How to start sftp and add user name and password?

[macunkie]

So I'v successfully got Apache2 installed and Wordpress installed.
Wordpress is asking for updates and upon attempting to update it is asking for :
HostName:
Ftp UserName:
Ftp Password:

I've gogled pure-ftp and sftp which is supposed to be installed on Fedora 17. I just have no idea how to start it and set up a userame and password.

Thanks for any advice ,

Samuel

[smr54]

My notes, from a RedHat server, which also involved upgrading SSH. Not sure how much of it applies to Fedora, but...

Create an sftponly group

groupadd sftponly
One oddity of this (I'm not sure if it's a RH thing or sftp thing) is that all directories being used for this must be owned by root. The home directory also has to be owned by root, and should have 755 permissions. The user will be added as a system user with no shell.

cd /home
mkdir myuser
useradd -g sftponly -s /sbin/nologin myuser
Make sure the directory has 755 permissions

ls -ld /home/myuser
You'll see a message that the home directory exists and no files from skel will be used.

You should see

drwxr-xr-x 3 root root 4096 Dec 9 14:04 /home/myuser/
Give the user a password

passwd myuser
(Date and time will obviously be different).

If it's to be read-only, this is sufficient. The user will be able to use sftp to login and download files. If the user also has to write, you have to create another directory within the home directory, and give it permissions. This directory should also be owned by root.

cd /home/myuser
mkdir -m 777 mystuff
Now, the myuser account can sftp to the server, and if they want to upload files, they can do so by going into the mystuff directory and putting their files there.

WARNING

As the ssh port is a favorite attack vector, it is strongly recommended that if opening this to the outside, one changes the default ssh port from 22 to something else, preferably something above 1023. To do this, once again edit the sshd_config file, find the commented line that reads

#Port 22
Change the 22 to the desired port and uncomment the line. Then, once again using tmux first, restart sshd. You might get locked out anyway, as it will now be on a different port, but you can always go back in after its restarted, run tmux a to reattach to the session and then log out.

Untested on Fedora---tmux is an application like screen, and useful for remote administration. See http://home.roadrunner.com/~computer...creentmux.html

Note that these notes are a couple of years old by now, so not sure how much still applies.

[macunkie]

Quote:

Originally Posted by smr54

My notes, from a RedHat server, which also involved upgrading SSH. Not sure how much of it applies to Fedora, but...

Create an sftponly group

groupadd sftponly
One oddity of this (I'm not sure if it's a RH thing or sftp thing) is that all directories being used for this must be owned by root. The home directory also has to be owned by root, and should have 755 permissions. The user will be added as a system user with no shell.

cd /home
mkdir myuser
useradd -g sftponly -s /sbin/nologin myuser
Make sure the directory has 755 permissions

ls -ld /home/myuser
You'll see a message that the home directory exists and no files from skel will be used.

You should see

drwxr-xr-x 3 root root 4096 Dec 9 14:04 /home/myuser/
Give the user a password

passwd myuser
(Date and time will obviously be different).

If it's to be read-only, this is sufficient. The user will be able to use sftp to login and download files. If the user also has to write, you have to create another directory within the home directory, and give it permissions. This directory should also be owned by root.

cd /home/myuser
mkdir -m 777 mystuff
Now, the myuser account can sftp to the server, and if they want to upload files, they can do so by going into the mystuff directory and putting their files there.

WARNING

As the ssh port is a favorite attack vector, it is strongly recommended that if opening this to the outside, one changes the default ssh port from 22 to something else, preferably something above 1023. To do this, once again edit the sshd_config file, find the commented line that reads

#Port 22
Change the 22 to the desired port and uncomment the line. Then, once again using tmux first, restart sshd. You might get locked out anyway, as it will now be on a different port, but you can always go back in after its restarted, run tmux a to reattach to the session and then log out.

Untested on Fedora---tmux is an application like screen, and useful for remote administration. See http://home.roadrunner.com/~computer...creentmux.html

Note that these notes are a couple of years old by now, so not sure how much still applies.

Thank you, I've followed all the instructions and applied them. For now I can't find the conf file for sftp and when I issued from my promtp : # sftp start I got the following output:

Quote:

# sftp start
ssh: connect to host start port 22: Connection timed out
Couldn't read packet: Connection reset by peer
[root@macunkie etc]#

Thanks you,

SAmuel

[smr54]

sftp is configured in /etc/ssh/sshd_config

http://www.howtoforge.com/restrictin...ebian-squeeze\

is for Debian, but might be useful.

