Can't write or download to SFTP on Ubuntu Server 10.04
I'm having a problem setting up SFTP with an Ubuntu Server 10.04 LTS x64.
I use openSSH with public key authentication, I can login with SSH perfectly with the keys no problem. I can also connect to the FTP server, but I can't write, download or any files from the folder.
Users:
thomas
thomas_filetransfer (home directory is "/" and is part of group "filetransfer")
Groups:
filetransfer
/etc/ssh/sshd_config
:
Not all, just the essentials for SFTP configuration:
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
LogLevel VERBOSE
PermitRootLogin no
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile /etc/ssh/authorized_keys #might be the problem?
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
PasswordAuthentication yes
X11Forwarding no
UsePAM no
UseDNS no
AllowUsers thomas thomas_filetransfer
Subsystem sftp internal-sftp
Match group filetransfer
ChrootDirectory /var/www
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
File permissions:
/var/www = owner = root, group = root, permissions = rwxr-x--- (750)
/etc/ssh = owner = root, group = root, permissions = rwxr-xr-x (755)
/etc/ssh/authorized_keys = owner = root, group = root, permissions = -rw-r--r-- (600)
And again, SSH is working perfectly. I set up the private and public keys and they work, SFTP login works also, but when I try to upload/download a file, it get's wrong.
When I authenticate with my ssh box from a remote box I found this in my /var/log/auth.log file, don't know if anything has to do with it anyway:
Connection from 192.168.124.1 port 54993
Failed none for thomas_filetransfer from 192.168.124.1 port 54993 ssh2
Found matching RSA key: b4:a3:3d:18:b9:30:0c:60:e6:2b:31:47:a9:8d:1d:53
Found matching RSA key: b4:a3:3d:18:b9:30:0c:60:e6:2b:31:47:a9:8d:1d:53
Accepted publickey for thomas_filetransfer from 192.168.124.1 port 54993 ssh2
User child is on pid 849
The second line says "failed none for ..."
linux sftp openssh
add a comment |
I'm having a problem setting up SFTP with an Ubuntu Server 10.04 LTS x64.
I use openSSH with public key authentication, I can login with SSH perfectly with the keys no problem. I can also connect to the FTP server, but I can't write, download or any files from the folder.
Users:
thomas
thomas_filetransfer (home directory is "/" and is part of group "filetransfer")
Groups:
filetransfer
/etc/ssh/sshd_config
:
Not all, just the essentials for SFTP configuration:
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
LogLevel VERBOSE
PermitRootLogin no
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile /etc/ssh/authorized_keys #might be the problem?
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
PasswordAuthentication yes
X11Forwarding no
UsePAM no
UseDNS no
AllowUsers thomas thomas_filetransfer
Subsystem sftp internal-sftp
Match group filetransfer
ChrootDirectory /var/www
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
File permissions:
/var/www = owner = root, group = root, permissions = rwxr-x--- (750)
/etc/ssh = owner = root, group = root, permissions = rwxr-xr-x (755)
/etc/ssh/authorized_keys = owner = root, group = root, permissions = -rw-r--r-- (600)
And again, SSH is working perfectly. I set up the private and public keys and they work, SFTP login works also, but when I try to upload/download a file, it get's wrong.
When I authenticate with my ssh box from a remote box I found this in my /var/log/auth.log file, don't know if anything has to do with it anyway:
Connection from 192.168.124.1 port 54993
Failed none for thomas_filetransfer from 192.168.124.1 port 54993 ssh2
Found matching RSA key: b4:a3:3d:18:b9:30:0c:60:e6:2b:31:47:a9:8d:1d:53
Found matching RSA key: b4:a3:3d:18:b9:30:0c:60:e6:2b:31:47:a9:8d:1d:53
Accepted publickey for thomas_filetransfer from 192.168.124.1 port 54993 ssh2
User child is on pid 849
The second line says "failed none for ..."
linux sftp openssh
add a comment |
I'm having a problem setting up SFTP with an Ubuntu Server 10.04 LTS x64.
I use openSSH with public key authentication, I can login with SSH perfectly with the keys no problem. I can also connect to the FTP server, but I can't write, download or any files from the folder.
Users:
thomas
thomas_filetransfer (home directory is "/" and is part of group "filetransfer")
Groups:
filetransfer
/etc/ssh/sshd_config
:
Not all, just the essentials for SFTP configuration:
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
LogLevel VERBOSE
PermitRootLogin no
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile /etc/ssh/authorized_keys #might be the problem?
