http://vpsbible.com/forums/topic/add-new-user-who-can-only-use-sftp Setup Unmanaged VPS for Linux Noobs! en-US Fri, 10 Feb 2012 03:46:04 +0000 http://bbpress.org/?v=1.0.2 q http://vpsbible.com/forums/search.php http://vpsbible.com/forums/topic/add-new-user-who-can-only-use-sftp#post-1569 Sun, 10 Oct 2010 09:57:42 +0000 the_guv 1569@http://vpsbible.com/forums/ <p>possible issues Geoffrey:-</p> <p>- FZ user the same as dir owner<br /> - .. perms shouldn't matter in this case (well, above 600 should be OK, else, say 660 to log in as other user)<br /> - SSH setup with FZ, linking to key?</p> <p>the key can be fiddly .. I would setup new keys, test with terminal, then FZ. </p> http://vpsbible.com/forums/topic/add-new-user-who-can-only-use-sftp#post-1561 Fri, 08 Oct 2010 06:41:18 +0000 Geoffrey Eggins 1561@http://vpsbible.com/forums/ <p>Can anyone provide me with any leads ? </p> http://vpsbible.com/forums/topic/add-new-user-who-can-only-use-sftp#post-1487 Mon, 20 Sep 2010 08:32:44 +0000 Geoffrey Eggins 1487@http://vpsbible.com/forums/ <p>I think it may have something to do with the ownership of the directories above the directory I am trying to get the new user jailed into. </p> <p>In following your tutorial for setting up the VPS, I have a public_html folder which is owned by the user I created in the tutorial. I am wanting to jail the user to a sites folder that is created inside the public_html folder. </p> <p>In short. I want the user to be able to ftp into the /home/public_html/theirsite.com/ folder. </p> <p>How can I do this with the setup I have followed through your other tuts thus far? </p> http://vpsbible.com/forums/topic/add-new-user-who-can-only-use-sftp#post-1481 Sun, 19 Sep 2010 15:18:08 +0000 Geoffrey Eggins 1481@http://vpsbible.com/forums/ <p>Hi Guv, Finally had a chance to look into this again. I am still having trouble logging in with sftp in filezilla after following your steps. I am getting "Authentication Failed" messages when trying to login with filezilla. The user exists. I have tried changing the password. I have double checked the filezilla configuration and it should be working but isn't. Any other ideas? I want to give them access to a portion of the public_html directory I created in your tutorials but "jail" them into a specific part of it. </p> http://vpsbible.com/forums/topic/add-new-user-who-can-only-use-sftp#post-1425 Fri, 03 Sep 2010 11:30:02 +0000 the_guv 1425@http://vpsbible.com/forums/ <p>hey Andy .. I don't think the OS version is so relevant, but of course te version of OpenSSH is .. but a simple update &amp;&amp; upgrade would sort that ..</p> <p>what's the workaround?! </p> http://vpsbible.com/forums/topic/add-new-user-who-can-only-use-sftp#post-1424 Thu, 02 Sep 2010 20:40:49 +0000 Anonymous 1424@http://vpsbible.com/forums/ <p>Done some further reading around this and it seems like Ubuntu 8.04 LTS might not have the ability to do this. Are your instructions for 10.04 LTS Guv?</p> <p>Damn OpenSSH_4.7p1 is all that is in 8.04 LTS and there is no easy way to jail users but I have a basic workaround if anyone needs it. </p> http://vpsbible.com/forums/topic/add-new-user-who-can-only-use-sftp#post-1423 Thu, 02 Sep 2010 19:17:26 +0000 Anonymous 1423@http://vpsbible.com/forums/ <p>Well I managed to undo the changes via root using the emergency console and am back in. If I work out the issue I will post back. </p> http://vpsbible.com/forums/topic/add-new-user-who-can-only-use-sftp#post-1422 Thu, 02 Sep 2010 16:44:17 +0000 Anonymous 1422@http://vpsbible.com/forums/ <p>I restarted the server and now can't get ANY SFTP access :( </p> http://vpsbible.com/forums/topic/add-new-user-who-can-only-use-sftp#post-1421 Thu, 02 Sep 2010 15:47:11 +0000 Anonymous 1421@http://vpsbible.com/forums/ <p>Hey all.</p> <p>I have only just got around to testing this and it looks like it is EXACTLY what I need but when trying to connect via a terminal using sftp <a href="mailto:someguy@123.45.67.890">someguy@123.45.67.890</a> I am getting the same error as above:<br /> <code><br /> Permission denied (publickey,password).<br /> Couldn't read packet: Connection reset by peer<br /> </code><br /> Any ideas? </p> http://vpsbible.com/forums/topic/add-new-user-who-can-only-use-sftp#post-1344 Tue, 10 Aug 2010 21:01:42 +0000 the_guv 1344@http://vpsbible.com/forums/ <p>hey Benja .. a second vps is always an added way to learn, sure.</p> <p>re scripts .. there are two variants for LEMP now, with and without the authentication keys. The latter is for noobs worried about not getting the keys right, the former is being used to death by webmasters round here who wanna be lazy.</p> <p>Use the latter and you cannot get locked out.