Monthly Archives: August 2010

UbuntuVideoCast – sFTP server with OpenSSH

Share Button

OpenSSH is a free project of the SSH connectivity tools. Conventional applications like telnet, rlogin, and ftp sending/receiving their passwords across the Internet unencrypted. OpenSSH encrypts all traffic (including passwords). OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions. The OpenSSH suite replaces rlogin and telnet with the ssh program, rcp with scp, and ftp with sftp. Also included is sshd (the server side of the package), and the other utilities like ssh-add, ssh-agent, ssh-keysign, ssh-keyscan, ssh-keygen and sftp-server.In this article I am going to show you how to set up a sFTP Server with OpenSSH. If you don’t know if you have OpenSSH installed you can check it with the following command:


sudo dpkg -s openssh-server

this should give you an output like this one:

Package: openssh-server
Status: install ok installed
Priority: optional
Section: net
..

..

Well in case it is not installed you can use either one of this commands:

sudo tasksel

select openssh-server

orĀ  this command:

sudo apt-get install openssh-server

Now with the application being installed we can go ahead and start configuring the openssh-server. But before we are touching the configuration files we should add a group for sftp use only. Execute the following command.

sudo groupadd sftpusers

Now with that being done we go ahead and add some modifications to the main OpenSSH Server configuration file located here /etc/ssh/sshd_config. Execute the following command.


sudo nano /etc/ssh/sshd_config

first make sure that Protocol is set to 2. Version 2 of the SSH Protocol is much more secure than 1. Then go further down until you see the directive

Subsystem sftp /usr/lib/openssh/sftp-server

and change it to

Subsystem sftp internal-sftp

and to allow the members of sftpusers to use only sftp and not the ssh console we need to create a few rules on the end of the configuration file. Move all the way down and add the following files.

Match group sftpusers
ChrootDirectory /home/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

Save the changes and restart the SSH Server.

sudo /etc/init.d/ssh restart

The last few things left are creating a user account, adding it to the group for sftp and create chroot jail. To do that use the following commands.

sudo adduser
sudo adduser sftpusers
sudo chown root.root /home/
sudo usermod -d /

Now that’s it. Give it a try and play around with it everything should just work. Let me know if you have any kind of issues. Please leave either a comment or send me an email regarding your issue.

GTK-RecordmyDesktop-Bug – can’t select window to record

Share Button

If you are making use of GTK-Recordmydesktop to create screencasts for Youtube, Vimeo etc. and are not able to select/focus an application window to record as you used to than you need to apply the patch I am talking about in this video clip.

Please take a couple minutes to fill out this little survey to help me to create new issues for the future for UbuntuVideoCast.

UbuntuVideoCast: Supplemental to Backup Exec 12.5 Remote Agent

Share Button

On June 4th I blogged how to install Backup Exec 12.5 remote agent for Linux. Here is now a subsequent entry to this article.

1. When I talked about the installation of Backup Exec 12.5 remote Linux agent I talked about the installation to a 32 bit Ubuntu Linux. In the meantime I had the need to install it on a 64 bit Linux and discovered that there is not client available for 64 bit. What now? The solution is easy just install the ia32-libs. Execute the following command:

sudo apt-get install ia32-libs

and then follow the same procedure described in my Article from June 4th.

2. Again in the meantime I upgraded to Backup Exec 2010 on the Server and your backups still will work with Backup Exec 12.5 remote agent for Linux installed but posts each single time and entry in the backup log that you need to upgrade your remote agent. The answer for that is is simple as well. You can follow the exact procedure described in my Article from June 4th but use the Backup Exec 2010 CD. The files are in similar location.

I hope that was helpful to you.

1 2