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
PasswordAuthentication yes
X11Forwarding no
UsePAM no
UseDNS no
AllowUsers thomas thomas_filetransfer
Subsystem sftp internal-sftp
Match group filetransfer
ChrootDirectory /var/www
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
File permissions:
/var/www = owner = root, group = root, permissions = rwxr-x--- (750)
/etc/ssh = owner = root, group = root, permissions = rwxr-xr-x (755)
/etc/ssh/authorized_keys = owner = root, group = root, permissions = -rw-r--r-- (600)
And again, SSH is working perfectly. I set up the private and public keys and they work, SFTP login works also, but when I try to upload/download a file, it get's wrong.
When I authenticate with my ssh box from a remote box I found this in my /var/log/auth.log file, don't know if anything has to do with it anyway:
Connection from 192.168.124.1 port 54993
Failed none for thomas_filetransfer from 192.168.124.1 port 54993 ssh2
Found matching RSA key: b4:a3:3d:18:b9:30:0c:60:e6:2b:31:47:a9:8d:1d:53
Found matching RSA key: b4:a3:3d:18:b9:30:0c:60:e6:2b:31:47:a9:8d:1d:53
Accepted publickey for thomas_filetransfer from 192.168.124.1 port 54993 ssh2
User child is on pid 849
The second line says "failed none for ..."
linux sftp openssh
I'm having a problem setting up SFTP with an Ubuntu Server 10.04 LTS x64.
I use openSSH with public key authentication, I can login with SSH perfectly with the keys no problem. I can also connect to the FTP server, but I can't write, download or any files from the folder.
Users:
thomas
thomas_filetransfer (home directory is "/" and is part of group "filetransfer")
Groups:
filetransfer
/etc/ssh/sshd_config
:
Not all, just the essentials for SFTP configuration:
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
LogLevel VERBOSE
PermitRootLogin no
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile /etc/ssh/authorized_keys #might be the problem?
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
PasswordAuthentication yes
X11Forwarding no
UsePAM no
UseDNS no
AllowUsers thomas thomas_filetransfer
Subsystem sftp internal-sftp
Match group filetransfer
ChrootDirectory /var/www
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
File permissions:
/var/www = owner = root, group = root, permissions = rwxr-x--- (750)
/etc/ssh = owner = root, group = root, permissions = rwxr-xr-x (755)
/etc/ssh/authorized_keys = owner = root, group = root, permissions = -rw-r--r-- (600)
And again, SSH is working perfectly. I set up the private and public keys and they work, SFTP login works also, but when I try to upload/download a file, it get's wrong.
When I authenticate with my ssh box from a remote box I found this in my /var/log/auth.log file, don't know if anything has to do with it anyway:
Connection from 192.168.124.1 port 54993
Failed none for thomas_filetransfer from 192.168.124.1 port 54993 ssh2
Found matching RSA key: b4:a3:3d:18:b9:30:0c:60:e6:2b:31:47:a9:8d:1d:53
Found matching RSA key: b4:a3:3d:18:b9:30:0c:60:e6:2b:31:47:a9:8d:1d:53
Accepted publickey for thomas_filetransfer from 192.168.124.1 port 54993 ssh2
User child is on pid 849
The second line says "failed none for ..."
linux sftp openssh
linux sftp openssh
edited Mar 13 '12 at 14:02
randomKek
asked Mar 13 '12 at 13:39
randomKekrandomKek
163128
163128
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
I think your ChrootDirectory /var/www
which has a ownership of /var/www = owner = root, group = root, permissions = rwxr-x--- (750)
is clobbering you. Try chown
ing the group of /var/www
to a group you have membership to and make it 770. See if that works.
Let me know if it helps.
As per OP's chat, he found the answer in this blog site
Still not working, the owner is now root, and the group is now filetransfer. I can still connect to the SFTP but when I try to create a folder I get "permission denied". I checked the log file and there is nothing special in it, it doesn't give any information when I try to create the folder, although I found this when authenticating with SFTP, dunno if it matters: Failed none for thomas_filetransfer from 192.168.124.1 port 54993 ssh2
– randomKek
Mar 13 '12 at 13:58
I forgot to add "sudo chmod 770 /var/www" but now I can't access my SFTP anymore at all.
– randomKek
Mar 13 '12 at 14:04
Hmm.... it seems that was my mistake. chmod it back to 750. Let me see what else I can come up with.
– Carlos
Mar 13 '12 at 14:18
The only difference I see is that in my setup, I haveSubsystem sftp /usr/lib/openssh/sftp-server
andForceCommand /usr/lib/openssh/sftp-server
. Also the word "group" has a capital G.
– Carlos
Mar 13 '12 at 14:21
I can get back into in it now its back @ 750, do you use public keys or just password auth, and protocol 2? I think the problem is, that it the logged in user is seen as "others" not group, although I am 100% sure the www folder is owned by the group and the user is in the group.
