0

This question is very much related to this question. The answer there is useful, but unfortunately incomplete. How to add user with SFTP/ FTP access to '/var/www/html/website_abc' folder on Amazon EC2 Centos?

I want to grant third party access to a part of my directory structure on my Amazon EC2 instance. I followed this tutorial to add a group and a user, and followed this tutorial to chroot this user. It is unclear to me how to continue after these two steps though. Below are the steps taken in more detail, and where I am stuck.

Add group and user

In terminal:

sudo groupadd sftp
sudo useradd -g sftp thirdparty
sudo usermod -G sftp thirdparty
sudo usermod -s /bin/false thirdparty
sudo chown root:root /var/www/html/exports/thirdparty
sudo chmod 0755 /var/www/html/exports/thirdparty
sudo passwd thirdparty (set password e.g. to abcd)

Chroot this user

Add these lines to etc/ssh/sshd_config:

Subsystem sftp /usr/lib/openssh/sftp-server

Match Group sftp
    ChrootDirectory %h
    AllowTcpForwarding no
    X11Forwarding no
    ForceCommand /usr/lib/openssh/sftp-server

Restart OpenSSH:

/etc/init.d/ssh restart

Remote access

From this point it is unclear what to do next. The tutorials mention to use FileZilla, but not exactly how. I try the following.

Attempt 1

Host: 12.34.56.789 (public IP from EC2 Management Console)
Username: thirdparty
Password: abcd
Port: 
--> Quickconnect

Status:         Connecting to 12.34.56.789:21...
Error:          Connection timed out after 20 seconds of inactivity
Error:          Could not connect to server

Attempt 2

Host: 12.34.56.789 (public IP from EC2 Management Console)
Username: thirdparty
Password: abcd
Port: 22
--> Quickconnect

FileZilla warns about unknown host key. I click OK to trust the host and carry on connecting. I did not (yet) add the key to the cache.

Status:         Connecting to 12.34.56.789...
Response:       fzSftp started, protocol_version=2
Command:        open "thirdparty@12.34.56.789" 22
Command:        Trust new Hostkey: Once
Error:          Disconnected: No supported authentication methods available (server sent: publickey)
Error:          Could not connect to server

Can anyone pinpoint me what to do next? Is this SSH related, or AWS specific (VPC related)?

Community
  • 1
physicalattraction
  • 101
  • 4
  • server logs should guide you about the reasons of the failures. Or searching around stackexchange sites. – Jakuje Sep 22 '15 at 16:17

1 Answers1

1

Amazon EC2 has SSH password authentication disabled by default and this is exactly what message in your Attempt 2 case says. You need either set up login with ssh key for your user (good) or update /etc/sshd_config to enable password authentication (bad).

dtoubelis
  • 4,579
  • 1
  • 28
  • 31