Loading ...
Sorry, an error occurred while loading the content.

Re: [nslu2-general] Any experience with chroot jail for SFTP with unslung6?

Expand Messages
  • Marcel Nijenhof
    ... It is. ... I just upgraded the package scponly to version 4.6 to make such a setup. After that i made a working setup for chrooted scp and sftp.
    Message 1 of 12 , Feb 20, 2007
    View Source
    • 0 Attachment
      On Mon, 2007-02-19 at 21:44 +0000, steve_pegg wrote:
      >
      > SCP works fine to root but I can't get chroot jail to work despite
      > many attempts! I have installed Openssh but can't find OpenSSH sftp
      > server -assume it is included in latest version.

      It is.

      > Also libz.so.1 wasn't there so I copied and renamed libz.so.1.2.3!
      > Files that should have been in /usr/bin were in opt/usr/bin! Any help
      > would be appreciated, I followed the basic instructions at
      > http://www.nslu2-linux.org/wiki/HowTo/ChrootJailForSFTP, I think!!!

      I just upgraded the package "scponly" to version 4.6 to make such
      a setup. After that i made a working setup for chrooted scp and sftp.

      Unfortunately i haven't found time to write a script for easy setup
      and document everything.

      But my setup:
      1) Pacakges:
      scponly - 4.6-1
      openssh - 4.3p2-6 (There is a new version but i tested
      this version)
      2) Account:
      scponly:<pass>:2001:501:scponly test:/home/root//scponly:/opt/sbin/scponlyc
      3) Files under /home/root:
      drwxr-xr-x 8 root root 4096 Feb 17 07:29 .
      drwxr-xr-x 2 root root 4096 Feb 17 07:20 ./bin
      -rwxr-xr-x 9 root root 198156 Feb 12 10:10 ./bin/chgrp
      -rwxr-xr-x 9 root root 198156 Feb 12 10:10 ./bin/chmod
      -rwxr-xr-x 9 root root 198156 Feb 12 10:10 ./bin/chown
      -rwxr-xr-x 9 root root 198156 Feb 12 10:10 ./bin/ln
      -rwxr-xr-x 9 root root 198156 Feb 12 10:10 ./bin/ls
      -rwxr-xr-x 9 root root 198156 Feb 12 10:10 ./bin/mkdir
      -rwxr-xr-x 9 root root 198156 Feb 12 10:10 ./bin/mv
      -rwxr-xr-x 9 root root 198156 Feb 12 10:10 ./bin/rm
      -rwxr-xr-x 9 root root 198156 Feb 12 10:10 ./bin/rmdir
      drwxr-xr-x 2 root root 4096 Feb 12 10:28 ./dev
      crw-rw-rw- 1 root root 1, 3 Feb 12 10:28 ./dev/null
      drwxr-xr-x 2 root root 4096 Feb 17 07:21 ./etc
      -rw-r--r-- 1 root root 25 Feb 12 10:13 ./etc/group
      -rw-r--r-- 1 root root 6458 Feb 12 10:12 ./etc/ld.so.cache
      -rw-r--r-- 1 root root 9 Feb 12 10:12 ./etc/ld.so.conf
      -rw-r--r-- 1 root root 53 Feb 12 10:14 ./etc/passwd
      drwxr-xr-x 2 root root 4096 Feb 17 07:21 ./lib
      -rwxr-xr-x 1 root root 84656 Feb 12 10:12 ./lib/ld-linux.so.2
      -rwxr-xr-x 1 root root 1089648 Feb 12 10:12 ./lib/libc.so.6
      -rwxr-xr-x 1 root root 25557 Feb 12 10:28 ./lib/libcrypt.so.1
      -rwxr-xr-x 1 root root 8692 Feb 12 10:17 ./lib/libdl.so.2
      -rwxr-xr-x 1 root root 476224 Feb 12 10:12 ./lib/libm.so.6
      -rwxr-xr-x 1 root root 71572 Feb 12 10:17 ./lib/libnsl.so.1
      -rwxr-xr-x 1 root root 36880 Feb 17 07:21 ./lib/libnss_files.so.2
      -rwxr-xr-x 1 root root 57900 Feb 12 10:17 ./lib/libresolv.so.2
      -rwxr-xr-x 1 root root 7676 Feb 12 10:17 ./lib/libutil.so.1
      lrwxrwxrwx 1 root root 3 Feb 17 07:29 ./opt -> usr
      drwxr-xr-x 3 scponly everyone 4096 Feb 17 07:22 ./scponly
      drwxr-xr-x 2 scponly everyone 4096 Feb 17 07:14 ./scponly/.ssh
      -rw------- 1 scponly everyone 1841 Feb 17 07:14 ./scponly/.ssh/authorized_keys
      drwxr-xr-x 5 root root 4096 Feb 12 10:18 ./usr
      drwxr-xr-x 2 root root 4096 Feb 12 10:15 ./usr/bin
      -rwxr-xr-x 1 root root 295584 Feb 12 10:15 ./usr/bin/rsync
      -rwxr-xr-x 1 root root 47048 Feb 12 10:15 ./usr/bin/scp
      drwxr-xr-x 2 root root 4096 Feb 12 10:17 ./usr/lib
      -rw-r--r-- 1 root root 989600 Feb 12 10:17 ./usr/lib/libcrypto.so.0.9.7
      lrwxrwxrwx 1 root root 13 Feb 12 10:17 ./usr/lib/libz.so -> libz.so.1.2.3
      -rw-r--r-- 1 root root 67764 Feb 12 10:17 ./usr/lib/libz.so.1.2.3
      drwxr-xr-x 3 root root 4096 Feb 17 07:32 ./usr/libexec
      drwxr-xr-x 2 root root 4096 Feb 17 07:32 ./usr/libexec/openssh
      -rwxr-xr-x 1 root root 34720 Feb 12 10:19 ./usr/libexec/openssh/sftp-server

