WinSCP - Networking

This is a discussion on WinSCP - Networking ; Hello, i have to configure Fedora server for use with WinSCP, in a way that some user could see only his directories. i was trying to reach this functionality by creating user ../make_chroot_jail.sh newuser http://www.fuschlberger.net/programs...p-chroot-jail/ Howto Setup a chroot jail ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: WinSCP

  1. WinSCP

    Hello,

    i have to configure Fedora server for use with WinSCP,
    in a way that some user could see only his directories.

    i was trying to reach this functionality by creating user

    ../make_chroot_jail.sh newuser

    http://www.fuschlberger.net/programs...p-chroot-jail/
    Howto Setup a chroot jail for ssh / scp / sftp with Linux

    now i can connect with PuTTY, as a root and as newuser

    WinSCP is connecting well as root user or any other.

    But, if newuser is trying to connect with WinSCP,
    it gets message:

    > Cannot initialize SFTP protocol.
    > Is the host running a SFTP server?


    please, help me with thease...

    or, advice me if there is better way
    how to create user(s) which can see, with WinSCP,
    only its files and directories...
    and also, can create new files and directories,
    and can delete, edit, etc... but only in its own directory...

    thanx



  2. Re: WinSCP

    dudek wrote:

    > Hello,
    >
    > i have to configure Fedora server for use with WinSCP,
    > in a way that some user could see only his directories.
    >
    > i was trying to reach this functionality by creating user
    >
    > ./make_chroot_jail.sh newuser
    >
    > http://www.fuschlberger.net/programs...p-chroot-jail/
    > Howto Setup a chroot jail for ssh / scp / sftp with Linux
    >
    > now i can connect with PuTTY, as a root and as newuser
    >
    > WinSCP is connecting well as root user or any other.
    >
    > But, if newuser is trying to connect with WinSCP,
    > it gets message:
    >
    >> Cannot initialize SFTP protocol.
    >> Is the host running a SFTP server?

    >
    > please, help me with thease...
    >
    > or, advice me if there is better way
    > how to create user(s) which can see, with WinSCP,
    > only its files and directories...
    > and also, can create new files and directories,
    > and can delete, edit, etc... but only in its own directory...
    >
    > thanx



    Too complicated I think

    From what you are saying you just need to do

    cd /home
    ls -l

    to view info on all the rights on the user directories

    then do the

    chmod

    command on each directory so that only the users who own their directories
    can read it / modify it.

    You can do man chmod to get help on the chmod command, or google for it,
    or if you have konqueror you can enter the url man:chmod to get the help
    file.

    To debug your setup faster, if you have konqueror, you can connect to your
    own machine and other machines by typing the url fish://username@ipaddress
    or fish://username@domain_name to connect and get directory listing.

    Also your linux networking questions are best addressed to
    comp.os.linux.networking



  3. Re: WinSCP

    7 wrote:

    > dudek wrote:
    >
    >> Hello,
    >>
    >> i have to configure Fedora server for use with WinSCP,
    >> in a way that some user could see only his directories.
    >>
    >> i was trying to reach this functionality by creating user
    >>
    >> ./make_chroot_jail.sh newuser
    >>
    >> http://www.fuschlberger.net/programs...p-chroot-jail/
    >> Howto Setup a chroot jail for ssh / scp / sftp with Linux
    >>
    >> now i can connect with PuTTY, as a root and as newuser
    >>
    >> WinSCP is connecting well as root user or any other.
    >>
    >> But, if newuser is trying to connect with WinSCP,
    >> it gets message:
    >>
    >>> Cannot initialize SFTP protocol.
    >>> Is the host running a SFTP server?

    >>
    >> please, help me with thease...
    >>
    >> or, advice me if there is better way
    >> how to create user(s) which can see, with WinSCP,
    >> only its files and directories...
    >> and also, can create new files and directories,
    >> and can delete, edit, etc... but only in its own directory...
    >>
    >> thanx

    >
    >
    > Too complicated I think
    >
    > From what you are saying you just need to do
    >
    > cd /home
    > ls -l
    >
    > to view info on all the rights on the user directories
    >
    > then do the
    >
    > chmod
    >
    > command on each directory so that only the users who own their directories
    > can read it / modify it.
    >
    > You can do man chmod to get help on the chmod command, or google for it,
    > or if you have konqueror you can enter the url man:chmod to get the help
    > file.
    >
    > To debug your setup faster, if you have konqueror, you can connect to your
    > own machine and other machines by typing the url fish://username@ipaddress
    > or fish://username@domain_name to connect and get directory listing.
    >
    > Also your linux networking questions are best addressed to
    > comp.os.linux.networking



    Oh dappa! My appologies, I am seeing this post in comp.os.linux.networking!
    I had meant to click into a different newsgroup at the time I was reading
    the post and thought I was seeing it in there!!! :-)

  4. Re: WinSCP

    On Feb 10, 9:15 pm, "dudek" wrote:
    > Hello,
    >
    > i have to configure Fedora server for use with WinSCP,
    > in a way that some user could see only his directories.
    >
    > i was trying to reach this functionality by creating user
    >
    > ./make_chroot_jail.sh newuser
    >
    > http://www.fuschlberger.net/programs...p-chroot-jail/
    > Howto Setup a chroot jail for ssh / scp / sftp with Linux
    >
    > now i can connect with PuTTY, as a root and as newuser
    >
    > WinSCP is connecting well as root user or any other.
    >
    > But, if newuser is trying to connect with WinSCP,
    > it gets message:
    >
    > > Cannot initialize SFTP protocol.
    > > Is the host running a SFTP server?