</p> <p>(Sorry m8 .. I know this is an old thread, ruddy crazy week.) </p> http://vpsbible.com/forums/topic/add-new-user-who-can-only-use-sftp#post-1310 Tue, 03 Aug 2010 22:17:22 +0000 Benja 1310@http://vpsbible.com/forums/ <p>@the_guv,</p> <p>Thanks, many! Thing is i am still shying away from this stackscripts thingies! I tried them once and couldn't work stuff out with the CLI access. May be i should get another IP address or something. Have u any set-up on the same IP and accessed easily?</p> <p>Oh, other noob zombies need to have access to perform simple upgrades via WP dashboard and the like for domains set-up on a VPS.</p> <p>Cheers </p> http://vpsbible.com/forums/topic/add-new-user-who-can-only-use-sftp#post-1282 Sun, 01 Aug 2010 18:05:27 +0000 the_guv 1282@http://vpsbible.com/forums/ <p>hey Benja ..</p> <p>"can't update any of the plugin and theme thingies"</p> <p>check out the WP stackscripts .. there's a section in there called:-</p> <p>"WP Upgrades and Plugin Installs Assistance"</p> <p>.. that's your friend :)</p> <p>"can i give some other noob limited backend (WP) access to the server."</p> <p>.. yes but tell me, to do what? advice varies depending on requirement. </p> http://vpsbible.com/forums/topic/add-new-user-who-can-only-use-sftp#post-1253 Wed, 28 Jul 2010 23:49:26 +0000 Benja 1253@http://vpsbible.com/forums/ <p>@the_guv,</p> <p>Somehow i guess i had too much beer to work out what this SFTP is quite about. Thing is when i get to my wordPress admin backend, i can't update any of the plugin and theme thingies i guess due to server access setting somewhere in the configurations. I just can't work out where that is for now.</p> <p>Secondly, in a fashion similar to above, can i give some other noob limited backend (WP) access to the server.</p> <p>Cheers for now. </p> http://vpsbible.com/forums/topic/add-new-user-who-can-only-use-sftp#post-1144 Thu, 15 Jul 2010 14:04:41 +0000 the_guv 1144@http://vpsbible.com/forums/ <p>you definitely using SFTP settings in Filezilla? </p> http://vpsbible.com/forums/topic/add-new-user-who-can-only-use-sftp#post-1134 Tue, 13 Jul 2010 13:10:33 +0000 Geoffrey Eggins 1134@http://vpsbible.com/forums/ <p>The latest on this though is a new problem. I am getting authentication issues with the new user and getting this message "Permission denied (publickey,password)." Is there some more I need to do to be able to use filezilla to be able to login as this user at the specified directory? </p> http://vpsbible.com/forums/topic/add-new-user-who-can-only-use-sftp#post-1133 Tue, 13 Jul 2010 13:06:45 +0000 Geoffrey Eggins 1133@http://vpsbible.com/forums/ <p>Sorry Guv. Spelling error was getting connection timeouts... "Group" is not the same as "Groun" </p> http://vpsbible.com/forums/topic/add-new-user-who-can-only-use-sftp#post-1132 Tue, 13 Jul 2010 12:47:51 +0000 Geoffrey Eggins 1132@http://vpsbible.com/forums/ <p>Hi Guv,<br /> I tried this and get connection timeout errors on my connection attempts to all my ftp accounts. Even the one I had working previously from following your tuts. Any ideas why? </p> http://vpsbible.com/forums/topic/add-new-user-who-can-only-use-sftp#post-1110 Fri, 02 Jul 2010 21:42:34 +0000 the_guv 1110@http://vpsbible.com/forums/ <p>hey Andy .. best thing is to jail them with an openSSH tool.</p> <p>nano /etc/ssh/sshd_config</p> <p>.. Swap:-<br /> "Subsystem sftp /usr/lib/openssh/sftp-server"</p> <p>for</p> <p>Subsystem sftp internal-sftp</p> <p>Add this to END of file:-</p> <p>Match group sftpgroup<br /> AllowTcpForwarding no<br /> ChrootDirectory /home/%u<br /> ForceCommand internal-sftp<br /> X11Forwarding no</p> <p>Save and close. </p> <p>Create the group "sftpgroup" </p> <p>groupadd sftpgroup</p> <p>Create your user, add to group and <strong>change ownership of user home dir to root</strong></p> <p>adduser somebloke<br /> adduser somebloke sftpgroup<br /> chown root:root /home/somebloke</p> <p>Now somebloke can in with an SFTP client of via a terminal using something like:-</p> <p>sftp -oPort=54321 <a href="mailto:someguy@123.45.67.890">someguy@123.45.67.890</a></p> <p>.. where 54321 is your custom ssh port .. or drop "-oPort=54321" is port is 22</p> <p># and there is you chrooty-tut for the day, Andy-chap :) </p> http://vpsbible.com/forums/topic/add-new-user-who-can-only-use-sftp#post-1103 Fri, 02 Jul 2010 12:29:26 +0000 Anonymous 1103@http://vpsbible.com/forums/ <p>Hi all</p> <p>Can anyone give me some detailed instructions on how to add a new user and for them to be only use SFTP (not ssh) and only be allowed access (r+w) in a particular direcotry (public_html)?</p> <p>Am using Ubuntu and Nginx</p> <p>Thanks </p>