– randomKek
Mar 13 '12 at 14:22
|
show 5 more comments
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f400206%2fcant-write-or-download-to-sftp-on-ubuntu-server-10-04%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
I think your ChrootDirectory /var/www
which has a ownership of /var/www = owner = root, group = root, permissions = rwxr-x--- (750)
is clobbering you. Try chown
ing the group of /var/www
to a group you have membership to and make it 770. See if that works.
Let me know if it helps.
As per OP's chat, he found the answer in this blog site
Still not working, the owner is now root, and the group is now filetransfer. I can still connect to the SFTP but when I try to create a folder I get "permission denied". I checked the log file and there is nothing special in it, it doesn't give any information when I try to create the folder, although I found this when authenticating with SFTP, dunno if it matters: Failed none for thomas_filetransfer from 192.168.124.1 port 54993 ssh2
– randomKek
Mar 13 '12 at 13:58
I forgot to add "sudo chmod 770 /var/www" but now I can't access my SFTP anymore at all.
– randomKek
Mar 13 '12 at 14:04
Hmm.... it seems that was my mistake. chmod it back to 750. Let me see what else I can come up with.
– Carlos
Mar 13 '12 at 14:18
The only difference I see is that in my setup, I haveSubsystem sftp /usr/lib/openssh/sftp-server
andForceCommand /usr/lib/openssh/sftp-server
. Also the word "group" has a capital G.
– Carlos
Mar 13 '12 at 14:21
I can get back into in it now its back @ 750, do you use public keys or just password auth, and protocol 2? I think the problem is, that it the logged in user is seen as "others" not group, although I am 100% sure the www folder is owned by the group and the user is in the group.
– randomKek
Mar 13 '12 at 14:22
|
show 5 more comments
I think your ChrootDirectory /var/www
which has a ownership of /var/www = owner = root, group = root, permissions = rwxr-x--- (750)
is clobbering you. Try chown
ing the group of /var/www
to a group you have membership to and make it 770. See if that works.
Let me know if it helps.
As per OP's chat, he found the answer in this blog site
Still not working, the owner is now root, and the group is now filetransfer. I can still connect to the SFTP but when I try to create a folder I get "permission denied". I checked the log file and there is nothing special in it, it doesn't give any information when I try to create the folder, although I found this when authenticating with SFTP, dunno if it matters: Failed none for thomas_filetransfer from 192.168.124.1 port 54993 ssh2
– randomKek
Mar 13 '12 at 13:58
I forgot to add "sudo chmod 770 /var/www" but now I can't access my SFTP anymore at all.
– randomKek
Mar 13 '12 at 14:04
Hmm.... it seems that was my mistake. chmod it back to 750. Let me see what else I can come up with.
– Carlos
Mar 13 '12 at 14:18
The only difference I see is that in my setup, I haveSubsystem sftp /usr/lib/openssh/sftp-server
andForceCommand /usr/lib/openssh/sftp-server
. Also the word "group" has a capital G.
– Carlos
Mar 13 '12 at 14:21
I can get back into in it now its back @ 750, do you use public keys or just password auth, and protocol 2? I think the problem is, that it the logged in user is seen as "others" not group, although I am 100% sure the www folder is owned by the group and the user is in the group.
– randomKek
Mar 13 '12 at 14:22
|
show 5 more comments
I think your ChrootDirectory /var/www
which has a ownership of /var/www = owner = root, group = root, permissions = rwxr-x--- (750)
is clobbering you. Try chown
ing the group of /var/www
to a group you have membership to and make it 770. See if that works.
Let me know if it helps.
As per OP's chat, he found the answer in this blog site
I think your ChrootDirectory /var/www
which has a ownership of /var/www = owner = root, group = root, permissions = rwxr-x--- (750)
is clobbering you. Try chown
ing the group of /var/www
to a group you have membership to and make it 770. See if that works.
Let me know if it helps.
As per OP's chat, he found the answer in this blog site
edited Mar 13 '12 at 18:38
Scott C Wilson
1,71031529
1,71031529
answered Mar 13 '12 at 13:47
CarlosCarlos
77937
77937
Still not working, the owner is now root, and the group is now filetransfer. I can still connect to the SFTP but when I try to create a folder I get "permission denied". I checked the log file and there is nothing special in it, it doesn't give any information when I try to create the folder, although I found this when authenticating with SFTP, dunno if it matters: Failed none for thomas_filetransfer from 192.168.124.1 port 54993 ssh2
– randomKek
Mar 13 '12 at 13:58
I forgot to add "sudo chmod 770 /var/www" but now I can't access my SFTP anymore at all.
