WinSCP

Hello,

i have to configure Fedora server for use with WinSCP,
in a way that some user could see only his directories.

i was trying to reach this functionality by creating user

../make_chroot_jail.sh newuser

http://www.fuschlberger.net/programs...p-chroot-jail/
Howto Setup a chroot jail for ssh / scp / sftp with Linux

now i can connect with PuTTY, as a root and as newuser

WinSCP is connecting well as root user or any other.

But, if newuser is trying to connect with WinSCP,
it gets message:

> Cannot initialize SFTP protocol.
> Is the host running a SFTP server?

please, help me with thease...

or, advice me if there is better way
how to create user(s) which can see, with WinSCP,
only its files and directories...
and also, can create new files and directories,
and can delete, edit, etc... but only in its own directory...

thanx




dudek

dudek wrote:

> Hello,
>
> i have to configure Fedora server for use with WinSCP,
> in a way that some user could see only his directories.
>
> i was trying to reach this functionality by creating user
>
> ./make_chroot_jail.sh newuser
>
> http://www.fuschlberger.net/programs...p-chroot-jail/
> Howto Setup a chroot jail for ssh / scp / sftp with Linux
>
> now i can connect with PuTTY, as a root and as newuser
>
> WinSCP is connecting well as root user or any other.
>
> But, if newuser is trying to connect with WinSCP,
> it gets message:
>
>> Cannot initialize SFTP protocol.
>> Is the host running a SFTP server?
>
> please, help me with thease...
>
> or, advice me if there is better way
> how to create user(s) which can see, with WinSCP,
> only its files and directories...
> and also, can create new files and directories,
> and can delete, edit, etc... but only in its own directory...
>
> thanx


Too complicated I think

From what you are saying you just need to do

cd /home
ls -l

to view info on all the rights on the user directories

then do the

chmod

command on each directory so that only the users who own their directories
can read it / modify it.

You can do man chmod to get help on the chmod command, or google for it,
or if you have konqueror you can enter the url man:chmod to get the help
file.

To debug your setup faster, if you have konqueror, you can connect to your
own machine and other machines by typing the url fish://username@ipaddress
or fish://username@domain_name to connect and get directory listing.

Also your linux networking questions are best addressed to
comp.os.linux.networking

7 wrote:

> dudek wrote:
>
>> Hello,
>>
>> i have to configure Fedora server for use with WinSCP,
>> in a way that some user could see only his directories.
>>
>> i was trying to reach this functionality by creating user
>>
>> ./make_chroot_jail.sh newuser
>>
>> http://www.fuschlberger.net/programs...p-chroot-jail/
>> Howto Setup a chroot jail for ssh / scp / sftp with Linux
>>
>> now i can connect with PuTTY, as a root and as newuser
>>
>> WinSCP is connecting well as root user or any other.
>>
>> But, if newuser is trying to connect with WinSCP,
>> it gets message:
>>
>>> Cannot initialize SFTP protocol.
>>> Is the host running a SFTP server?
>>
>> please, help me with thease...
>>
>> or, advice me if there is better way
>> how to create user(s) which can see, with WinSCP,
>> only its files and directories...
>> and also, can create new files and directories,
>> and can delete, edit, etc... but only in its own directory...
>>
>> thanx
>
>
> Too complicated I think
>
> From what you are saying you just need to do
>
> cd /home
> ls -l
>
> to view info on all the rights on the user directories
>
> then do the
>
> chmod
>
> command on each directory so that only the users who own their directories
> can read it / modify it.
>
> You can do man chmod to get help on the chmod command, or google for it,
> or if you have konqueror you can enter the url man:chmod to get the help
> file.
>
> To debug your setup faster, if you have konqueror, you can connect to your
> own machine and other machines by typing the url fish://username@ipaddress
> or fish://username@domain_name to connect and get directory listing.
>
> Also your linux networking questions are best addressed to
> comp.os.linux.networking


Oh dappa! My appologies, I am seeing this post in comp.os.linux.networking!
I had meant to click into a different newsgroup at the time I was reading
the post and thought I was seeing it in there!!! :-)

On Feb 10, 9:15 pm, "dudek" <du...@dudek.info> wrote:
> Hello,
>
> i have to configure Fedora server for use with WinSCP,
> in a way that some user could see only his directories.
>
> i was trying to reach this functionality by creating user
>
> ./make_chroot_jail.sh newuser
>
> http://www.fuschlberger.net/programs...p-chroot-jail/
> Howto Setup a chroot jail for ssh / scp / sftp with Linux
>
> now i can connect with PuTTY, as a root and as newuser
>
> WinSCP is connecting well as root user or any other.
>
> But, if newuser is trying to connect with WinSCP,
> it gets message:
>
> > Cannot initialize SFTP protocol.
> > Is the host running a SFTP server?
>
> please, help me with thease...
>
> or, advice me if there is better way
> how to create user(s) which can see, with WinSCP,
> only its files and directories...
> and also, can create new files and directories,
> and can delete, edit, etc... but only in its own directory...
>
> thanx

-You said you want your users to view there own home directories only,
So chroot jail is the only solution you have. Because if any user just
go up 1 level the linux permissions will permit him to dos so, And I
think even if you changed the permissions as well. So chroot jail is
your way right. I read before about the script you are using to do the
task but I didn't try it my self, So I think it may need some
modifications from you to do the task because not all the Linux
distros like each others.
Sound like the sftp subsystem settings in your script are not the same
in fedora for example. Look for
Subsystem sftp /path/to/sftp-server in sshd_config, make sure the path
is
right and sftp-server exists and is executable, Check what is the
script is trying to do? And you will find that some link or path isn't
correctly set up.
-If you want to enable only sftp and disable ssh login to increase the
security it's easy to do and I have a server configured this way and
it's ok, No login with ssh and only sftp is allowed,
Add user as usually and assign him a password. Then run the following
command (replace the 'username' with real user name):
usermod -s /usr/libexec/openssh/sftp-server "username"
this user shell will be sftp-server.
and then echo "/usr/libexec/openssh/sftp-server" >> /etc/shells
-Now you've setup a user who can only access your server with SFTP.
-I will try to get the script you are using and watch out what's is
wrong there, I think it's just a broken link there.

On Feb 11, 7:58 pm, habibielwa7id <fouad...@gmail.com> wrote:
> On Feb 10, 9:15 pm, "dudek" <du...@dudek.info> wrote:
>
>
>
> > Hello,
>
> > i have to configure Fedora server for use with WinSCP,
> > in a way that some user could see only his directories.
>
> > i was trying to reach this functionality by creating user
>
> > ./make_chroot_jail.sh newuser
>
> >http://www.fuschlberger.net/programs...p-chroot-jail/
> > Howto Setup a chroot jail for ssh / scp / sftp with Linux
>
> > now i can connect with PuTTY, as a root and as newuser
>
> > WinSCP is connecting well as root user or any other.
>
> > But, if newuser is trying to connect with WinSCP,
> > it gets message:
>
> > > Cannot initialize SFTP protocol.
> > > Is the host running a SFTP server?
>
> > please, help me with thease...
>
> > or, advice me if there is better way
> > how to create user(s) which can see, with WinSCP,
> > only its files and directories...
> > and also, can create new files and directories,
> > and can delete, edit, etc... but only in its own directory...
>
> > thanx
>
> -You said you want your users to view there own home directories only,
> So chroot jail is the only solution you have. Because if any user just
> go up 1 level the linux permissions will permit him to dos so, And I
> think even if you changed the permissions as well. So chroot jail is
> your way right. I read before about the script you are using to do the
> task but I didn't try it my self, So I think it may need some
> modifications from you to do the task because not all the Linux
> distros like each others.
> Sound like the sftp subsystem settings in your script are not the same
> in fedora for example. Look for
> Subsystem sftp /path/to/sftp-server in sshd_config, make sure the path
> is
> right and sftp-server exists and is executable, Check what is the
> script is trying to do? And you will find that some link or path isn't
> correctly set up.
> -If you want to enable only sftp and disable ssh login to increase the
> security it's easy to do and I have a server configured this way and
> it's ok, No login with ssh and only sftp is allowed,
> Add user as usually and assign him a password. Then run the following
> command (replace the 'username' with real user name):
> usermod -s /usr/libexec/openssh/sftp-server "username"
> this user shell will be sftp-server.
> and then echo "/usr/libexec/openssh/sftp-server" >> /etc/shells
> -Now you've setup a user who can only access your server with SFTP.
> -I will try to get the script you are using and watch out what's is
> wrong there, I think it's just a broken link there.

-Ok man I got it. It's very simple. I tried the script on fedora 8.
It's agood work. it will enable you to use ssh to login but not sftp
as winscp told you. To enable sftp also, you will have to remove
"Defaults requiretty" from the /etc/sudoers on your Fedora system. And
it will enable you to login using sftp beside ssh.
Regards,