Tag Archives: sftp

SFTP allow user to login via SFTP

If we are just allowing both on AllowUsers in file /etc/ssh/sshd_config, new users won’t be allowed to access the server.

So!, lets edit it a add the new user. Find AllowUser line and add it there.

sudo nano /etc/ssh/sshd_config

This should look something like

#PermitRootLogin without-password
PermitRootLogin no
StrictModes yes
AllowUsers bofh newuser

Save and Exit!
Restart SSH

service ssh restart

Now the user!

addgroup --system filetransfer

usermod -G filetransfer username
chown root:root /home/username
chmod 755 /home/username

cd /home/username
chown username:filetransfer *

 

Hooray!

 

fatal: no matching mac found

One of my clients was trying to connect, for the first time, on his brand new server..
Somehow he wasn’t able to connect….

He showed me the following *log/report*…

Status:    Waiting to retry...
Status:    Connecting to 37.XX.XX.XX...
Response:  fzSftp started
Command:   open "[email protected]" 22
Error:     Server unexpectedly closed network connection
Error:     Could not connect to server

and this is the auth.log on the server…

fatal: no matching mac found: client hmac-sha1,hmac-sha1-96,hmac-md5 server [email protected],hmac-sha2-256-$

Solution?
Update the SFTP client – in this case filezilla -.

Readings?
https://forum.filezilla-project.org/viewtopic.php?t=31738
https://en.wikibooks.org/wiki/OpenSSH/Logging

SFTP/SSH Write failed: Broken pipe

I was trying to access via SFTP and SSH to a host, and I was getting some strange errors…
yesterday it was okay….

ssh [email protected]
[email protected]'s password:
Write failed: Broken pipe

I’v sshed with other user and changed to a root user.
Had to read the auth.log file to figure out what was going on.

[email protected]:/home/mike# tail -f /var/log/auth.log

So… this is what I got.

May 28 13:45:31 sd-11111 sshd[1676]: Accepted password for mike from 84.91.4.220 port 59004 ssh2
May 28 13:45:31 sd-11111 sshd[1676]: pam_unix(sshd:session): session opened for user mike by (uid=0)
May 28 13:45:31 sd-11111 systemd-logind[447]: Removed session 4.
May 28 13:45:31 sd-11111 systemd-logind[447]: New session 5 of user mike.
May 28 13:45:32 sd-11111 sshd[1694]: fatal: bad ownership or modes for chroot directory "/home/mike"
May 28 13:45:32 sd-11111 sshd[1676]: pam_unix(sshd:session): session closed for user mike

The solution was to do the following…

[email protected]:/home# sudo chown root:root /home/mike/
[email protected]:/home# sudo chmod 755 /home/mike/

 

 

SFTP – Restrain/Lock/Jail the user to their home

Create the user and their home
cd /home
mkdir username
useradd -d /home/username -M -N -g users username
sudo chown root:root /home/username
sudo chmod 755 /home/username
Edit /etc/ssh/sshd_config
nano /etc/ssh/sshd_config

Search for “lib/openssh/sftp-server” and make it like

#Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp

Add the following lines bellow it…

Match User username
    ChrootDirectory /home/username
    ForceCommand internal-sftp
Restart SSH
service ssh restart

More readings
http://www.techrepublic.com/blog/linux-and-open-source/chroot-users-with-openssh-an-easier-way-to-confine-users-to-their-home-directories/
http://superuser.com/questions/370953/how-to-not-allow-user-outside-of-home-directory-with-sftp