sftp - can't figure it out!
Karl Auer
kauer at biplane.com.au
Thu Aug 23 16:51:29 UTC 2018
I am baffled.
On an sftp server that I am setting up, the following is true:
I have a group "sftp_users".
I have a user "fred" whose primary group is "sftp_users". fred's shell
is /sbin/nologin.fred's home directory is /upload (the user will be
chrooted, see below).
In /etc/sshd_config I have these lines:
Subsystem sftp internal-sftp
Match Group sftp_users
ChrootDirectory /mnt/efs/sftp/%u
ForceCommand internal-sftp
Also, password authentication is disabled.
I have a directory /mnt/efs/sftp/fred. In that directory are two
subdirectories .ssh and upload. Both are owned by fred:sftp_users. Both
have permissions 655. I tried 700 on .ssh, made no difference.
.ssh contains a file "authorized_keys" with the public part of a newly
minted ssh key pair in it. The file has permissions 644.
On my own PC, as the user kauer, I have the private part of the key
pair in my .ssh directory, permissions 600, called "fred" (the contents
of "fred.pub" are in authorized_keys on the sftp server).
This command, executed as user kauer on my PC, fails to connect, saying
"Permission denied (publickey).":
sftp -i /home/kauer/.ssh/fred fred at sftpserver
/var/log/secure on the sftp server just shows an entry like "Connection
closed by 1.2.3.4 port 41020 [preauth]". That IP address is mine on the
client system.
Running sftp with debug turned up on the client shows it "Offering RSA
public key: /home/kauer/.ssh/fred" which is odd as that file is not a
public key. It then runs through the other keys in my .ssh directory,
before finally saying "permission denied".
Anyway, any ideas welcome, as I am completely baffled at this point. I
think it should work :-) but it clearly doesn't.
Regards, K
PS: The directory tree I am using:
[root at wherever fred]# ls -laR /mnt
/mnt:
total 12
drwxr-xr-x 3 root root 4096 Aug 23 11:16 .
dr-xr-xr-x 25 root root 4096 Aug 23 12:01 ..
drwxr-xr-x 3 root root 6144 Aug 23 16:39 efs
/mnt/efs:
total 12
drwxr-xr-x 3 root root 6144 Aug 23 16:39 .
drwxr-xr-x 3 root root 4096 Aug 23 11:16 ..
drwxr-xr-x 3 root root 6144 Aug 23 11:28 sftp
/mnt/efs/sftp:
total 12
drwxr-xr-x 3 root root 6144 Aug 23 11:28 .
drwxr-xr-x 3 root root 6144 Aug 23 16:39 ..
drwxr-xr-x 4 root sftp_users 6144 Aug 23 16:01 fred
/mnt/efs/sftp/fred:
total 16
drwxr-xr-x 4 root sftp_users 6144 Aug 23 16:01 .
drwxr-xr-x 3 root root 6144 Aug 23 11:28 ..
drwx------ 2 fred sftp_users 6144 Aug 23 15:42 .ssh
drwxr-xr-x 2 fred sftp_users 6144 Aug 23 15:23 upload
/mnt/efs/sftp/fred/.ssh:
total 12
drwx------ 2 fred sftp_users 6144 Aug 23 15:42 .
drwxr-xr-x 4 root sftp_users 6144 Aug 23 16:01 ..
-rw-r--r-- 1 fred sftp_users 388 Aug 23 15:42 authorized_keys
/mnt/efs/sftp/fred/upload:
total 8
drwxr-xr-x 2 fred sftp_users 6144 Aug 23 15:23 .
drwxr-xr-x 4 root sftp_users 6144 Aug 23 16:01 ..
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)
http://www.biplane.com.au/kauer
http://twitter.com/kauer389
GPG fingerprint: A0CD 28F0 10BE FC21 C57C 67C1 19A6 83A4 9B0B 1D75
Old fingerprint: A52E F6B9 708B 51C4 85E6 1634 0571 ADF9 3C1C 6A3A
More information about the ubuntu-users
mailing list