Install And Configure SFTP issue with configuration

harshp05 · June 15, 2020, 7:09pm

Hello,

I am facing issues with configuring the SFTP.

Sometimes I get the issue with incorrect Match condition or with the connection lost with same set of commands?

Can anyone please help me?

harshp05 · June 15, 2020, 7:10pm

@Tej-Singh-Rana

Any idea that? I saw you had similar issues.

harshp05 · June 15, 2020, 7:13pm

Create a group

sudo groupadd sftpg

Create a user to that group

sudo useradd -g sftpg harshuser
sudo passwd harshuser

Make a path for the access of the Service

sudo mkdir -p /data/harshuser/upload
sudo chown -R root.sftpg /data/harshuser
sudo chown -R harshuser.sftpg /data/harshuser/upload

Make the path (vi) for the SFTP in /etc/ssh/sshd_config

Set chrootdirectory

Match Group sftpg
ChrootDirectory /data/%u
ForceCommand internal-sftp

Restart the service
sudo systemctl restart sshd

I configured with a group and without group.
In all the cases, got different errors. (Match condition / Connection lost)

I had the same task before but I passed with the above steps.

@Inderpreet @Tej-Singh-Rana

Goldenor · June 15, 2020, 10:50pm

The chown cmd could cause prb when u try to connect with sftp

harshp05 · June 15, 2020, 11:02pm

It is giving issue with match. I think it has to do with ssh_config.

@Goldenor. I did tried without chown command. It did not work.

Goldenor · June 15, 2020, 11:18pm

The subsystem may also cause the prb

Subsystem sftp internal-sftp

harshp05 · June 16, 2020, 2:32am

if I do that, then it gives the same Match error but instead of Match it states Subsystem

Lakshmi · June 16, 2020, 3:00am

@harshp05

Do you have the screenshot of the task…

harshp05 · June 16, 2020, 5:57am

Some of the developers from Nautilus project team have asked for SFTP access to at least one of the app server in Stratos DC . After going through the requirements system admins team has decided to configure SFTP server on App Server 2 server in Stratos Datacenter . Please configure it as per below given instructions:

a. Create an SFTP user james and set its password to 8FmzjvFU6S .

b. Password authentication should be enabled for this user.

c. Set its ChrootDirectory to /var/www/appdata .

d. SFTP user should only be allowed to make SFTP connections.

steps done -
[root@stapp02 steve]# sudo groupadd sftpg
[root@stapp02 steve]# sudo useradd -g sftpg james
[root@stapp02 steve]# sudo passwd james
Changing password for user james.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@stapp02 steve]# sudo mkdir -p /var/www/appdata
[root@stapp02 steve]# sudo chown -R root.sftpg /var/www
[root@stapp02 steve]# sudo chown -R james.sftpg /var/www/appdata
[root@stapp02 steve]# vi /etc/ssh/sshd_config

Match Group sftpg
ChrootDirectory /var/www/appdata/%u
ForceCommand internal-sftp

[root@stapp02 steve]# sudo systemctl restart sshd
[root@stapp02 steve]# sftp [email protected]
Unsupported Match attribute Group
/etc/ssh/ssh_config line 70: Bad Match condition
Couldn’t read packet: Connection reset by peer

Second type of error -

packet_write_wait: Connection to 172.16.238.11 port 22: Broken pipe
Couldn’t read packet: Connection reset by peer

Goldenor · June 16, 2020, 8:50am

Yeah you that line already you have to edit it and what’s next cames into it “like a content of subsystem”
Check the section 3 of that link, if it gaves you an error print it to me

Tej-Singh-Rana · June 16, 2020, 11:41am

With group okay and without group also okay.

Tej-Singh-Rana · June 16, 2020, 11:45am

Can you share log details? /var/log/secure or /var/log/audit?

Tej-Singh-Rana · June 16, 2020, 11:46am

Why you are using dot(.) with chown. You have to use ‘:’ instead of ‘.’

Lakshmi · June 16, 2020, 3:28pm

@harshp05

Create user as asked and in sshd_config, write
Match User james
PasswordAuthentication yes (as per b. Password authentication should be enabled for this user.)
ChrootDirectory /var/www/appdata
ForceCommand internal-sftp

harshp05 · June 16, 2020, 10:05pm

Thank you @Goldenor @Tej-Singh-Rana @Lakshmi

The issue was the path. When I provided a full path to the sudo chown -R for root and for the user, it worked fine

selvag · August 22, 2020, 4:11pm

Below steps worked for me .

useradd kareem

passwd kareem

mkdir -p /var/www/webapp

chown kareem:kareem /var/www/webapp

chown root:root /var/www

chmod -R 755 /var/www

chmod -R 755 /var/www/webapp

chown -R kareem /var/www/webapp

chown -R root /var/www/webapp

chown -R root /var/www/

chmod -R 755 /var/www/

vi /etc/ssh/sshd_config


override default of no subsystems

#Subsystem  sftp/usr/libexec/openssh/sftp-server

Subsystem   sftpinternal-sftp

# Example of overriding settings on a per-user basis

#Match User anoncvs

Match User kareem

ForceCommand internal-sftp

PasswordAuthentication yes

ChrootDirectory /var/www/webapp

PermitTunnel no

AllowAgentForwarding no

AllowTcpForwarding no

X11Forwarding no

systemctl restart sshd

sftp kareem@localhost

ssh kareem@stapp02

rs-droid · January 14, 2021, 1:48pm

because it works both ways

Talk-With-Yusufzai · February 20, 2024, 12:54pm

Same steps with these commands
adduser rose
2 passwd rose
3 vi /etc/ssh/sshd_config
4 groupid ftp
5 id ftp
6 usermod -aG rose ftp
7 id rose
8 id ftp
9 systemctl restart sshd
10 systemctl status sshd
11 qqq
12 groups ftp
13 sftp rose@localhost
14 ssh rose@localhost
15 history