– randomKek
Mar 13 '12 at 14:04
Hmm.... it seems that was my mistake. chmod it back to 750. Let me see what else I can come up with.
– Carlos
Mar 13 '12 at 14:18
The only difference I see is that in my setup, I haveSubsystem sftp /usr/lib/openssh/sftp-server
andForceCommand /usr/lib/openssh/sftp-server
. Also the word "group" has a capital G.
– Carlos
Mar 13 '12 at 14:21
I can get back into in it now its back @ 750, do you use public keys or just password auth, and protocol 2? I think the problem is, that it the logged in user is seen as "others" not group, although I am 100% sure the www folder is owned by the group and the user is in the group.
– randomKek
Mar 13 '12 at 14:22
|
show 5 more comments
Still not working, the owner is now root, and the group is now filetransfer. I can still connect to the SFTP but when I try to create a folder I get "permission denied". I checked the log file and there is nothing special in it, it doesn't give any information when I try to create the folder, although I found this when authenticating with SFTP, dunno if it matters: Failed none for thomas_filetransfer from 192.168.124.1 port 54993 ssh2
– randomKek
Mar 13 '12 at 13:58
I forgot to add "sudo chmod 770 /var/www" but now I can't access my SFTP anymore at all.
– randomKek
Mar 13 '12 at 14:04
Hmm.... it seems that was my mistake. chmod it back to 750. Let me see what else I can come up with.
– Carlos
Mar 13 '12 at 14:18
The only difference I see is that in my setup, I haveSubsystem sftp /usr/lib/openssh/sftp-server
andForceCommand /usr/lib/openssh/sftp-server
. Also the word "group" has a capital G.
– Carlos
Mar 13 '12 at 14:21
I can get back into in it now its back @ 750, do you use public keys or just password auth, and protocol 2? I think the problem is, that it the logged in user is seen as "others" not group, although I am 100% sure the www folder is owned by the group and the user is in the group.
– randomKek
Mar 13 '12 at 14:22
Still not working, the owner is now root, and the group is now filetransfer. I can still connect to the SFTP but when I try to create a folder I get "permission denied". I checked the log file and there is nothing special in it, it doesn't give any information when I try to create the folder, although I found this when authenticating with SFTP, dunno if it matters: Failed none for thomas_filetransfer from 192.168.124.1 port 54993 ssh2
– randomKek
Mar 13 '12 at 13:58
Still not working, the owner is now root, and the group is now filetransfer. I can still connect to the SFTP but when I try to create a folder I get "permission denied". I checked the log file and there is nothing special in it, it doesn't give any information when I try to create the folder, although I found this when authenticating with SFTP, dunno if it matters: Failed none for thomas_filetransfer from 192.168.124.1 port 54993 ssh2
– randomKek
Mar 13 '12 at 13:58
I forgot to add "sudo chmod 770 /var/www" but now I can't access my SFTP anymore at all.
– randomKek
Mar 13 '12 at 14:04
I forgot to add "sudo chmod 770 /var/www" but now I can't access my SFTP anymore at all.
– randomKek
Mar 13 '12 at 14:04
Hmm.... it seems that was my mistake. chmod it back to 750. Let me see what else I can come up with.
– Carlos
Mar 13 '12 at 14:18
Hmm.... it seems that was my mistake. chmod it back to 750. Let me see what else I can come up with.
– Carlos
Mar 13 '12 at 14:18
The only difference I see is that in my setup, I have
Subsystem sftp /usr/lib/openssh/sftp-server
and ForceCommand /usr/lib/openssh/sftp-server
. Also the word "group" has a capital G.– Carlos
Mar 13 '12 at 14:21
The only difference I see is that in my setup, I have
Subsystem sftp /usr/lib/openssh/sftp-server
and ForceCommand /usr/lib/openssh/sftp-server
. Also the word "group" has a capital G.– Carlos
Mar 13 '12 at 14:21
I can get back into in it now its back @ 750, do you use public keys or just password auth, and protocol 2? I think the problem is, that it the logged in user is seen as "others" not group, although I am 100% sure the www folder is owned by the group and the user is in the group.
– randomKek
Mar 13 '12 at 14:22
I can get back into in it now its back @ 750, do you use public keys or just password auth, and protocol 2? I think the problem is, that it the logged in user is seen as "others" not group, although I am 100% sure the www folder is owned by the group and the user is in the group.
– randomKek
Mar 13 '12 at 14:22
|
show 5 more comments
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f400206%2fcant-write-or-download-to-sftp-on-ubuntu-server-10-04%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown