DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 25th June 2008
luismi luismi is offline
New User
 
Join Date: Jun 2008
Posts: 1
Thanked 0 Times in 0 Posts
Question obsd 4.3 chrooted sftp permissions?

Hi there

I'm trying since a couple of days to setup a chrooted sftp access to a test obsd machine running apache. Ideally I would like to grant group access to update some web content but after checking all I found, I'm still unsuccessful

Here are the relevant details ...

Code:
# OpenBSD 4.3 GENERIC#0 i386

SFTPG=webgroup
SFTPU=webadmin
SFTPP=webadminpass
SFTPD=/var/www/htdocs/project

mkdir $SFTPD
groupadd -v $SFTPG
useradd -c "webadmin user" -d / -g $SFTPG -p $(encrypt -b 6 $SFTPP) -s /sbin/nologin $SFTPU

chown root:$SFTPG $SFTPD
chmod 0755 $SFTPD
Code:
# /etc/ssh/sshd_config

#Subsystem	sftp	/usr/libexec/sftp-server
Subsystem  sftp  internal-sftp

Match group $SFTPG
	ChrootDirectory $SFTPD
	X11Forwarding no
	AllowTcpForwarding no
	ForceCommand internal-sftp
Code:
kill -HUP `cat /var/run/sshd.pid`
So, with the above setup, I'm granted access as 'webadmin' but i don't have any write permissions.

Any attempt to change the group permissions, chmod g+w $SFTPD or similar, results in NOT being able to successfully start a session ...

Code:
psftp -v -l webadmin -pw webadminpass 192.168.1.50
Looking up host "192.168.1.50"
Connecting to 192.168.1.50 port 22
Server version: SSH-2.0-OpenSSH_4.8
We claim version: SSH-2.0-PuTTY_Release_0.60
Using SSH protocol version 2
Doing Diffie-Hellman group exchange
Doing Diffie-Hellman key exchange with hash SHA-256
Host key fingerprint is:
ssh-rsa 2048 b6:fb:6a:7b:ea:5e:1a:71:52:c9:a5:c5:d8:fa:61:27
Initialised AES-256 SDCTR client->server encryption
Initialised HMAC-SHA1 client->server MAC algorithm
Initialised AES-256 SDCTR server->client encryption
Initialised HMAC-SHA1 server->client MAC algorithm
Using username "webadmin".
Keyboard-interactive authentication refused
Sent password
Access granted
Server unexpectedly closed network connection
Fatal: Server unexpectedly closed network connection
I feel it must be something very obvious, but I just don't see it

Any comments/remarks are most welcome
Luismi

Last edited by luismi; 25th June 2008 at 07:15 PM.
Reply With Quote
 

Tags
chmod, chroot, obsd 4.3, permissions, sftp

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
openBSD4.4 + Chrooted apache1.3 + php5 + sessions wolf3d OpenBSD Packages and Ports 1 2nd July 2009 11:07 AM
Sftp Bus error: 10 (core dumped) smokem FreeBSD General 0 21st April 2009 12:45 PM
List of users connected by sftp. amscotti OpenBSD General 7 1st April 2009 07:26 PM
PureFTP + TLS / or SFTP plexter OpenBSD Security 11 6th October 2008 10:32 PM
build a sftp server milo974 OpenBSD General 9 26th September 2008 11:09 AM


All times are GMT. The time now is 07:54 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick