Topic: sftp_config options ignoring?

Hello. Just installed MySecureShell 1.2.
By the way — couldn't install it via dpkg:

gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys E328F22B; gpg --export E328F22B | sudo apt-key add -

Server might be down or something. Installed from sources.

Ok. I wanna to allow users get only their home directory, and restrict any others. Full access for root (as in usual shell).

sftp-verif:

#################################################
#        MySecureShell Verification Tool        #
#################################################


** Verifing file existance **

Verifing file existance of /bin/MySecureShell            [ OK ]
Verifing file existance of /usr/bin/sftp-who            [ OK ]
Verifing file existance of /usr/bin/sftp-kill            [ OK ]
Verifing file existance of /usr/bin/sftp-state            [ OK ]
Verifing file existance of /usr/bin/sftp-admin            [ OK ]
Verifing file existance of /usr/bin/sftp-verif            [ OK ]
Verifing file existance of /usr/bin/sftp-user            [ OK ]
Verifing file existance of /etc/ssh/sftp_config            [ OK ]

** Verifing rights **

Verifing file rights of /etc/ssh/sftp_config            [ OK ]
Verifing file rights of /usr/bin/sftp-who            [ OK ]
Verifing file rights of /usr/bin/sftp-verif            [ OK ]
Verifing file rights of /usr/bin/sftp-user            [ OK ]
Verifing file rights of /usr/bin/sftp-kill            [ OK ]
Verifing file rights of /usr/bin/sftp-state            [ OK ]
Verifing file rights of /usr/bin/sftp-admin            [ OK ]
Verifing file rights of /bin/MySecureShell            [ OK ]


** Verifing rotation logs **

MySecureShell rotation logs                    [ OK ]


** Verifing server status **

Verifing server status (ONLINE)                    [ OK ]


** Verifing server dependencies **
Show only error(s):


** Verifing server configuration **
Show only error(s):
Try user: root


** All tests dones **

sftp_config:

<Default>
        GlobalDownload          0       #total speed download for all clients
                                        # o -> bytes   k -> kilo bytes   m -> mega bytes
        GlobalUpload            0       #total speed download for all clients (0 for unlimited)
        Download                0       #limit speed download for each connection
        Upload                  0       #unlimit speed upload for each connection
        StayAtHome              true    #limit client to his home
        VirtualChroot           true    #fake a chroot to the home account
        LimitConnection         10      #max connection for the server sftp
        LimitConnectionByUser   1       #max connection for the account
        LimitConnectionByIP     2       #max connection by ip for the account
        Home                    /home/$USER     #overrite home of the user but if you want you can use
                                                #       environment variable (ie: Home /home/$USER)
        IdleTimeOut             5m      #(in second) deconnect client is idle too long time
        ResolveIP               true    #resolve ip to dns
#       IgnoreHidden            true    #treat all hidden files as if they don't exist
#       DirFakeUser             true    #Hide real file/directory owner (just change displayed permissions)
#       DirFakeMode             0400    #Hide real file/directory rights (just change displayed permissions)
                                        #Add execution right for directory if read right is set
#       HideFiles               "^(lost\+found|public_html)$"   #Hide file/directory which match
                                                                #this extented POSIX regex
        HideNoAccess            true    #Hide file/directory which user has no access
#       MaxOpenFilesForUser     20      #limit user to open x files on same time
#       MaxWriteFilesForUser    10      #limit user to x upload on same time
#       MaxReadFilesForUser     10      #limit user to x download on same time
        DefaultRights           0777 0777       #Set default rights for new file and new directory
#       MinimumRights           0400 0700       #Set minimum rights for files and dirs

#       PathDenyFilter          "^\."   #deny upload of directory/file which match this extented POSIX regex

        ShowLinksAsLinks        false   #show links as their destinations
#       ConnectionMaxLife       1d      #limits connection lifetime to 1 day

#       Charset                 "ISO-8859-15"   #set charset of computer
#       GMTTime                 +1      #set GMT Time (change if necessary)
</Default>

<User root>
        IsAdmin         true            #can admin the server
        VirtualChroot   false           #you must disable chroot to have a full support of admin
        StayAtHome      false
        IdleTimeOut     0
        Home            /root
        HideNoAccess    false
</User>

Users are connecting pretty good. But root does not have any access to sftp O_o. Shell is working for root.
There was one problem with incorrect rights to /bin/MySecureShell (error was —  could not change to work directory "/"). I fixed it and now get 'could not connect to SFTP server at "sftp://example.com/". (inputstream is closed)'

I didn't find how to restart (or it is not necessary?) MySecureShell after changing sftp_config file. Any ideas?

Thanks.
Elkin.

Re: sftp_config options ignoring?

Hi,

MySecureShell configuration is read for each new connection, so you don't need to restart MySecureShell.

Which owner/group/rights of /bin/MySecureShell ?

Re: sftp_config options ignoring?

-rwsr-xr-x 1 root root  75091 Mar 17 12:37 MySecureShell

Re: sftp_config options ignoring?

What is the content of MySecureShell log when you connect with "root" ?

Re: sftp_config options ignoring?

Where is MSS logs located?

Re: sftp_config options ignoring?

Thanks, found — /var/log/sftp-server.log
Problem was in connection sessions per user (I am using IDE, File manager and some other tools at the same time  smile )
Topic might be closed.

Re: sftp_config options ignoring?

Good news smile