SFTP Configuration

    • OMV 4.x
    • SFTP Configuration

      Hello out there!


      I need help to configure the SFPT Plugin urgently! I am not a newbie, but I don’t get it to function properly. I can run FTPS via Filezilla but SFTP doesn’t work.


      Goal:
      All users must be jailed into their shared folder and no access to root.


      I have set up SFTP on other Linux by hand, but I want to do it via interface because I don’t know if I harm something doing it manually.


      I tried to get some info via forum and google. But I failed :S . There is always mentioned a Group “sftp-acces”, but there is no such group. Do I have to crate it myself?


      Regards
    • bikepope wrote:

      There is always mentioned a Group “sftp-acces”, but there is no such group. Do I have to crate it myself?
      The plugin creates it - github.com/OpenMediaVault-Plug…aster/debian/postinst#L42


      Mr.Tullgren wrote:

      chmod 0755 /
      If the user is not in the sftp-access group, the user will not be jailed. You shouldn't have to change permissions on the folders ESPECIALLY the root / folder! I understand the permission you a specifying is correct but you shouldn't have to do it.
      omv 4.1.23 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.15
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • Thanks for your help. But we have a special setup and I try to explain.

      We have a server running OMV with two file servers keeping the shared folders. So, we have a folder structure like “/svr/file_server1/usershare” and like “/svr/file_server2/usershare” on the OMV server.

      In the “omv_sftp_config” the group access for sftp-access is “ChrootDirectory /sftp/%u” which is, I think, not correct. It should point to “/%disklabel/%usershare”.
      I would appreciate any help on that.

      Regards

    • bikepope wrote:

      In the “omv_sftp_config” the group access for sftp-access is “ChrootDirectory /sftp/%u” which is, I think, not correct. It should point to “/%disklabel/%usershare”.
      Nope. The plugin creates bind mounts to the shares that each user has access to in the /sftp/%u directory. I use this plugin and it works well.
      omv 4.1.23 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.15
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • bikepope wrote:

      Can I use standard SFTP from Debian instead? Because there I can jail each user into his shared folder.
      I don't know what standard "SFTP from Debian" is? And if you put the user in the sftp-access group, they will be jailed in their shared folder. Are you sure you are using the port for the second sftp server created by the plugin and not the default ssh port number specified in OMV's ssh plugin?
      omv 4.1.23 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.15
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!