      I hope to find time to create a script that creates the files and then
      document this in the wiki. Until that time you have to use the above lists
      of files.

      --
      marceln
    • steve pegg
      Thanks Marcel, I m new to linux so may need to wait for your script! I have unslung to a 1gb flash drive on disk2 and the problem maybe related to issues
      Message 2 of 12 , Feb 21, 2007
      View Source
      • 0 Attachment
        Thanks Marcel, I'm new to linux so may need to wait for your script!
        I have unslung to a 1gb flash drive on disk2 and the problem maybe
        related to issues with Openssh. I followed Openssh instructions to
        letter but can only access with passwords and not keys! Get server
        refused our key when I attempt access using putty.exe from WinXP
        machine. .ssh and authorized_key permissions are okay 700 and 600
        respectively. Strangely the sshd-config file has all lines commented!
        Is this normal? When I set PasswordAuthentication to no and uncomment I
        can't access again until I reverse the settings via telnet. I'm out of
        ideas to try next. Any help would be appreciated.

        Regards

        Steve










        --- In nslu2-general@yahoogroups.com, Marcel Nijenhof <nslu2@...> wrote:
        >
        > On Mon, 2007-02-19 at 21:44 +0000, steve_pegg wrote:
        > >
        > > SCP works fine to root but I can't get chroot jail to work despite
        > > many attempts! I have installed Openssh but can't find OpenSSH sftp
        > > server -assume it is included in latest version.
        >
        > It is.
        >
        > > Also libz.so.1 wasn't there so I copied and renamed libz.so.1.2.3!
        > > Files that should have been in /usr/bin were in opt/usr/bin! Any
        help
        > > would be appreciated, I followed the basic instructions at
        > > http://www.nslu2-linux.org/wiki/HowTo/ChrootJailForSFTP, I think!!!
        >
        > I just upgraded the package "scponly" to version 4.6 to make such
        > a setup. After that i made a working setup for chrooted scp and sftp.
        >
        > Unfortunately i haven't found time to write a script for easy setup
        > and document everything.
        >
        > But my setup:
        > 1) Pacakges:
        > scponly - 4.6-1
        > openssh - 4.3p2-6 (There is a new version but i tested
        > this version)
        > 2) Account:
        > scponly:<pass>:2001:501:scponly
        test:/home/root//scponly:/opt/sbin/scponlyc
        > 3) Files under /home/root:
        > drwxr-xr-x 8 root root 4096 Feb 17 07:29 .
        > drwxr-xr-x 2 root root 4096 Feb 17 07:20 ./bin
        > -rwxr-xr-x 9 root root 198156 Feb 12 10:10 ./bin/chgrp
        > -rwxr-xr-x 9 root root 198156 Feb 12 10:10 ./bin/chmod
        > -rwxr-xr-x 9 root root 198156 Feb 12 10:10 ./bin/chown
        > -rwxr-xr-x 9 root root 198156 Feb 12 10:10 ./bin/ln
        > -rwxr-xr-x 9 root root 198156 Feb 12 10:10 ./bin/ls
        > -rwxr-xr-x 9 root root 198156 Feb 12 10:10 ./bin/mkdir
        > -rwxr-xr-x 9 root root 198156 Feb 12 10:10 ./bin/mv
        > -rwxr-xr-x 9 root root 198156 Feb 12 10:10 ./bin/rm
        > -rwxr-xr-x 9 root root 198156 Feb 12 10:10 ./bin/rmdir
        > drwxr-xr-x 2 root root 4096 Feb 12 10:28 ./dev
        > crw-rw-rw- 1 root root 1, 3 Feb 12 10:28 ./dev/null
        > drwxr-xr-x 2 root root 4096 Feb 17 07:21 ./etc
