It’s a good practise to questioning the security of your home network and even more critical for you company network. The most obvious are weak passwords that ease the unauthorized access to systems and data for Hackers (to be more precisely: Cracker) and intruders. That could damage the systems, data or miss use of the system to damage or infiltrate of other systems. As examples are Administrative access to Databases, E-Mail Servers or other critical infrastructures. Read more
Tag Archives: ftp
OpenSSH is a free project of the SSH connectivity tools. Conventional applications like telnet, rlogin, and ftp sending/receiving their passwords across the Internet unencrypted. OpenSSH encrypts all traffic (including passwords). OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions. The OpenSSH suite replaces rlogin and telnet with the ssh program, rcp with scp, and ftp with sftp. Also included is sshd (the server side of the package), and the other utilities like ssh-add, ssh-agent, ssh-keysign, ssh-keyscan, ssh-keygen and sftp-server.In this article I am going to show you how to set up a sFTP Server with OpenSSH. If you don’t know if you have OpenSSH installed you can check it with the following command:
sudo dpkg -s openssh-server
this should give you an output like this one:
Status: install ok installed
Well in case it is not installed you can use either one of this commands:
or this command:
sudo apt-get install openssh-server
Now with the application being installed we can go ahead and start configuring the openssh-server. But before we are touching the configuration files we should add a group for sftp use only. Execute the following command.
sudo groupadd sftpusers
Now with that being done we go ahead and add some modifications to the main OpenSSH Server configuration file located here /etc/ssh/sshd_config. Execute the following command.
sudo nano /etc/ssh/sshd_config
first make sure that Protocol is set to 2. Version 2 of the SSH Protocol is much more secure than 1. Then go further down until you see the directive
Subsystem sftp /usr/lib/openssh/sftp-server
and change it to
Subsystem sftp internal-sftp
and to allow the members of sftpusers to use only sftp and not the ssh console we need to create a few rules on the end of the configuration file. Move all the way down and add the following files.
Match group sftpusers
Save the changes and restart the SSH Server.
sudo /etc/init.d/ssh restart
The last few things left are creating a user account, adding it to the group for sftp and create chroot jail. To do that use the following commands.
sudo adduser sftpusers
sudo chown root.root /home/
sudo usermod -d /
Now that’s it. Give it a try and play around with it everything should just work. Let me know if you have any kind of issues. Please leave either a comment or send me an email regarding your issue.