Add a new FTP-User - just with one Directory

I spoke too fast…

made a reboot and

Status: Connecting to oo.nn.zz.xxx…
Response: fzSftp started, protocol_version=4
Command: open “invite@oo.nn.zz.xxx” 22
Command: Pass: ********
Error: Server unexpectedly closed network connection
Error: Could not connect to server
Status: Waiting to retry…

still works with the osmc account

What the hell’s going on?

Olivier

okey have you uninstalled and reinstalled sshd, then you editing in sshd_config might have been undone.

Redo this then.

sudo nano /etc/ssh/sshd_config

This is VITAL else you sshd will stop working and no ssh login
Locate and comment out the following line,:

Subsystem sftp /usr/lib/openssh/sftp-server

then ad the following lines at the end of the file:

Subsystem sftp internal-sftp
Match user kids
ChrootDirectory %h
ForceCommand internal-sftp

yes, this is what I’ve done and it worked fine till…I decided to reboot my Raspberry pi2…

/etc/ssh/sshd_config content is still Ok

here is the debug info from Filezilla

Status: Connecting to <>…
Trace: Going to execute C:\Program Files\FileZilla FTP Client\fzsftp.exe
Response: fzSftp started, protocol_version=4
Trace: CSftpControlSocket::ConnectParseResponse(fzSftp started, protocol_version=4)
Trace: CSftpControlSocket::SendNextCommand()
Trace: CSftpControlSocket::ConnectSend()
Command: open “external@<>” 22
Trace: Looking up host “<>”
Trace: Connecting to <> port 22
Trace: We claim version: SSH-2.0-PuTTY_Local:_Oct_16_2015_12:02:11
Trace: Server version: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u1
Trace: Using SSH protocol version 2
Trace: Doing ECDH key exchange with curve Curve25519 and hash SHA-256
Trace: Host key fingerprint is:
Trace: ssh-ed2551n 256 c5:a2:1c:35:bn:b6:d9:ea:ea:n6:f1:a5:dd:d4:20:b2
Trace: Initialised AES-256 SDCTR client->server encryption
Trace: Initialised HMAC-SHA-256 client->server MAC algorithm
Trace: Initialised AES-256 SDCTR server->client encryption
Trace: Initialised HMAC-SHA-256 server->client MAC algorithm
Command: Pass: ********
Trace: Sent password
Trace: Access granted
Trace: Opening session as main channel
Trace: Network error: Software caused connection abort

which ‘software caused…’ do you think is reason for my trouble ?

Thanks,
Olivier

it authentictes correctly, try to comment out the chroot variable in sshd_config.

sudo systemctl stop sshd
sudo systemctl start sshd

if it works then it’s a filerights problem

yep, this is it

Olivier

okey step by step,

/media/ directory should be:               drwxr-xr-x root:root media 
/media/Tera II/ directory should be:       drwxr-xr-x root:root Tera II
/media/Tera II/FTP/ directory should be:   drwxr-xr-x root:root FTP

This makes FTP folder not writeable from sftp/ftp so you got to make a upload folder and give the rights to the user to upload in it, as I said before.

looks like both Tera II and FTP folder is 777 (drwxrwxrwx)

sudo chomd 755 “/media/Tera II”
sudo chmod 755 “media/Tera II/FTP”

That should fix file rights Uncomment Chroot vaiable in sshd_config again, run systemctl stop/start sshd.

Ok I found the issue …

when rebooting, rights are put back to 777 by (??)

this means I might need to change this manually after each reboot, unless finding a solution to fix it

Anyway as a workaround I wrote a script

Thanks,
Olivier

Might be the how the usb-drive is mounted, since it’s an automount it’s abit over my head. I made a manual mount of the my usb-drive in fstab, since it’s allways hooked up to the Pi, and I got no problem with rebooting.

in /etc/fstab

LABEL=disken /mnt/disc1 ext3 defaults 0 0

That didn’t work, put back to 777 anyway

so…

I’ve added the sudo chmod 755 /media… in /etc/rc.local and that’s it :slightly_smiling:

now I can reboot as often as I want…or it’s done

Olivier

ok, as long as it’s resolved. I’m still strugglling with the mount bind automated, to get a folder into the jailed users home folder.

solved it with a line in /etc/rc.local

sudo mount --bind /mnt/disc1/download /mnt/disc1/kids/download

that makes it posible for kids to view the folder outside their jailed enviroment, but I control which folders to let them have access to.