Search Results for: ftp

Introduction In a previous article we demonstrated the process involved in configuring a chrooted sftp account on a Linux system. Although the process is fairly straightforward you might face issues during the setup if you do not follow the steps exactly to the tee or if you are consulting multiple sources. In this article, we’ll describe three common troubleshooting scenarios due to which your chrooted sftp configuration might fail. Scenario 1: Incorrect ownership and permissions: A chrooted setup demands that the user home directory must be owned by root. Let us consider the user we tested in our previous article. The user name was sahil for which the chrooted home directory was /chroots/sahil/ and the directory accessible to the user as it’s home directory was /chroots/sahil/myhome. For the setup to work correctly the directory /chroots/sahil/ should be root owned.  In case the owner of the chrooted home directory is the user itself as shown below then the setup will not work: [root@linuxnix ~]# ls -ld /chroots/sahil/ drwxr-xr-x. 3 sahil root 4096 Jul 19 22:42 /chroots/sahil/ [root@linuxnix ~]# If we try to login as the user sahil using sftp we face the following error: [root@linuxnix ~]# sftp sahil@linuxnix Connecting to linuxnix... sahil@linuxnix's password: Write failed: Broken pipe Couldn't read packet: Connection reset by peer [root@linuxnix ~]# If we take a look at the /var/log/secure file we’ll find the following error message...

Introduction In one of our previous articles, we demonstrated how to setup an ftp server using vsftpd on a Linux system. FTP is a great way to transfer data between systems but it is not very secure since the data being transferred is not encrypted and therefore exposed to hacking attempts. SFTP is a secure form of the FTP program wherein the entire user session including typing in the password to login to the system is in encrypted. Another useful facet of the SFTP program from an administrators’ perspective is that it is included with the openssh package which is generally installed by default on most UNIX systems. Also, since SFTP is based on SSH it works on port 22 so we do not need to open ports 20 and 21 required by FTP. To add another layer of security restriction upon our SFTP setup, in this article we will explain how to setup chrooted SFTP accounts. A chrooted SFTP account will not allow the user to access any file or directory outside it’s own home directory which is extremely helpful when we want to prevent users from accessing and modifying each other’s files. Steps to configure chrooted SFTP user account: For the purpose of this demonstration, we will use an RHEL 6.8 system as our SFTP server and we will set up a user named ‘sahil’ as our chrooted...