Getting "permission denied" with PROFTPD SFTP in Centos -
I want to configure a SFTP server with CentOS 6 But when I use "" with FileZilla client, I get this message:
Open to write: Permission denied < P> sftp in my logs This is when I use 'put': ... unsupported 'simply@putty.projects.tartarus.org' channel requested , Ignored the 'subsystem' channel request for 'sftp' subsystem. 'Namefile' error for REALPATH detected: Aucun fichier ou dossier de ce type error opening 'file name';
I do not understand because it works very well on Debian ...
Install Proftpd:
sudo rpm -user http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm sudo yum install proftpd < / Code> For my tests, I blocked the firewall:
service iptables stop I created the ssh configuration file "sshd_config" In the line "subsystem" has commented
# subsystem sftp .... I add this line to proftpd configuration file "proftpd.conf" I am :
nano / etc / Profort .conf load module mod_sftp.c load module mod_sftp_pam.c & lt; IfModule mod_sftp.c & gt; # Ecoute upright sur le port 2222 port 2222 # # to des Cles de cryptage SFTPHostKey / etc / ssh / ssh_host_rsa_key2 SFTPHostKey / etc / ssh / ssh_host_dsa_key2 # Pour le moment, par mot met the authentification of de passe # Active le mode list of equal authentification au equivalent key SFTPAuthMethods password # l'utilisateur est bloque demonstrations changera après on SFTP SFTPEngine qu'on Louis a attribué lors de sa Création DefaultRoot ~ # on ajoute les fichiers log pour le SFTP SFTPLog / etc / sftp / log /sftp.log TransferLog /etc/sftp/log/sftp-transfer.log & lt; / IfModule & gt; I add a new user and new group:
add group add adder add-on / etc / SFTP / home nom_utilisateur # on Associe le Novel utilisateur I can connect to SFTP (the log file fills) but I can not use "put". When I create a file, change the name of the file name in the "test" file in a file, 'avilil 28 12:45 Test '. .. The file / home permissions are 777.
This is the profit pdd conf:
# This is the ProFTPD configuration file server name "ProFTPD Server" on ServerIdent "Ready for FTP Server" on VRootEngine the ServerAdmin root @ localhost DefaultServer VRootAlias /etc/security/pam_env.conf etc. /security/pam_env.conf PAM # use to authenticate (default) and official AuthPAMConfig proftpd AuthOrder mod_auth_pam.c * mod_auth_unix.c # you If you use NIS / YP / LDAP, you may need to disable Persisten: tissuePasswd # reverse DNS search (DNS problems) Stop at) UseReverseDNS # User and Group that runs the user as no server # no none runs by default Sendfile is set to default since it breaks display in # ftptop and does not break at # Ftpwho Define logFormat authentication "% v [% p]% g \ t \" define logFormat default "% h% l% u% T \" "LoadModule mod_sftp.c LoadModule mod_sftp_pam.c # Dynamic Restriction List (http://www.proftpd.org/docs/contrib/mod_ban.html) PROFTPD_OPTIONS = # --DDYNAMIC_BAN_LISTS with # Enable S / etc / sysconfig / proftpd & LT; IfDefine DYNAMIC_BAN_LISTS & gt; LoadModule mod_ban.c BanLog on the BanEngine /var/log/proftpd/ban.log BanTable /var/run/proftpd/ban.tab BanOnEvent MaxLoginAttempts 2/00: 10: 00 01:00:00 BanControlsACLs All Allow Users Ftpadm & Lt; / IfDefine & gt; & Lt; Global & gt; # UMASK 022 is a good standard UMAS which is to prevent the new DIR and file # from being Group and World Writer. # 022, allow users to overwrite files and change permissions; SITE_CHMOD & gt; All written limits Allow all & lt; / Border & gt; & Lt; / Global & gt; ## SFTP ....
By default SELINux keeps your server safe And denies access to these directories.
You can make rules using chcon and allow acces.
Example for a web site:
- selinux right: ls -dz / home / myusergrp / MyUser / FTP
- Allow access rights : chcon R T httpd_sys_content_t / home / myusergrp / MyUser / FTP
to remove SELinux, to prefert not / Etc / selinux / config and SELINUX = configured instead SELINUX = enforcing (in And server reboot).
To learn more:
I hope this help, Mike
Html>
Comments
Post a Comment