# - - # # - - # # - - # # - Website - # https://geekland.eu/crear-servidor-sftp-enjaulado/ :Step 1 # - - # # - sftpServer - Instalation & configuration - # :A # - - # # - uServerVBox - New install - # # - ssh uServerVBox - # # - Create sftpserver folder - # sudo mkdir /home/sftpserver; :B # - - # # - Create users folders - # sudo mkdir /home/sftpserver/jccall80; sudo mkdir /home/sftpserver/temp; sudo mkdir /home/sftpserver/cvandemberg; :C # - - # # - Create users folder for storage - # sudo mkdir /home/sftpserver/jccall80/Archives; sudo mkdir /home/sftpserver/jccall80/ToShare; sudo mkdir /home/sftpserver/temp/Archives; sudo mkdir /home/sftpserver/temp/ToShare; sudo mkdir /home/sftpserver/cvandemberg/Archives; sudo mkdir /home/sftpserver/cvandemberg/ToShare; sudo mkdir /home/sftpserver/cvandemberg/cVandembergData; sudo mkdir /home/sftpserver/cvandemberg/Data; sudo mkdir /home/sftpserver/cvandemberg/PhpPrograms; sudo mkdir /home/sftpserver/cvandemberg/Documents; :D.a # - - # # - Create sftpserver group - # sudo groupadd sftpserver; :D.b # - - # # - Add is_derayo to sftpserver group - # sudo usermod -aG sftpserver is_derayo; :E # - - # # - Create users on uServer - # sudo useradd -g sftpserver -s /bin/false -d /home/sftpserver/jccall80 jccall80; sudo useradd -g sftpserver -s /bin/false -d /home/sftpserver/temp temp; sudo useradd -g sftpserver -s /bin/false -d /home/sftpserver/cvandemberg cvandemberg; Go to :F # - - # # - Regular user with bash - # # - - # # - User to test on uServerVBox1 - 192.168.1.101 - # # - - # # - With bash - # sudo adduser cvandemberg; # - - # sudo useradd cvandemberg; sudo passwd cvandemberg; # Password: linux sudo usermod -aG sftpserver cvandemberg; sudo useradd -g sftpserver -d /home/sftpserver/cvandemberg cvandemberg; sudo passwd cvandemberg: # Password: linux :F # - - # # - Create users password - # sudo passwd jccall80; sudo passwd temp; sudo passwd cvandemberg; # password: linux :G # - - # # - Asign users & groups to sftpserver folders - # sudo chown jccall80:sftpserver /home/sftpserver/jccall80/Archives; sudo chown jccall80:sftpserver /home/sftpserver/jccall80/ToShare; sudo chown temp:sftpserver /home/sftpserver/temp/Archives; sudo chown temp:sftpserver /home/sftpserver/temp/ToShare; sudo chown cvandemberg:sftpserver /home/sftpserver/cvandemberg/cVandembergData; sudo chown cvandemberg:sftpserver /home/sftpserver/cvandemberg/Data; sudo chown cvandemberg:sftpserver /home/sftpserver/cvandemberg/Documents; sudo chown cvandemberg:sftpserver /home/sftpserver/cvandemberg/PhpPrograms; :H # - - # # - Make sure /home/sftpserver folders belong to root user - # sudo chown root:root /home/sftpserver; sudo chown root:root /home/sftpserver/jccall80; sudo chown root:root /home/sftpserver/temp; sudo chown root:root /home/sftpserver/cvandemberg; :I # - - # # - Asign permits to folders - # # - Personal - # sudo chmod 700 /home/sftpserver/jccall80/Archives; sudo chmod 700 /home/sftpserver/temp/Archives; # - ToShare - # sudo chmod 755 /home/sftpserver/jccall80/ToShare; sudo chmod 755 /home/sftpserver/temp/ToShare; # - Data - # sudo chmod 755 /home/sftpserver/cvandemberg/cVandembergData; sudo chmod 755 /home/sftpserver/cvandemberg/Data; sudo chmod 755 /home/sftpserver/cvandemberg/Documents; sudo