Install And Configure SFTP issue with configuration

Hello,

I am facing issues with configuring the SFTP.

Sometimes I get the issue with incorrect Match condition or with the connection lost with same set of commands?

Can anyone please help me?

@player001

Any idea that? I saw you had similar issues.

Create a group

sudo groupadd sftpg

Create a user to that group

sudo useradd -g sftpg harshuser
sudo passwd harshuser

Make a path for the access of the Service

sudo mkdir -p /data/harshuser/upload
sudo chown -R root.sftpg /data/harshuser
sudo chown -R harshuser.sftpg /data/harshuser/upload

Make the path (vi) for the SFTP in /etc/ssh/sshd_config

Set chrootdirectory

Match Group sftpg
ChrootDirectory /data/%u
ForceCommand internal-sftp

Restart the service
sudo systemctl restart sshd

I configured with a group and without group.
In all the cases, got different errors. (Match condition / Connection lost)

I had the same task before but I passed with the above steps.

@Inderpreet @player001

The chown cmd could cause prb when u try to connect with sftp

It is giving issue with match. I think it has to do with ssh_config.

@Goldenor. I did tried without chown command. It did not work.

The subsystem may also cause the prb

Subsystem sftp internal-sftp

if I do that, then it gives the same Match error but instead of Match it states Subsystem

@harshp05

Do you have the screenshot of the task…

Some of the developers from Nautilus project team have asked for SFTP access to at least one of the app server in Stratos DC . After going through the requirements system admins team has decided to configure SFTP server on App Server 2 server in Stratos Datacenter . Please configure it as per below given instructions:

a. Create an SFTP user james and set its password to 8FmzjvFU6S .

b. Password authentication should be enabled for this user.

c. Set its ChrootDirectory to /var/www/appdata .

d. SFTP user should only be allowed to make SFTP connections.

steps done -
[root@stapp02 steve]# sudo groupadd sftpg
[root@stapp02 steve]# sudo useradd -g sftpg james
[root@stapp02 steve]# sudo passwd james
Changing password for user james.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@stapp02 steve]# sudo mkdir -p /var/www/appdata
[root@stapp02 steve]# sudo chown -R root.sftpg /var/www
[root@stapp02 steve]# sudo chown -R james.sftpg /var/www/appdata
[root@stapp02 steve]# vi /etc/ssh/sshd_config

Match Group sftpg
ChrootDirectory /var/www/appdata/%u
ForceCommand internal-sftp

[root@stapp02 steve]# sudo systemctl restart sshd
[root@stapp02 steve]# sftp james@172.16.238.11
Unsupported Match attribute Group
/etc/ssh/ssh_config line 70: Bad Match condition
Couldn’t read packet: Connection reset by peer

Second type of error -

packet_write_wait: Connection to 172.16.238.11 port 22: Broken pipe
Couldn’t read packet: Connection reset by peer

Yeah you that line already you have to edit it and what’s next cames into it “like a content of subsystem”
Check the section 3 of that link, if it gaves you an error print it to me

With group okay and without group also okay.

Can you share log details? /var/log/secure or /var/log/audit?

Why you are using dot(.) with chown. You have to use ‘:’ instead of ‘.’

@harshp05

Create user as asked and in sshd_config, write
Match User james
PasswordAuthentication yes (as per b. Password authentication should be enabled for this user.)
ChrootDirectory /var/www/appdata
ForceCommand internal-sftp

Thank you @Goldenor @player001 @Lakshmi

The issue was the path. When I provided a full path to the sudo chown -R for root and for the user, it worked fine

1 Like

Below steps worked for me .

useradd kareem

passwd kareem

mkdir -p /var/www/webapp

chown kareem:kareem /var/www/webapp

chown root:root /var/www

chmod -R 755 /var/www

chmod -R 755 /var/www/webapp

chown -R kareem /var/www/webapp

chown -R root /var/www/webapp

chown -R root /var/www/

chmod -R 755 /var/www/

vi /etc/ssh/sshd_config


override default of no subsystems

#Subsystem  sftp/usr/libexec/openssh/sftp-server

Subsystem   sftpinternal-sftp

# Example of overriding settings on a per-user basis

#Match User anoncvs

Match User kareem

ForceCommand internal-sftp

PasswordAuthentication yes

ChrootDirectory /var/www/webapp

PermitTunnel no

AllowAgentForwarding no

AllowTcpForwarding no

X11Forwarding no

systemctl restart sshd

sftp kareem@localhost

ssh kareem@stapp02