What should I do to access the whole server via SFTP?

0

I just setup the server with Debian and trying to access /var/www directory by Notepad++ via SFTP. But there are very few folders accessible.

It looks like SFTP has the access just to those few directories.

I tried to follow to this guide but I didn't succeed (at least I wasn't able to restart the SSHD with the command service sshd restart (I've got 'sshd: unrecognized service' message).

My sshd_config file is the following:

# Package generated configuration file
# See the sshd_config(5) manpage for details

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

#Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem       sftp    internal-sftp

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

Any thoughts?

Roman Matveev

Posted 2014-02-24T11:15:49.397

Reputation: 155

Which user account are trying to connect with? You're possibly using www-data, so you'll only reach /var/www/ . – vautee – 2014-02-24T11:18:22.663

@vautee, I'm trying to connect with root user. Currently I need only to access this (/var/www) folder – Roman Matveev – 2014-02-24T11:20:04.273

Can you show us your sshd_config file. Also to restart your service use 'service ssh restart'. The command you use 'service sshd restart' is for RedHat type systems not debian. – Matthew Williams – 2014-02-24T11:22:15.640

You're sure cd /var/www didn't work? By default, you're in your home directory (/root in this case). – Daniel B – 2014-02-24T11:22:49.460

you should never access the whjole server with a protocol like ftp sftp or scp but only to the file of your user. It could be considered as a major security leak. – Kiwy – 2014-02-24T11:40:06.960

There's nothing wrong with using SFTP for this. There's no point in artificially restricting it when regular SSH access is unrestricted. – Daniel B – 2014-02-24T11:52:17.600

@MatthewWilliams I edited my OT to provide sshd_config file contents. However please note that I made some edit in accordance to the tutor I specified in the OT. – Roman Matveev – 2014-02-24T11:58:59.767

@DanielB, this work! But in the shell. I can not acces this dir via SFTP – Roman Matveev – 2014-02-24T12:00:41.007

@RomanMatveev | Have you specified some rules for internal-sftp since I am not seeing it on here. – Matthew Williams – 2014-02-24T12:05:10.523

What happens when you do cd /var/www in an SFTP session? Please update your question to contain the exact response. – Daniel B – 2014-02-24T12:07:29.550

@DanielB sorry but it looks like I'm too unskilled to make this clarification: I can only to do cd /var/www in shell where it works as intended or I can run a IDE such as Notepad++ or NetBeans and check all the folders accessible. – Roman Matveev – 2014-02-24T12:14:02.590

@MatthewWilliams I didn't specified any additional rules. The file was created during system installation I only changed the Subsystem line – Roman Matveev – 2014-02-24T12:15:38.113

@RomanMatveev | Go back to your guide and read step 4 again. Obviously changing requirements to include Match User root and change the directory. Then see if it works. Right now you aren't specifying who has access to what, so your system won't know what to do with the connection. – Matthew Williams – 2014-02-24T12:17:49.013

@MatthewWilliams, Oh f... you're right. I missed this thing as I supposed that as I'm configuring the system to be accessible only by one user (root in my case) I skipped this point. I feel that I'm digging a huge hole in the server security - that's correct? – Roman Matveev – 2014-02-24T12:22:49.437

Well as a rule I don't access a system via sftp/ftp or ssh with a root user. Instead create a user for each task and use sudo where required. But there is nothing wrong with accessing a system via sftp. Just avoid using ftp for the job. – Matthew Williams – 2014-02-24T12:25:29.147

@MatthewWilliams could you please point me into the right reading upon the topic? – Roman Matveev – 2014-02-24T12:37:33.447

@RomanMatveev | Well what exactly do you want to read up on. Google searches will find most things you need. I started with the exact guide you posted and learned from that point on. SFTP by it's nature is secure, so just don't use a root user and there shouldn't be an issue. – Matthew Williams – 2014-02-24T12:49:21.450

@MatthewWilliams probably there are any good tutors/books for the topic "Debian for dummies" or something for beginners that you could recommend? Anyway I'd like to thank you for all the information you've shared! :) – Roman Matveev – 2014-02-24T13:09:18.273

let us continue this discussion in chat

– Matthew Williams – 2014-02-24T13:49:21.450

I just find out that there is an option to use webmin to administrate linux OS. It's weird that nobody suggested me that. Hope that I'm on the right way... – Roman Matveev – 2014-02-24T19:09:24.543

No answers

Asked: 2014-02-24T11:15:49.397

Viewed: 188 times

Active: 2014-02-24T11:57:52.277