chmod 755 /home/sftpserver/cvandemberg/PhpPrograms; :J # - - # # - Asign permits to users folders - # sudo chmod 755 /home/sftpserver; sudo chmod 755 /home/sftpserver/jccall80; sudo chmod 755 /home/sftpserver/temp; sudo chmod 755 /home/sftpserver/cvandemberg; :Step 2 # - - # # - Jail sftpServer users - # :A # - - # # - Backup sshd_config file - # sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak; :B # - - # # - Modify sshd_config file - # sudo vim /etc/ssh/sshd_config; :C # - - # # - Look line: Subsystem sftp /usr/lib/openssh/sftp-server - # /Subsystem :D # - - # # - Comment line - # #Subsystem sftp /usr/lib/openssh/sftp-server :E # - - # # - Add at the eof - # # - Check if lines already exist & comment them - # Goto Option 2 :Option 1 # - - # # - Jail /home/sftpserver folder as a whole - # # - Add at the eof - # Subsystem sftp internal-sftp Match group sftpserver ChrootDirectory /home/sftpserver ForceCommand internal-sftp :Option 2 # - - # # - Jail user by user - # # - Add at the eof - # Subsystem sftp internal-sftp Match user jccall80 ChrootDirectory /home/sftpserver/jccall80 ForceCommand internal-sftp Match user temp ChrootDirectory /home/sftpserver/temp ForceCommand internal-sftp Match user cvandemberg ChrootDirectory /home/sftpserver/cvandemberg ForceCommand internal-sftp -d /cVandembergData # default directory Subsystem sftp internal-sftp Match user cvandemberg ChrootDirectory /home/sftpserver/cvandemberg ForceCommand internal-sftp :F # - - # # - Restart ssh service - # sudo service ssh restart; :Step 3 # - - # # - Delete groups, users & sftpserver - # :A # - - # # - Install members - # sudo apt-get install members; :B # - - # # - List sftpserver members - # members sftpserver; cat /etc/passwd | grep sftpserver; :C # - - # # - Delete users & groups - # # - Don't run these commands - Just for reference - # #sudo userdel -r temp; #sudo groupdel sftpserver; :Step 4 # - - # # - ssh users on primary uServerHome & 192.168.1.101 - # :A # - - # # - Add new group uServerHome - # ssh www.isdevelopment.us; sudo groupadd sftpserver; sudo mkdir /home/sftpserver; sudo mkdir /home/sftpserver/temp; sudo mkdir /home/sftpserver/cvandemberg; :B # - - # # - Add new user - # sudo useradd -g sftpserver -s /bin/false -d /home/sftpserver/temp temp; sudo passwd temp; sudo useradd -g sftpserver -s /bin/false -d /home/sftpserver/cvandemberg cvandemberg; sudo passwd cvandemberg; :C # - - # # - Change owner & restrictions to sftpserver - # sudo chown root:root /home/sftpserver; sudo chown root:root /home/sftpserver/temp; sudo chown root:root /home/sftpserver/cvandemberg; sudo chmod 755 /home/sftpserver; sudo chmod 755 /home/sftpserver/temp; sudo chmod 755 /home/sftpserver/cvandemberg; :D # - - # # - Backup sshd_config file - # sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak; :E # - - # # - Modify sshd_config file - # sudo vim /etc/ssh/sshd_config; :F # - - # # - Look line: Subsystem sftp /usr/lib/openssh/sftp-server - # /Subsystem :G # - - # # - Comment line - # #Subsystem sftp /usr/lib/openssh/sftp-server :H # - Add at the eof - # # - Check if lines already exist & comment them - # :I # - - # # - Create a jail for each user - # # - Add at the eof - # Subsystem sftp internal-sftp Match user temp ChrootDirectory /home/sftpserver/temp ForceCommand internal-sftp Match user cvandemberg ChrootDirectory /home/sftpserver/home ForceCommand internal-sftp -d /cvandemberg/Data :J # - - # # - Restart ssh service - # sudo service ssh restart; :Z # - - # # - Access to uServers - # ssh -J www.isdevelopment.us 192.168.1.101; ssh -J www.isdevelopment.us 192.168.1.50; ssh -J is_derayo@www.isdevelopment.us is_derayo@192.168.1.101; ssh -J is_derayo@www.isdevelopment.us is_derayo@192.168.1.50; ssh -J is_derayo@www.isdevelopment.us is_derayo@192.168.1.60; ssh -J temp@www.isdevelopment.us temp@192.168.1.60; ssh -J cvandemberg@www.isdevelopment.us cvandemberg@192.168.1.60; :Step 5 # - - # # - sftp - client configuration - # # - - # # - Website - # https://www.cyberciti.biz/faq/linux-unix-ssh-proxycommand-passing-through-one-host-gateway-server/ :A # - - # # - Create config file - # # - Client (your computer) ~/.ssh/config - # vim ~/.ssh/config :B # - - # # - Add - # # - Sample 1 (Working) - # # - Client (your computer) - # # - is_derayo@HPDesktopMint - # # - vim ~/.ssh/config - # # - thunar - # # - sftp://temp@uServerVBox/ - # # - terminal - # # - ssh uServerVBox - # # - sftp uServerVBox - # # - Password: temp - # Host uServerVBox # Target host Hostname 192.168.1.101 User temp Host uServerHome # Bridge host ProxyCommand ssh temp@www.isdevelopment.us nc %h %p :C # - - # # - Add - # # - Sample 2 - user temp (Working) - # # - Client (your computer) - # # - is_derayo@HPDesktopMint - # # - vim ~/.ssh/config - # # - thunar - # # - sftp://temp@uServerVBox - # # - terminal - # # - ssh uServerVBox - # # - sftp uServerVBox - # # - Password: temp - # Host uServerHome # Bridge host Hostname www.isdevelopment.us User temp # IdentityFile /home/temp/.ssh/uServerHome_e25519 Port 22 Host uServerVBox # Target host Hostname 192.168.1.101 User temp # IdentityFile /home/temp/.ssh/uServerVBox_e25519 Port 22 ProxyCommand ssh -W %h:%p uServerHome # - Sample 2 - user cvandemberg (Working) - # # - Client (your computer) - # # - is_derayo@HPDesktopMint - # # - vim ~/.ssh/config - # # - thunar - # # - sftp://cvandemberg@uServerVBox - # # - terminal - # # - ssh uServerVBox - # # - sftp uServerVBox - # # - Password: cvandemberg - # Host uServerHome # Bridge host Hostname www.isdevelopment.us User cvandemberg # IdentityFile /home/cvandemberg/.ssh/uServerHome_e25519 Port 22 Host uServerVBox # Target host Hostname 192.168.1.50 User cvandemberg # IdentityFile /home/cvandemberg/.ssh/uServerVBox_e25519 Port 22 ProxyCommand ssh -W %h:%p uServerHome :D # - - # # - Sample 3 (Working) - # # - Client (your computer) - # # - is_derayo@HPDesktopMint - # # - vim ~/.ssh/config - # # - thunar - # # - sftp://temp@uServerVBox - # # - terminal - # # - ssh uServerVBox - # # - sftp uServerVBox - # # - Password: temp - # Host uServerVBox HostName 192.168.1.101 ProxyJump temp@www.isdevelopment.us:22 User temp :E # - - # # - Sample 4 - # # - From terminal - # ssh -J temp@www.isdevelopment.us temp@192.168.1.101; ssh -J temp@www.isdevelopment.us cvandemberg@192.168.1.50; :F # - - # # - Sample 5 - # Host webserver Hostname www42.cyberciti.biz ProxyCommand ssh jumphost.nixcraft.com -W %h:%p Host mysftpserver HostName sftpserver.cyberciti.biz HostKeyAlias sftpserver.cyberciti.biz ProxyCommand