost 22

and see what version it responds with.

bash-3.2# telnet localhost 22
Trying...
Connected to loopback.
Escape character is '^]'.
SSH-2.0-OpenSSH_5.2
quit

telnet> quit
Connection closed.
bash-3.2#




0
 
magnusthorneAuthor Commented:
I'm gave up on configuring it.  I installed Core FTP on another Windows box.  
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 4
  • 4
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now