        > -rw-r--r-- 1 root root 25 Feb 12 10:13 ./etc/group
        > -rw-r--r-- 1 root root 6458 Feb 12 10:12 ./etc/ld.so.cache
        > -rw-r--r-- 1 root root 9 Feb 12 10:12 ./etc/ld.so.conf
        > -rw-r--r-- 1 root root 53 Feb 12 10:14 ./etc/passwd
        > drwxr-xr-x 2 root root 4096 Feb 17 07:21 ./lib
        > -rwxr-xr-x 1 root root 84656 Feb 12 10:12 ./lib/ld-linux.so.2
        > -rwxr-xr-x 1 root root 1089648 Feb 12 10:12 ./lib/libc.so.6
        > -rwxr-xr-x 1 root root 25557 Feb 12 10:28 ./lib/libcrypt.so.1
        > -rwxr-xr-x 1 root root 8692 Feb 12 10:17 ./lib/libdl.so.2
        > -rwxr-xr-x 1 root root 476224 Feb 12 10:12 ./lib/libm.so.6
        > -rwxr-xr-x 1 root root 71572 Feb 12 10:17 ./lib/libnsl.so.1
        > -rwxr-xr-x 1 root root 36880 Feb 17 07:21 ./lib/libnss_files.so.2
        > -rwxr-xr-x 1 root root 57900 Feb 12 10:17 ./lib/libresolv.so.2
        > -rwxr-xr-x 1 root root 7676 Feb 12 10:17 ./lib/libutil.so.1
        > lrwxrwxrwx 1 root root 3 Feb 17 07:29 ./opt -> usr
        > drwxr-xr-x 3 scponly everyone 4096 Feb 17 07:22 ./scponly
        > drwxr-xr-x 2 scponly everyone 4096 Feb 17 07:14 ./scponly/.ssh
        > -rw------- 1 scponly everyone 1841 Feb 17 07:14
        ./scponly/.ssh/authorized_keys
        > drwxr-xr-x 5 root root 4096 Feb 12 10:18 ./usr
        > drwxr-xr-x 2 root root 4096 Feb 12 10:15 ./usr/bin
        > -rwxr-xr-x 1 root root 295584 Feb 12 10:15 ./usr/bin/rsync
        > -rwxr-xr-x 1 root root 47048 Feb 12 10:15 ./usr/bin/scp
        > drwxr-xr-x 2 root root 4096 Feb 12 10:17 ./usr/lib
        > -rw-r--r-- 1 root root 989600 Feb 12 10:17
        ./usr/lib/libcrypto.so.0.9.7
        > lrwxrwxrwx 1 root root 13 Feb 12 10:17 ./usr/lib/libz.so ->
        libz.so.1.2.3
        > -rw-r--r-- 1 root root 67764 Feb 12 10:17 ./usr/lib/libz.so.1.2.3
        > drwxr-xr-x 3 root root 4096 Feb 17 07:32 ./usr/libexec
        > drwxr-xr-x 2 root root 4096 Feb 17 07:32 ./usr/libexec/openssh
        > -rwxr-xr-x 1 root root 34720 Feb 12 10:19
        ./usr/libexec/openssh/sftp-server
        >
        > I hope to find time to create a script that creates the files and then
        > document this in the wiki. Until that time you have to use the above
        lists
        > of files.
        >
        > --
        > marceln
        >
      • Robert Hammond
        In message , steve pegg writes ... I have slightly different settings to yours, not too sure why but they work.
        Message 3 of 12 , Feb 21, 2007
        View Source
        • 0 Attachment
          In message <eri7me+jluc@...>, steve pegg <SJP700@...>
          writes
          >
          >Thanks Marcel, I'm new to linux so may need to wait for your script!
          >I have unslung to a 1gb flash drive on disk2 and the problem maybe
          >related to issues with Openssh. I followed Openssh instructions to
          >letter but can only access with passwords and not keys! Get server
          >refused our key when I attempt access using putty.exe from WinXP
          >machine. .ssh and authorized_key permissions are okay 700 and 600
          >respectively. Strangely the sshd-config file has all lines commented!
          >Is this normal? When I set PasswordAuthentication to no and uncomment I
          >can't access again until I reverse the settings via telnet. I'm out of
          >ideas to try next. Any help would be appreciated.
          >
          I have slightly different settings to yours, not too sure why but they
          work.

