Topic: sftp_config options ignoring?
Hello. Just installed MySecureShell 1.2.
By the way — couldn't install it via dpkg:
gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys E328F22B; gpg --export E328F22B | sudo apt-key add -
Server might be down or something. Installed from sources.
Ok. I wanna to allow users get only their home directory, and restrict any others. Full access for root (as in usual shell).
sftp-verif:
#################################################
# MySecureShell Verification Tool #
#################################################** Verifing file existance **
Verifing file existance of /bin/MySecureShell [ OK ]
Verifing file existance of /usr/bin/sftp-who [ OK ]
Verifing file existance of /usr/bin/sftp-kill [ OK ]
Verifing file existance of /usr/bin/sftp-state [ OK ]
Verifing file existance of /usr/bin/sftp-admin [ OK ]
Verifing file existance of /usr/bin/sftp-verif [ OK ]
Verifing file existance of /usr/bin/sftp-user [ OK ]
Verifing file existance of /etc/ssh/sftp_config [ OK ]** Verifing rights **
Verifing file rights of /etc/ssh/sftp_config [ OK ]
Verifing file rights of /usr/bin/sftp-who [ OK ]
Verifing file rights of /usr/bin/sftp-verif [ OK ]
Verifing file rights of /usr/bin/sftp-user [ OK ]
Verifing file rights of /usr/bin/sftp-kill [ OK ]
Verifing file rights of /usr/bin/sftp-state [ OK ]
Verifing file rights of /usr/bin/sftp-admin [ OK ]
Verifing file rights of /bin/MySecureShell [ OK ]** Verifing rotation logs **
MySecureShell rotation logs [ OK ]
** Verifing server status **
Verifing server status (ONLINE) [ OK ]
** Verifing server dependencies **
Show only error(s):** Verifing server configuration **
Show only error(s):
Try user: root** All tests dones **
sftp_config:
<Default>
GlobalDownload 0 #total speed download for all clients
# o -> bytes k -> kilo bytes m -> mega bytes
GlobalUpload 0 #total speed download for all clients (0 for unlimited)
Download 0 #limit speed download for each connection
Upload 0 #unlimit speed upload for each connection
StayAtHome true #limit client to his home
VirtualChroot true #fake a chroot to the home account
LimitConnection 10 #max connection for the server sftp
LimitConnectionByUser 1 #max connection for the account
LimitConnectionByIP 2 #max connection by ip for the account
Home /home/$USER #overrite home of the user but if you want you can use
# environment variable (ie: Home /home/$USER)
IdleTimeOut 5m #(in second) deconnect client is idle too long time
ResolveIP true #resolve ip to dns
# IgnoreHidden true #treat all hidden files as if they don't exist
# DirFakeUser true #Hide real file/directory owner (just change displayed permissions)
# DirFakeMode 0400 #Hide real file/directory rights (just change displayed permissions)
#Add execution right for directory if read right is set
# HideFiles "^(lost\+found|public_html)$" #Hide file/directory which match
#this extented POSIX regex
HideNoAccess true #Hide file/directory which user has no access
# MaxOpenFilesForUser 20 #limit user to open x files on same time
# MaxWriteFilesForUser 10 #limit user to x upload on same time
# MaxReadFilesForUser 10 #limit user to x download on same time
DefaultRights 0777 0777 #Set default rights for new file and new directory
# MinimumRights 0400 0700 #Set minimum rights for files and dirs# PathDenyFilter "^\." #deny upload of directory/file which match this extented POSIX regex
ShowLinksAsLinks false #show links as their destinations
# ConnectionMaxLife 1d #limits connection lifetime to 1 day# Charset "ISO-8859-15" #set charset of computer
# GMTTime +1 #set GMT Time (change if necessary)
</Default><User root>
IsAdmin true #can admin the server
VirtualChroot false #you must disable chroot to have a full support of admin
StayAtHome false
IdleTimeOut 0
Home /root
HideNoAccess false
</User>
Users are connecting pretty good. But root does not have any access to sftp O_o. Shell is working for root.
There was one problem with incorrect rights to /bin/MySecureShell (error was — could not change to work directory "/"). I fixed it and now get 'could not connect to SFTP server at "sftp://example.com/". (inputstream is closed)'
I didn't find how to restart (or it is not necessary?) MySecureShell after changing sftp_config file. Any ideas?
Thanks.
Elkin.