ssh jumphost.nixcraft.com -W %h:%p :G # - - # # - Sample 6 - # # - Client (your computer) - # # - is_derayo@HPDesktopMint - # # - vim ~/.ssh/config - # # - thunar - # # - sftp://temp@nixcraftserver3/ - # # - terminal - # # - ssh nixcraftserver3 - # # - sftp uServerVBox - # # - Password: xxx - # Host nixcraftserver1 Hostname hello.vpn.cyberciti.biz User vivek IdentityFile /home/vivek/.ssh/nixcraftserver1_e25519 Port 22 Host nixcraftserver2 Hostname 192.168.2.25 User vivek IdentityFile /home/vivek/.ssh/nixcraftserver2_e25519 Port 22 ProxyCommand ssh -W %h:%p nixcraftserver1 Host nixcraftserver3 Hostname 10.8.0.5 User fred IdentityFile /home/vivek/.ssh/nixcraftserver3_e25519 Port 22 ProxyCommand ssh -W %h:%p nixcraftserver2 :H # - - # # - Sample 7 - # # - Client (your computer) - # # - is_derayo@HPDesktopMint - # # - vim ~/.ssh/config - # # - thunar - # # - sftp://temp@nixcraftserver3/ - # # - terminal - # # - ssh -v server1 - # # - sftp server1 - # # - Password: xxx - # Host server1 HostName v.server1 User root Port 22 ProxyCommand ssh root@v.backup2 nc %h %p %r :I # - - # # - Sample 8 - # ### default for all ## Host * ForwardAgent no ForwardX11 no ForwardX11Trusted yes User nixcraft Port 22 Protocol 2 ServerAliveInterval 60 ServerAliveCountMax 30 ## override as per host ## Host server1 HostName server1.cyberciti.biz User nixcraft Port 4242 IdentityFile /nfs/shared/users/nixcraft/keys/server1/id_rsa ## Home nas server ## Host nas01 HostName 192.168.1.100 User root IdentityFile ~/.ssh/nas01.key ## Login AWS Cloud ## Host aws.apache HostName 1.2.3.4 User wwwdata IdentityFile ~/.ssh/aws.apache.key ## Login to internal lan server at 192.168.0.251 via our public uk office ssh based gateway using ## ## $ ssh uk.gw.lan ## Host uk.gw.lan uk.lan HostName 192.168.0.251 User nixcraft ProxyCommand ssh nixcraft@gateway.uk.cyberciti.biz nc %h %p 2> /dev/null ## Our Us Proxy Server ## ## Forward all local port 3128 traffic to port 3128 on the remote vps1.cyberciti.biz server ## ## $ ssh -f -N proxyus ## Host proxyus HostName vps1.cyberciti.biz User breakfree IdentityFile ~/.ssh/vps1.cyberciti.biz.key LocalForward 3128 127.0.0.1:3128 :X # - - # # - Sample 9 - # # - - # # - The sftp syntax - # # - Terminal - # sftp -o 'ProxyCommand=ssh %h nc firewall.nixcraft.net.in 22' \ -o 'HostKeyAlias=firewall.nixcraft.net.in' \ vivek@server1.nixcraft.net.in :Y # - - # # - sftp on uServerVBox with thunar - # sftp://temp@uServerVBox :Y # - - # # - Edit uServerVBox fstab file - # # - Mount Data & cVandembergData folder as well - # # - - # # /etc/fstab: static file system information. # # Use 'blkid' to print the universally unique identifier for a # device; this may be used with UUID= as a more robust way to name devices # that works even if disks are added and removed. See fstab(5). # # # / was on /dev/sda2 during curtin installation /dev/disk/by-uuid/0291f894-482e-476f-be39-c847950012e2 / ext4 defaults 0 0 /swap.img none swap sw 0 0 # - - # # - /home/Data /dev/sdb1 after installation - # # - - # UUID=069d2752-2bb2-4fd4-a212-9d6b64f5d0b6 /home/Data ext4 defaults 0 2 # - - # # - Mount cVandembergData - # # - uServerVBox - # /home/Data/cVandembergData /home/sftpserver/cvandemberg/cVandembergData auto defaults,nofail,nobootwait,bind 0 2