          Firstly my authorized_key permissions are set to 644, I will change
          mine to 600 to see if it makes any difference.

          Also

          My sshd-config file has two lines without comments :-

          PasswordAuthentication no

          Subsystem sftp /opt/libexec/sftp-server


          Perhaps there is something wrong with your Putty setup??




          --
          Robert Hammond
          PGP:0x154144DA
        • Marcel Nijenhof
          ... The chrooted setup should work with passwords as well as keys. ... Is the login directory protected as well! Could you test the local usage of keys. ...
          Message 4 of 12 , Feb 21, 2007
          View Source
          • 0 Attachment
            On Wed, 2007-02-21 at 19:48 +0000, steve pegg wrote:
            > I followed Openssh instructions to letter but can only access with
            > passwords and not keys!

            The chrooted setup should work with passwords as well as keys.

            > Get server refused our key when I attempt access using putty.exe from
            > WinXP machine. .ssh and authorized_key permissions are okay 700 and
            > 600 respectively.

            Is the login directory protected as well!

            Could you test the local usage of keys.

            A example:
            > $ ssh localhost
            < socket: Address family not supported by protocol
            < The authenticity of host 'localhost (127.0.0.1)' can't be established.
            < RSA key fingerprint is 8d:52:50:12:f8:7d:72:51:20:5a:71:28:d7:3b:fe:c4.
            < Are you sure you want to continue connecting (yes/no)? yes
            < Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
            < marceln@localhost's password:
            <
            < Welcome to Unslung V2.3R63-uNSLUng-6.8-beta
            <
            < ---------- NOTE: THIS SYSTEM IS CURRENTLY UNSLUNG ----------
            > $ exit
            < logout
            < Connection to localhost closed.
            > $ ssh-keygen
            < Generating public/private rsa key pair.
            < Enter file in which to save the key (/home/marceln/.ssh/id_rsa):
            < Enter passphrase (empty for no passphrase):
            < Enter same passphrase again:
            < Your identification has been saved in /home/marceln/.ssh/id_rsa.
            < Your public key has been saved in /home/marceln/.ssh/id_rsa.pub.
            < The key fingerprint is:
            < 17:33:d2:20:1e:fb:07:2a:d8:93:2e:79:27:23:cd:f0 marceln@paard
            <
            > $ cat .ssh/id_rsa.pub >>.ssh/authorized_keys
            > $ ssh localhost
            < socket: Address family not supported by protocol
            <
            < Welcome to Unslung V2.3R63-uNSLUng-6.8-beta
            <
            < ---------- NOTE: THIS SYSTEM IS CURRENTLY UNSLUNG ----------
            > $ logout

            In this way we can check if key authorization on the local system
            works.

            --
            marceln
          • steve pegg hotmail
            Thanks Robert, on closer inspection I see the sftp server line is also uncommented. I tried 644 but, still didn t work. In desperation I deleted the .ssh
            Message 5 of 12 , Feb 22, 2007
            View Source
            • 0 Attachment
              Thanks Robert, on closer inspection I see the sftp server line is also uncommented. I tried 644 but, still didn't work. In desperation I deleted the .ssh directory and built again from telnet and this time it works -at last! I can't spot the difference but it works. Last time I accessed root using WinSCP and made some changes in this environment, is that a problem? Moving on to my real aim access by selected users to restricted home directory using authentication /encription. I have installed Proftpd and configured the proftpd-conf file and configured for SSL/TLS -made error with email address hope won't cause problem. Signed server key etc. However, when I try to access using WinSCP set to SFTP and enter user name and password I get authentication failed! I'm new to sftp, does it use a public key like openssh? what is the certificate all about? What does the client need to get access other than the username/password? Any help would be appreciated.

              Thanks
              Steve



              ----- Original Message -----
              From: Robert Hammond
              To: nslu2-general@yahoogroups.com
              Sent: Wednesday, February 21, 2007 9:10 PM
              Subject: Re: [nslu2-general] Re: Any experience with chroot jail for SFTP with unslung6?


              In message <eri7me+jluc@...>, steve pegg <SJP700@...>
              writes
              >
              >Thanks Marcel, I'm new to linux so may need to wait for your script!
              >I have unslung to a 1gb flash drive on disk2 and the problem maybe
              >related to issues with Openssh. I followed Openssh instructions to
              >letter but can only access with passwords and not keys! Get server
              >refused our key when I attempt access using putty.exe from WinXP
              >machine. .ssh and authorized_key permissions are okay 700 and 600
              >respectively. Strangely the sshd-config file has all lines commented!
              >Is this normal? When I set PasswordAuthentication to no and uncomment I
              >can't access again until I reverse the settings via telnet. I'm out of
              >ideas to try next. Any help would be appreciated.
              >
              I have slightly different settings to yours, not too sure why but they
              work.

              Firstly my authorized_key permissions are set to 644, I will change
              mine to 600 to see if it makes any difference.

              Also

              My sshd-config file has two lines without comments :-

              PasswordAuthentication no

              Subsystem sftp /opt/libexec/sftp-server

              Perhaps there is something wrong with your Putty setup??

              --
              Robert Hammond
              PGP:0x154144DA




              [Non-text portions of this message have been removed]
            • Robert Hammond
              In message , steve pegg hotmail writes ... I think that you may be getting confused between
              Message 6 of 12 , Feb 22, 2007
              View Source
              • 0 Attachment
                In message <BAY102-DAV16FE192132666FC55842DA918F0@...>, steve pegg
                hotmail <SJP700@...> writes
                >Thanks Robert, on closer inspection I see the sftp server line is also
                >uncommented. I tried 644 but, still didn't work. In desperation I
                >deleted the .ssh directory and built again from telnet and this time it
                >works -at last! I can't spot the difference but it works. Last time I
                >accessed root using WinSCP and made some changes in this environment,
                >is that a problem? Moving on to my real aim access by selected users
                >to restricted home directory using authentication /encription. I have
                >installed Proftpd and configured the proftpd-conf file and configured
                >for SSL/TLS -made error with email address hope won't cause problem.
                >Signed server key etc. However, when I try to access using WinSCP set
                >to SFTP and enter user name and password I get authentication failed!
                >I'm new to sftp, does it use a public key like openssh? what is the
                >certificate all about? What does the client need to get access other
                >than the username/password? Any help would be appreciated.
                >
                I think that you may be getting confused between FTP/SSL and SFTP (also
                there is FTPS).

                Proftpd can be configured for FTP/SSL i.e. is an FTP server that can be
                configured to encript it's data transmissions using SSL. There are a
                number of Windows clients that support this such as smartftp and I think
                WsFTP. Note that Proftpd does not support Implicit mode i.e. called
                FTPS, (FTPS also uses SSL but there is a difference between this and
                FTP/SSL, all very confusing).
                For just up and down loading files this works just fine.

                SFTP is different, FTP over SSH, it's just another way of encrypting
                the data transfer. Most Windows users use Putty and WinSCP as clients.
                It's an ideal program combination for configuring the NSLU2.




                .


