Francisco Palacio
asked on
Looking for easy to deploy and reliable SFTP/SCP server.
I would like to have an easy to deploy and reliable SFTP/SCP server. I know about SolarWinds SFTP/SCP server. Is there an easy to deploy Linux SFTP/SCP server? I have limited Linux experience, although I have deployed a Linux server on Hyper-V.
Thank you.
I'd backup noci's suggestion to use the openssh. Package name should be something like server openssh-server
However you should explain in a little more detail what exactly you want.
For example:
Some special setup is needed if you want that the users have only sftp access and no ssh access, but it's rather easy.
If you want to root cage their home directory. (user shall only see the path '/' and this shall correspond to /home/userma,e) a little more editing is needed, but it's also quite simple
each sftp account will correspond to one account on this machine.
Will you create all users manually, . . . ?
Please clarify and we can give more precise answers.
However you should explain in a little more detail what exactly you want.
For example:
Some special setup is needed if you want that the users have only sftp access and no ssh access, but it's rather easy.
If you want to root cage their home directory. (user shall only see the path '/' and this shall correspond to /home/userma,e) a little more editing is needed, but it's also quite simple
each sftp account will correspond to one account on this machine.
Will you create all users manually, . . . ?
Please clarify and we can give more precise answers.
ASKER
I would be installing SFTP/SCP server under Hyper-V mainly for SCP file uploads or downloads. I would manually create all users and would want the user to only have access to their home directory after the user logs in. Are there links you suggest I look into for deployment instructions and limiting each user to the user's home directory?
Thank you.
Thank you.
extracted from an old README, that I wrote for myself. Perhaps it helps.
Modify the subsystem line to
- create a group sftponly
- Add user <username> with primary group sftponly and shell command /bin/false
- set home directory ownership to root
- create a data directory with write permissions
Modify the subsystem line to
Subsystem sftp internal-sftpMatch Group sftponly
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no
Example shell commands to create a new user and set it up:
addgroup sftponly
adduser --ingroup sftponly username
usermod -s /bin/false username
chown -R root:root /home/username/
mkdir /home/username/data
chmod ug+w /home/username/dataASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Gelonida and Arnold, I will work on following your instructions for my education. I found out that the customer asking for help has an installation of Solarwinds SFTP/SCP server. I will check this out using winscp.
Thank you for your responses.
Thank you for your responses.
https://www.experts-exchange.com/questions/29220417/How-to-resolve-Could-not-start-transfer-FileZilla-on-Mac-Ubuntu-18-04-LAMP-on-Linode.html provides details about how to get MySecureShell working in a few minutes.
The only SFTP server that... works as expected... out of the box... first time...
The only SFTP server that... works as expected... out of the box... first time...
ASKER
Based on Arnold's comment that every Linux has scp server built in, I downloaded Centos 8 and installed it as a guest VM in a Hyper-V host. Installation GUI was straightforward. Users have their home directory accessible when Winscp client is used to connect. Much easier implementation than I expected.
Based on Arnold's comment that every Linux has scp server built in, I downloaded Centos 8 and installed it as a guest VM in a Hyper-V host. Installation GUI was straightforward. Users have their home directory accessible when Winscp client is used to connect. Much easier implementation than I expected.
But without special configuration they have now also shell access to that machine. Not sure whether this is a security issue in your context.
ASKER
gelonida - I don't give administrator access to the regular user, just access to their home directory when the user connects via scp client. When the user attempts to connect via ssh, access is denied. However, I need to figure out how to prevent the scp client to view directories other than the home directory.
Thanks for the comment
Thanks for the comment
If the default debian server is openssh server, then look at my comments, that I posted 5 days ago.
Ensure users are members of the group sftp only and add floowing lines to the sshd config
Match Group sftponly
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding noThis suggested approach (adding the ChrootDirectory directive) avoids any access to the root file system like to /tmp, /usr/local, /usr/bin
For restricting right:
1) Ensure each user has it's own group
or
2) Ensure all home directories have chmod 700 /home/* (or chmod og-rwx).
1) Ensure each user has it's own group
or
2) Ensure all home directories have chmod 700 /home/* (or chmod og-rwx).
In most cases (99.999%) is is installed by default.
wrt. easy to deploy ... that does depend on you total requirements, if the system only does SSH/SCP/SFTP services or also Other services need to delivered and home the various components need to interact.