SFTP Plugin Problem

  • Just getting familiar with the SFTP plugin and in the beginning, I was able to connect but got listed the complete root directory. Not only the sharedfolder to be displayed. So I noticed that I should join the group sftp-access but now I cant even connect anymore. Getting error message

    Code
    Fehler:	Network error: Software caused connection abort
    Fehler:	Herstellen der Verbindung zum Server fehlgeschlagen

    Any ideas? Thanks!

    • Offizieller Beitrag

    Is the sftp server running? The service status page should tell you. Unlike some of the other plugins I maintain, I know this plugin well and it is working in all of my tests.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • Did some more tests but whatever I do. I can only connect as long as user is not in group sftp-access, but whole root tree is displayed then.
    Adding the user to sftp-access, I cannot login anymore due to "connection abort".
    Turning On "Allow Groups" while user is not in sftp-access leads to "Auth failed".
    Joining the group again leads to "connection abort".


    Found no other settings that would change anything. Sys Log displays "service started" only. Going to SFTP LOG I get the error "Failed to open the log file (filename=/var/log/openmediavault-sftp.log).".


    @ryecoaaron any further tips?




    Edit:
    So in the auth.log I found the error message
    'fatal: bad ownership or modes for chroot directory component "/"'


    and therefore I checked the permissions. I found that my / was set as root:root 775 and not root:root 755.
    I backed up my system and changed the permissions with "chmod 755 /".


    After that, auth.log gave me another error saying
    'fatal: safely_chroot: stat("/sftp/"): No such file or directory'


    So I checked /etc/ssh/omv_sftp_config and there it says 'ChrootDirectory /sftp/%u'. Ok, creating the dir /sftp/testUser/blabla/ with the right permissions and I can finally connect and I see only the directory blabla/.


    But what is going on there? In the OMV GUI at SFTP in the Access List TAB I set testUser should see the sharedfolder "testSF". That setting seems to be ignored. Why is omv_sftp_config chroot'in to /sftp/%u?

    • Offizieller Beitrag

    But what is going on there?

    The plugin should be creating /sftp. Not sure why it didn't on your system.

    In the OMV GUI at SFTP in the Access List TAB I set testUser should see the sharedfolder "testSF". That setting seems to be ignored. Why is omv_sftp_config chroot'in to /sftp/%u?

    Your system doesn't seem to be applying any settings. What is the output of omv-salt deploy run sftp followed by omv-salt deploy run fstab. The plugin uses /sftp because it bind mounts each sharedfolder you give access to in the user's directory in /sftp. This is how it only shows the selected sharedfolders when the user is in the sftp-access group.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • Hmm ok, that is really interesting. Have never had the situation of settings not being applied. :/



    Output is:






    Seems to work now. I can connect and see my shared folder. Thank you!! But any idea what could have caused that problems?

    • Offizieller Beitrag

    The sftp module isn't being marked as dirty for some reason. I don't have this problem on my system. What is the output of: dpkg -l | grep openm

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • Code
    root@NAS:~# dpkg -l | grep openm
    ii  openmediavault                  5.1.3-1                             all          openmediavault - The open network attached storage solution
    ii  openmediavault-diskstats        5.0.1-1                             all          OpenMediaVault disk monitoring plugin
    ii  openmediavault-flashmemory      5.0.1                               all          folder2ram plugin for OpenMediaVault
    ii  openmediavault-keyring          1.0                                 all          GnuPG archive keys of the OpenMediaVault archive
    ii  openmediavault-omvextrasorg     5.1.11                              all          OMV-Extras.org Package Repositories for OpenMediaVault
    ii  openmediavault-sftp             5.0                                 all          sftp server
    ii  openmediavault-usbbackup        5.0.2-1                             all          OpenMediaVault USB/eSATA backup plugin
    • Offizieller Beitrag

    That looks fine. If you add access to another sharedfolder in sftp, is it added?

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    • Offizieller Beitrag

    I found the problem. Working on a fix. Not sure why it didn't affect the 4.x plugin though.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    • Offizieller Beitrag

    5.0.1 is in the repo now.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    • Offizieller Beitrag

    When I add another user to sftp group and access list, directory /sftp/anotherUser is created with wrong permission root:root 777

    The plugin isn't specifying what permissions to create that directory with. I will have to add code to set the user's root directory to 755.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    • Offizieller Beitrag

    Am I missing sth.?

    I don't know how the code behind the mountpoint creation works. So, I just changed the plugin to create the directory with the correct ownership and permissions before the mountpoint is created. 5.0.2 is in the repo.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • Same problem here with the privilege in /
    Same error message. I could solve the error with chmod 755 /
    After that everything works as expected and the user is jail. The folders were correctly created so, in my case, just a chmod problem


    Version omv 4


    Thanks


    Enviado desde mi SM-G960F mediante Tapatalk

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!