                --
                Robert Hammond
                PGP:0x154144DA
              • steve pegg hotmail
                Robert, Thank you for your explanation, as you say easy to get confused. If I can get the Chroot jail for SFTP to work that s probably my best bet. Meanwhile
                Message 7 of 12 , Feb 23, 2007
                View Source
                • 0 Attachment
                  Robert, Thank you for your explanation, as you say easy to get confused. If I can get the Chroot jail for SFTP to work that's probably my best bet. Meanwhile I'd like to get Proftpd working. I assume that it will work alongside Openssh (SFTP)? I have CoreFTP lite, which is free, which according to your guidance should be a suitable client for Proftpd. Tried with AUTH SSL ticked but it wouldn't connect; got following message "Can't establish connection --> 192.168.1.77:21 @ Fri Feb 23 19:43:16 2007 (10054-38). An existing connection was forcibly closed by the remote host. Any thoughts. I have set TLSRequired on and TLSVerifyClient off and just entered username and password. The username was set via the linksys web gui and have also tried adding /::/share/flash/data/steve to /etc/passwd file. Contrary, to comments in the guide these changes remain after reboot without doing anything!! Should I also create /home/steve? Any help would be appreciated.

                  Regards
                  Steve








                  ----- Original Message -----
                  From: Robert Hammond
                  To: nslu2-general@yahoogroups.com
                  Sent: Thursday, February 22, 2007 9:05 PM
                  Subject: Re: [nslu2-general] Re: Any experience with chroot jail for SFTP with unslung6?


                  In message <BAY102-DAV16FE192132666FC55842DA918F0@...>, steve pegg
                  hotmail <SJP700@...> writes
                  >Thanks Robert, on closer inspection I see the sftp server line is also
                  >uncommented. I tried 644 but, still didn't work. In desperation I
                  >deleted the .ssh directory and built again from telnet and this time it
                  >works -at last! I can't spot the difference but it works. Last time I
                  >accessed root using WinSCP and made some changes in this environment,
                  >is that a problem? Moving on to my real aim access by selected users
                  >to restricted home directory using authentication /encription. I have
                  >installed Proftpd and configured the proftpd-conf file and configured
                  >for SSL/TLS -made error with email address hope won't cause problem.
                  >Signed server key etc. However, when I try to access using WinSCP set
                  >to SFTP and enter user name and password I get authentication failed!
                  >I'm new to sftp, does it use a public key like openssh? what is the
                  >certificate all about? What does the client need to get access other
                  >than the username/password? Any help would be appreciated.
                  >
                  I think that you may be getting confused between FTP/SSL and SFTP (also
                  there is FTPS).

                  Proftpd can be configured for FTP/SSL i.e. is an FTP server that can be
                  configured to encript it's data transmissions using SSL. There are a
                  number of Windows clients that support this such as smartftp and I think
                  WsFTP. Note that Proftpd does not support Implicit mode i.e. called
                  FTPS, (FTPS also uses SSL but there is a difference between this and
                  FTP/SSL, all very confusing).
                  For just up and down loading files this works just fine.

                  SFTP is different, FTP over SSH, it's just another way of encrypting
                  the data transfer. Most Windows users use Putty and WinSCP as clients.
                  It's an ideal program combination for configuring the NSLU2.

                  .

                  --
                  Robert Hammond
                  PGP:0x154144DA




                  [Non-text portions of this message have been removed]
                • Robert Hammond
                  In message , steve pegg hotmail writes ... Suggest that you first set TLSRequired to off and
                  Message 8 of 12 , Feb 23, 2007
                  View Source
                  • 0 Attachment
                    In message <BAY144-DAV962F0016943F41BB4E4A5918E0@...>, steve pegg
                    hotmail <SJP700@...> writes
                    >Robert, Thank you for your explanation, as you say easy to get
                    >confused. If I can get the Chroot jail for SFTP to work that's
                    >probably my best bet. Meanwhile I'd like to get Proftpd working. I
                    >assume that it will work alongside Openssh (SFTP)? I have CoreFTP
                    >lite, which is free, which according to your guidance should be a
                    >suitable client for Proftpd. Tried with AUTH SSL ticked but it
                    >wouldn't connect; got following message "Can't establish connection -->
                    >192.168.1.77:21 @ Fri Feb 23 19:43:16 2007 (10054-38). An existing
                    >connection was forcibly closed by the remote host. Any thoughts. I
                    >have set TLSRequired on and TLSVerifyClient off and just entered
                    >username and password. The username was set via the linksys web gui
                    >and have also tried adding /::/share/flash/data/steve to /etc/passwd
                    >file. Contrary, to comments in the guide these changes remain after
                    >reboot without doing anything!! Should I also create /home/steve? Any
                    >help would be appreciated.
                    >
                    Suggest that you first set TLSRequired to off and make sure you can
                    connect using standard insecure FTP.

