4
I'm having a problem setting up SFTP with an Ubuntu Server 10.04 LTS x64.
I use openSSH with public key authentication, I can login with SSH perfectly with the keys no problem. I can also connect to the FTP server, but I can't write, download or any files from the folder.
Users:
thomas
thomas_filetransfer (home directory is "/" and is part of group "filetransfer")
Groups:
filetransfer
/etc/ssh/sshd_config:
Not all, just the essentials for SFTP configuration:
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
LogLevel VERBOSE
PermitRootLogin no
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile /etc/ssh/authorized_keys #might be the problem?
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
PasswordAuthentication yes
X11Forwarding no
UsePAM no
UseDNS no
AllowUsers thomas thomas_filetransfer
Subsystem sftp internal-sftp
Match group filetransfer
ChrootDirectory /var/www
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
File permissions:
/var/www = owner = root, group = root, permissions = rwxr-x--- (750)
/etc/ssh = owner = root, group = root, permissions = rwxr-xr-x (755)
/etc/ssh/authorized_keys = owner = root, group = root, permissions = -rw-r--r-- (600)
And again, SSH is working perfectly. I set up the private and public keys and they work, SFTP login works also, but when I try to upload/download a file, it get's wrong.
When I authenticate with my ssh box from a remote box I found this in my /var/log/auth.log file, don't know if anything has to do with it anyway:
Connection from 192.168.124.1 port 54993
Failed none for thomas_filetransfer from 192.168.124.1 port 54993 ssh2
Found matching RSA key: b4:a3:3d:18:b9:30:0c:60:e6:2b:31:47:a9:8d:1d:53
Found matching RSA key: b4:a3:3d:18:b9:30:0c:60:e6:2b:31:47:a9:8d:1d:53
Accepted publickey for thomas_filetransfer from 192.168.124.1 port 54993 ssh2
User child is on pid 849
The second line says "failed none for ..."
randomKek
Posted 2012-03-13T13:39:42.803
Reputation: 273
Still not working, the owner is now root, and the group is now filetransfer. I can still connect to the SFTP but when I try to create a folder I get "permission denied". I checked the log file and there is nothing special in it, it doesn't give any information when I try to create the folder, although I found this when authenticating with SFTP, dunno if it matters: Failed none for thomas_filetransfer from 192.168.124.1 port 54993 ssh2 – randomKek – 2012-03-13T13:58:34.760
I forgot to add "sudo chmod 770 /var/www" but now I can't access my SFTP anymore at all. – randomKek – 2012-03-13T14:04:12.773
Hmm.... it seems that was my mistake. chmod it back to 750. Let me see what else I can come up with. – Carlos – 2012-03-13T14:18:20.087
The only difference I see is that in my setup, I have
Subsystem sftp /usr/lib/openssh/sftp-serverandForceCommand /usr/lib/openssh/sftp-server. Also the word "group" has a capital G. – Carlos – 2012-03-13T14:21:36.853I can get back into in it now its back @ 750, do you use public keys or just password auth, and protocol 2? I think the problem is, that it the logged in user is seen as "others" not group, although I am 100% sure the www folder is owned by the group and the user is in the group. – randomKek – 2012-03-13T14:22:24.857
tried your changes, no difference, with /usr/lib/openssh/sftp-server the auth is even failing, so reverted that, group with capital G no difference either. – randomKek – 2012-03-13T14:27:26.703
Hmm... this is a good one. Yes, I do use SSHv2 and pub keys. – Carlos – 2012-03-13T14:28:25.677
Out of curiosity, as user
thomas_filetransfer, are you able to write to/var/wwwwithout sudo-ing? – Carlos – 2012-03-13T14:29:45.827Yes, the owner of /var/www is root, the group is filetransfer, the permissions are (rwxrwxr-x or 775) – randomKek – 2012-03-13T14:37:24.010
let us continue this discussion in chat
– Carlos – 2012-03-13T14:40:04.290