unable to login via sftp

1. offizieller Beitrag

    I'm using the sftp plugin on omv4. I'm able to sftp via port 222 but gat "access denied" i've check password etc. I thought that the sftp plugin created an sftp directory but on my machine it doesn't exist so i created a folder in /home, I would prefer to have an sftp users only folder i.e /dev/md0/sftp/user1 and they are jailed to that.


    here are my settings.

  • Agricola

    Hat das Label OMV 4.x hinzugefügt.
    • Offizieller Beitrag

    You really should upgrade to OMV6 as OMV4 and OMV5 are no longer being actively supported.

    System Backup Typo alert: Under the Linux section the command should be sudo umount /dev/sda1 NOT sudo unmount /dev/sda1

    Backup Data Disk to Backup Disk on Same Machine: In a Scheduled Job:rsync -av --delete /srv/dev-disk-by-uuid-f8814ed9-9a5c-4e1c-8830-426968c20ea3/ /srv/dev-disk-by-uuid-e67439d5-00a3-4942-bd5f-b84ab86aa850/ Don't forget trailing slashes, and BE CAREFUL. (HT: Getting Started with OMV5)

    Equipment - Thinkserver TS140, NanoPi M4 (v.1), Odroid XU4 (Using DietPi): PiHole

    • Offizieller Beitrag
    Zitat von marvelous

    gat "access denied"

    Your shell is /bin/false. That is not going to allow you to login.

    omv 7.0.5-1 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.13 | compose 7.1.4 | k8s 7.1.0-3 | cputemp 7.0.1 | mergerfs 7.0.4


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    • Offizieller Beitrag

    What sftp client are you using?

    omv 7.0.5-1 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.13 | compose 7.1.4 | k8s 7.1.0-3 | cputemp 7.0.1 | mergerfs 7.0.4


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    I've tried using winscp and filezilla. I've just checked and now I have /sftp folder showing. Basically all I want to do is


    add sftp folder on a different disk i.e /srv/dev-disk-by-id-test/sftp

    create a user that only has access via sftp to /srv/dev-disk-by-id-test/sftp/


    what's the easiest wat to accomplish this? do i need to add a shared folder in omv first or can it all be done via sftp config?

    • Offizieller Beitrag
    Zitat von marvelous

    what's the easiest wat to accomplish this? do i need to add a shared folder in omv first or can it all be done via sftp config?

    Yes, you have to create a shared folder. Here is what I just did to test this:


    1. plugin tab - install sftp plugin
    2. user tab - create sftpuser1 user that is in the sftp-access group
    3. sharedfolder tab - create sftpfolder1 shared folder with default permissons.
    4. sharedfolder tab - give sftpuser1 read/write privilegs to sftpfolder1
    5. sftp plugin settings tab - enable sftp
    6. sftp plugin shares tab - add sftp share usering sftpuser1 and sftpfolder1
    7. Login

    omv 7.0.5-1 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.13 | compose 7.1.4 | k8s 7.1.0-3 | cputemp 7.0.1 | mergerfs 7.0.4


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    Thanks for that


    6, When i do this it adds sftpuser1 to /sftp/sftpuser1

    When i try and connect i get permission denied.


    Code
    stat /sftp/sftpuser1/
File: /sftp/sftpuser1/
Size: 4096            Blocks: 8          IO Block: 4096   directory
Device: 801h/2049d      Inode: 2752517     Links: 4
Access: (0755/drwxr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2022-08-15 08:41:54.104414910 +0100
Modify: 2022-08-15 08:34:47.139112218 +0100
Change: 2022-08-15 08:34:47.139112218 +0100
Birth: -


    Code
    stat /srv/dev-disk-by-id-md-name-test-0/sftp/sftpuser1/
File: /srv/dev-disk-by-id-md-name-test-0/sftp/sftpuser1/
Size: 4096            Blocks: 8          IO Block: 4096   directory
Device: 900h/2304d      Inode: 126812162   Links: 2
Access: (2775/drwxrwsr-x)  Uid: (    0/    root)   Gid: (  100/   users)
Access: 2022-08-15 08:43:56.992795980 +0100
Modify: 2022-08-15 08:32:24.294684174 +0100
Change: 2022-08-15 08:32:24.294684174 +0100
Birth: -
    • Offizieller Beitrag

    What type of filesystem?

    omv 7.0.5-1 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.13 | compose 7.1.4 | k8s 7.1.0-3 | cputemp 7.0.1 | mergerfs 7.0.4