                    If this works then enable the encription. Proftpd saves connection log
                    attempts I think in folder /opt/var/proftpd/. Checking these logs may
                    give a clue to the problem that you are seeing.
                    --
                    Robert Hammond
                    PGP:0x154144DA
                  • steve pegg
                    Robert, Thanks for your suggestions, finally got it working. Don t like to be defeated so will try again with chroot jail for SFTP. Do you know if it is
                    Message 9 of 12 , Feb 24, 2007
                    View Source
                    • 0 Attachment
                      Robert,
                      Thanks for your suggestions, finally got it working.
                      Don't like to be defeated so will try again with chroot jail for
                      SFTP. Do you know if it is possible to set up a secure ftp client
                      using normal windows web browser, ftp equivalent of https?

                      Thanks again
                      Steve

                      --- In nslu2-general@yahoogroups.com, Robert Hammond
                      <rob.hammond@...> wrote:
                      >
                      > In message <BAY144-DAV962F0016943F41BB4E4A5918E0@...>, steve pegg
                      > hotmail <SJP700@...> writes
                      > >Robert, Thank you for your explanation, as you say easy to get
                      > >confused. If I can get the Chroot jail for SFTP to work that's
                      > >probably my best bet. Meanwhile I'd like to get Proftpd working.
                      I
                      > >assume that it will work alongside Openssh (SFTP)? I have
                      CoreFTP
                      > >lite, which is free, which according to your guidance should be a
                      > >suitable client for Proftpd. Tried with AUTH SSL ticked but it
                      > >wouldn't connect; got following message "Can't establish
                      connection -->
                      > >192.168.1.77:21 @ Fri Feb 23 19:43:16 2007 (10054-38). An
                      existing
                      > >connection was forcibly closed by the remote host. Any
                      thoughts. I
                      > >have set TLSRequired on and TLSVerifyClient off and just entered
                      > >username and password. The username was set via the linksys web
                      gui
                      > >and have also tried adding /::/share/flash/data/steve
                      to /etc/passwd
                      > >file. Contrary, to comments in the guide these changes remain
                      after
                      > >reboot without doing anything!! Should I also
                      create /home/steve? Any
                      > >help would be appreciated.
                      > >
                      > Suggest that you first set TLSRequired to off and make sure you can
                      > connect using standard insecure FTP.
                      >
                      > If this works then enable the encription. Proftpd saves
                      connection log
                      > attempts I think in folder /opt/var/proftpd/. Checking these logs
                      may
                      > give a clue to the problem that you are seeing.
                      > --
                      > Robert Hammond
                      > PGP:0x154144DA
                      >
                    • un11imig
                      Anyone know if does this way to create a Jail Chroot works?. http://www.nslu2-linux.org/wiki/HowTo/ChrootJailForSFTP Not for me. Thanks!
                      Message 10 of 12 , Mar 9, 2007
                      View Source
                      • 0 Attachment
                        Anyone know if does this way to create a Jail Chroot works?.
                        http://www.nslu2-linux.org/wiki/HowTo/ChrootJailForSFTP
                        Not for me.

                        Thanks!
                      • Marcel Nijenhof
                        ... Use scponly : http://tech.groups.yahoo.com/group/nslu2-general/message/6003 -- marceln
                        Message 11 of 12 , Mar 9, 2007
                        View Source
                        • 0 Attachment
                          On Fri, 2007-03-09 at 13:51 +0000, un11imig wrote:
                          > Anyone know if does this way to create a Jail Chroot works?.
                          > http://www.nslu2-linux.org/wiki/HowTo/ChrootJailForSFTP
                          > Not for me.

                          Use "scponly":
                          http://tech.groups.yahoo.com/group/nslu2-general/message/6003

                          --
                          marceln
                        Your message has been successfully submitted and would be delivered to recipients shortly.