Tag Archives: ftp

Brute-Force attacks for securitychecks in your network with Medusa

Share Button

It’s a good practise to questioning the security of your home network¬† and even more critical for you company network. The most obvious are weak passwords that ease the unauthorized access to systems and data for Hackers (to be more precisely: Cracker) and intruders. That could damage the systems, data or miss use of the system to damage or infiltrate of other systems. As examples are Administrative access to Databases, E-Mail Servers or other critical infrastructures. Read more

UbuntuVideoCast – sFTP server with OpenSSH

Share Button

OpenSSH is a free project of the SSH connectivity tools. Conventional applications like telnet, rlogin, and ftp sending/receiving their passwords across the Internet unencrypted. OpenSSH encrypts all traffic (including passwords). OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions. The OpenSSH suite replaces rlogin and telnet with the ssh program, rcp with scp, and ftp with sftp. Also included is sshd (the server side of the package), and the other utilities like ssh-add, ssh-agent, ssh-keysign, ssh-keyscan, ssh-keygen and sftp-server.In this article I am going to show you how to set up a sFTP Server with OpenSSH. If you don’t know if you have OpenSSH installed you can check it with the following command:

sudo dpkg -s openssh-server

this should give you an output like this one:

Package: openssh-server
Status: install ok installed
Priority: optional
Section: net


Well in case it is not installed you can use either one of this commands:

sudo tasksel

select openssh-server

or  this command:

sudo apt-get install openssh-server

Now with the application being installed we can go ahead and start configuring the openssh-server. But before we are touching the configuration files we should add a group for sftp use only. Execute the following command.

sudo groupadd sftpusers

Now with that being done we go ahead and add some modifications to the main OpenSSH Server configuration file located here /etc/ssh/sshd_config. Execute the following command.

sudo nano /etc/ssh/sshd_config

first make sure that Protocol is set to 2. Version 2 of the SSH Protocol is much more secure than 1. Then go further down until you see the directive

Subsystem sftp /usr/lib/openssh/sftp-server

and change it to

Subsystem sftp internal-sftp

and to allow the members of sftpusers to use only sftp and not the ssh console we need to create a few rules on the end of the configuration file. Move all the way down and add the following files.

Match group sftpusers
ChrootDirectory /home/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

Save the changes and restart the SSH Server.

sudo /etc/init.d/ssh restart

The last few things left are creating a user account, adding it to the group for sftp and create chroot jail. To do that use the following commands.

sudo adduser
sudo adduser sftpusers
sudo chown root.root /home/
sudo usermod -d /

Now that’s it. Give it a try and play around with it everything should just work. Let me know if you have any kind of issues. Please leave either a comment or send me an email regarding your issue.