[macunkie]

Quote:

Originally Posted by smr54

sftp is configured in /etc/ssh/sshd_config

http://www.howtoforge.com/restrictin...ebian-squeeze\

is for Debian, but might be useful.

Your link was broken:

Well I i found ssh) config and have no idea what is correct for my system in terms of configuring.
I installed vstpd, configure and it wont't start up.
I guess I'll go back to attempting Pure-ftp.

With sftp. I'm not sure how to starte it. I tried "service start sftp" and nothing and when I issue # strart sftp I get th following output

Quote:

sftp start
ssh: connect to host start port 21: Connection timed out
Couldn't read packet: Connection reset by peer

On my Mac OSX I'm using a ftp servier (can't rememer the name off hand that has a nice GUI interface to set things up. So far getting a ftp server set up and working is my hardest task in linux.

[smr54]

Sorry, remove the \ at the end and it should work

http://www.howtoforge.com/restrictin...debian-squeeze

[macunkie]

Quote:

Originally Posted by smr54

Sorry, remove the \ at the end and it should work

http://www.howtoforge.com/restrictin...debian-squeeze

Hey smr54,

I'm starting from scratch trying to apply your set up instructions only changing group name and user dir name to my likeing and attempting to set things up using ProFtpd. Just counld'nt get sftp to start. I attempted ProFtpd before with no luck, but with your help on config stuff and other google sources I'm determined to get an ftp server running on my Fedora environment.

Question: in your intial instructions you quoated :

Quote:

You should see

drwxr-xr-x 3 root root 4096 Dec 9 14:04 /home/myuser/
Give the user a password

When I "l -ls" my home directory the user I added "myftp" shows the following out put for "ls -l":

Quote:

drwxrwxr-x. 2 root root 4096 Jul 1 08:19 myftp

I did chmod the directory to 775, but I was noticing that there is a 2 preceeding my group and owner as opposed to your "ls -l" listing of drwxr-xr-x 3. I noticed my permissions look a bit different as well.
Does my setup look ok to you so far ?

Thanks again for all your help,

Samuel.

[smr54]

Oops, it looks like meant 755 rather than 775. The 5 means group can read and exec, a 7 means full permissions. The 2 or 3 just means number of links.

Remember sftp is connected with ssh, not with ftp.

[macunkie]

Quote:

Originally Posted by smr54

Oops, it looks like meant 755 rather than 775. The 5 means group can read and exec, a 7 means full permissions. The 2 or 3 just means number of links.

Remember sftp is connected with ssh, not with ftp.

Thanks you for the right "755" !!

Still no luck with getting proftp started : my output now reads:

Quote:

Redirecting to /bin/systemctl proftpd start.service
Unknown operation proftpd

I conntacted some wordpress support and see if there is a way to config updates without having to enter "ftp" info. I'm just running on localhost and have no plans for anyone ever having to usilize ftp besides me. I have it all set up on my Mac OS , but I'm trying to lean on Fedora none the less.

Samuel.

[smr54]

I have no idea about proftpd--haven't used it in years. My own preference is for pure-ftpd, but RH and Fedora's standard is vsftpd.

Again--keep in mind that it has no connection with sftp.

Though it looks as if proftpd wasn't installed through the rpm from what you're writing there--the syntax should be

systemctl start proftpd.service

[macunkie]

Quote:

Originally Posted by smr54

I have no idea about proftpd--haven't used it in years. My own preference is for pure-ftpd, but RH and Fedora's standard is vsftpd.

Again--keep in mind that it has no connection with sftp.

Though it looks as if proftpd wasn't installed through the rpm from what you're writing there--the syntax should be

systemctl start proftpd.service

So I've Moved on to VSftpd an followd a guide here: http://ask.fedoraproject.org/questio...-vsftpd-config

once again issuing either systemctl start vsftpd.service OR sevice vsftpd start gives me the same error when trying to start ANY ftp server on Fedore 17

Quote:

Starting vsftpd (via systemctl): Job failed. See system journal and 'systemctl status' for details.

It's so frustrating ... there is no successful and documentation on how to setup and configure any ftp server for Fedora 17. Everything is bits and pieces of posts from users attempting to run a particular ftp server on Fedora. I've successfull got Apache, and Tomcat running on my Fedora Environment, but so far a ftp server is my bridge I have yet to cross. I know there is a way so I'll keep trying.

Samuel.

[smr54]

It might be selinux. You can temporarily disable it with

setenforce 0

I glanced through that article, and it seems to cover most things that you can run into but I've not set up vsftpd in a long time either.