    >
    > please, help me with thease...
    >
    > or, advice me if there is better way
    > how to create user(s) which can see, with WinSCP,
    > only its files and directories...
    > and also, can create new files and directories,
    > and can delete, edit, etc... but only in its own directory...
    >
    > thanx


    -You said you want your users to view there own home directories only,
    So chroot jail is the only solution you have. Because if any user just
    go up 1 level the linux permissions will permit him to dos so, And I
    think even if you changed the permissions as well. So chroot jail is
    your way right. I read before about the script you are using to do the
    task but I didn't try it my self, So I think it may need some
    modifications from you to do the task because not all the Linux
    distros like each others.
    Sound like the sftp subsystem settings in your script are not the same
    in fedora for example. Look for
    Subsystem sftp /path/to/sftp-server in sshd_config, make sure the path
    is
    right and sftp-server exists and is executable, Check what is the
    script is trying to do? And you will find that some link or path isn't
    correctly set up.
    -If you want to enable only sftp and disable ssh login to increase the
    security it's easy to do and I have a server configured this way and
    it's ok, No login with ssh and only sftp is allowed,
    Add user as usually and assign him a password. Then run the following
    command (replace the 'username' with real user name):
    usermod -s /usr/libexec/openssh/sftp-server "username"
    this user shell will be sftp-server.
    and then echo "/usr/libexec/openssh/sftp-server" >> /etc/shells
    -Now you've setup a user who can only access your server with SFTP.
    -I will try to get the script you are using and watch out what's is
    wrong there, I think it's just a broken link there.

  5. Re: WinSCP

    On Feb 11, 7:58 pm, habibielwa7id wrote:
    > On Feb 10, 9:15 pm, "dudek" wrote:
    >
    >
    >
    > > Hello,

    >
    > > i have to configure Fedora server for use with WinSCP,
    > > in a way that some user could see only his directories.

    >
    > > i was trying to reach this functionality by creating user

    >
    > > ./make_chroot_jail.sh newuser

    >
    > >http://www.fuschlberger.net/programs...p-chroot-jail/
    > > Howto Setup a chroot jail for ssh / scp / sftp with Linux

    >
    > > now i can connect with PuTTY, as a root and as newuser

    >
    > > WinSCP is connecting well as root user or any other.

    >
    > > But, if newuser is trying to connect with WinSCP,
    > > it gets message:

    >
    > > > Cannot initialize SFTP protocol.
    > > > Is the host running a SFTP server?

    >
    > > please, help me with thease...

    >
    > > or, advice me if there is better way
    > > how to create user(s) which can see, with WinSCP,
    > > only its files and directories...
    > > and also, can create new files and directories,
    > > and can delete, edit, etc... but only in its own directory...

    >
    > > thanx

    >
    > -You said you want your users to view there own home directories only,
    > So chroot jail is the only solution you have. Because if any user just
    > go up 1 level the linux permissions will permit him to dos so, And I
    > think even if you changed the permissions as well. So chroot jail is
    > your way right. I read before about the script you are using to do the
    > task but I didn't try it my self, So I think it may need some
    > modifications from you to do the task because not all the Linux
    > distros like each others.
    > Sound like the sftp subsystem settings in your script are not the same
    > in fedora for example. Look for
    > Subsystem sftp /path/to/sftp-server in sshd_config, make sure the path
    > is
    > right and sftp-server exists and is executable, Check what is the
    > script is trying to do? And you will find that some link or path isn't
    > correctly set up.
    > -If you want to enable only sftp and disable ssh login to increase the
    > security it's easy to do and I have a server configured this way and
    > it's ok, No login with ssh and only sftp is allowed,
    > Add user as usually and assign him a password. Then run the following
    > command (replace the 'username' with real user name):
    > usermod -s /usr/libexec/openssh/sftp-server "username"
    > this user shell will be sftp-server.
    > and then echo "/usr/libexec/openssh/sftp-server" >> /etc/shells
    > -Now you've setup a user who can only access your server with SFTP.
    > -I will try to get the script you are using and watch out what's is
    > wrong there, I think it's just a broken link there.


    -Ok man I got it. It's very simple. I tried the script on fedora 8.
    It's agood work. it will enable you to use ssh to login but not sftp
    as winscp told you. To enable sftp also, you will have to remove
    "Defaults requiretty" from the /etc/sudoers on your Fedora system. And
    it will enable you to login using sftp beside ssh.
    Regards,

+ Reply to Thread