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    • Offizieller Beitrag

    Not sure what the problem is. You will likely have to look at /var/log/auth.log when logging in and maybe run the sftp client with verbosity increased. I use this plugin all the time (even my phones sync to it) and don't have this problem.

    omv 7.0.5-1 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.13 | compose 7.1.4 | k8s 7.1.0-3 | cputemp 7.0.1 | mergerfs 7.0.4


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    Did some debug looks like the chroot causing the issue? I'm seeing this in auth.log


    Code
    Aug 15 19:18:35 box sshd[31530]: rexec line 7: Deprecated option KeyRegenerationInterval
Aug 15 19:18:35 box sshd[31530]: rexec line 8: Deprecated option ServerKeyBits
Aug 15 19:18:35 box sshd[31530]: rexec line 13: Deprecated option RSAAuthentication
Aug 15 19:18:35 box sshd[31530]: rexec line 16: Deprecated option RhostsRSAAuthentication
Aug 15 19:18:35 box sshd[31530]: reprocess config line 13: Deprecated option RSAAuthentication
Aug 15 19:18:35 box sshd[31530]: reprocess config line 16: Deprecated option RhostsRSAAuthentication
Aug 15 19:18:35 box sshd[31530]: Accepted password for sftpuser1 from 192.168.15.1 port 59210 ssh2
Aug 15 19:18:35 box sshd[31530]: pam_unix(sshd:session): session opened for user sftpuser1 by (uid=0)
Aug 15 19:18:35 box sshd[31536]: fatal: bad ownership or modes for chroot directory component "/"
Aug 15 19:18:35 box sshd[31530]: pam_unix(sshd:session): session closed for user sftpuser1


    sftp client

    • Offizieller Beitrag

    That is what I wanted to see. Wrong permissions on / do break chroot which is what sftp uses when the user is in sftp-access


    sudo chmod 755 /

    omv 7.0.5-1 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.13 | compose 7.1.4 | k8s 7.1.0-3 | cputemp 7.0.1 | mergerfs 7.0.4


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    That sorted it many thanks for that!


    One slight issue/quirk is that


    In sftp > sharedfolder I have

    /dev/md0/sftp/user1


    when I sftp in I see all the sftp users folders but correctly only have permissions to user1 us there way so it drops straight into the user1 directory on login so they don't see the other users?

    • Offizieller Beitrag
    Zitat von marvelous

    In sftp > sharedfolder I have

    /dev/md0/sftp/user1

    I'm not sure what this means. Can you take a screenshot?

    Zitat von marvelous

    us there way so it drops straight into the user1 directory on login so they don't see the other users?

    If the user is in the sftp-access, it chroots into /sftp/%u. You shouldn't see anything outside of that directory unless you give the user access to it in the shares tab. If the user is not in sftp-access, they can't see everything. I have three users with sftp access and this is what one of them sees:


    $ sftp -P 222 sftpuser1@omv6dev

    sftpuser1@omv6dev's password:

    Connected to omv6dev.

    sftp> ls -al /

    drwxr-xr-x 4 0 0 4096 Aug 20 14:15 .

    drwxr-xr-x 4 0 0 4096 Aug 20 14:15 ..

    drwxr-xr-x 2 0 0 4096 Aug 20 14:15 dev

    drwxrwsr-x 2 0 100 4096 Aug 14 19:30 sftpfolder1

    sftp>

    omv 7.0.5-1 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.13 | compose 7.1.4 | k8s 7.1.0-3 | cputemp 7.0.1 | mergerfs 7.0.4


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    Right I now see the same as you is it correct that i'm unable to write to the root directory but only inside sftpuser1?


    Code
    sftp> ls -la
drwxr-xr-x    4 0        0            4096 Aug 23 08:51 .
drwxr-xr-x    4 0        0            4096 Aug 23 08:51 ..
drwxr-xr-x    2 0        0            4096 Aug 23 08:51 dev
drwxrwsr-x    2 0        100          4096 Aug 23 08:47 sftpuser1
    • Offizieller Beitrag
    Zitat von marvelous

    is it correct that i'm unable to write to the root directory but only inside sftpuser1?

    Yes.

    omv 7.0.5-1 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.13 | compose 7.1.4 | k8s 7.1.0-3 | cputemp 7.0.1 | mergerfs 7.0.4


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    Sorry if I reopen this old post but I also configured the SFTP service with the Plugin and when I log in with the user I see a strange additional "dev" folder in addition to the shared/default one for user access.

    Where did that "dev" folder come from... I didn't create it nor did I share it!

    Attached are the screenshots...

    Thank you

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!

Benutzerkonto erstellen Anmelden