DevHeads.net

FTP/sFTP problem

As of the upgrade to 16.04 LTS I have been unable to use FTP or
sFTP to put files on the server. FileZilla works without error
but trying sFTP manually always get the error 550 Permission
denied no matter what directory I chose or what the permissions
are of the directory tree.

I am suspecting it is a error in configuration that does not
allow uploads.

I checked GOOGLE, but found nothing helpful except a suggestion
to look at ftp.conf or vsftp.conf, neither of which I could find
in /etc.

suggestions ?

-bill

Comments

Re: FTP/sFTP problem

By Karl Auer at 09/09/2018 - 07:41

On Sun, 2018-09-09 at 08:02 -0400, william drescher wrote:
You have not said whether the server or your client system was upgraded
to 16.04LTS. Since changing the client is very unikely to have the
effect you describe, I'm assuming you upgraded the server.

SFTP is usually done by turning on the SFTP server functionality in the
sshd daemon (the ssh server).

Look in /etc/ssh/sshd_config towards the end and make sure that this
line is uncommented:
 
   Subsystem sftp /usr/lib/openssh/sftp-server

Then restart the sshd daemon:

   sudo systemctl restart ssh

I'd be surprised if it were commented out - I think it comes enabled by
default. Anyway, first thing to check, maybe a good place to start.

By the way, this is secure enough for a trusted, small group of sftp
users. If you are running a larger server or have randoms connecting,
you might want to turn on a few more features like chroot and sftp-
only. That's an altogether bigger question though :-)

Regards, K.

Re: FTP/sFTP problem

By bill at 09/11/2018 - 05:45

On 9/9/2018 8:41 AM, Karl Auer wrote:
Subsystem sftp /usr/lib/openssh/sftp-server is uncommented.
Yes, it was the server that was upgraded. The client is HTML-Kit
tools (a terrific development editor) running under Wini10.
And, yes the group of users is very small - just me and I mostly
trust myself.

what do you suggest for the next step ?
-bill

Re: FTP/sFTP problem

By Karl Auer at 09/11/2018 - 06:43

On Tue, 2018-09-11 at 06:45 -0400, william drescher wrote:
First, describe exactly what happens when you try. Immediate failure?
Error messages? Long pause? Absolutely nothing?

"Unable to use" is about as useful as going to the doctor and saying
"it hurts" :-)
 
- can you connect via ssh using the same username/key as you are using
with sftp?

- try using the command-line sftp client instead

- turn on debugging: "sftp -vvv user@hostname"

- look in /var/log/sshd on the server for any clues

That's a start :-)

HOWEVER: My cursory look at HTML-Ket suggests that it does not actually
support SFTP. And the sshd server definitely does not support FTP. I
would suggest getting absolutely categorical proof that HTML-Kit does
in fact support SFTP before wasting too much more time.

If you need to use FTP (which I very strongly do not recommend outside
your local network), you will need different server software such as
vsftpd.

It's apparently possible (though I have never done it because FTP bah
pfooey) to run passive FTP over an ssh tunnel configured to act as a
SOCKS5 proxy, but I leave that as an exercise for the reader. A VPN
would probably be simpler.

Another alternative is to have a local mirror of your work, and drop it
over to your server via rsync. So if you have e.g. a directory
/var/www/html on your server that you need to update, have a directory
~/html locally and work with that instead. Whenever you want to update
the server, run "rsync -a ~/html/ me@server:/var/www/html"

That works with any directory of course, as long as you have write
access on the server. But you mentioned HTML, so my example assumes a
webserver.

Not sure how multiple users are working with your server; they could
each have a different directory f course.

Anyway, that's all I can think of for now :-)

Regards, K.

Re: FTP/sFTP problem

By bill at 09/12/2018 - 06:30

On 9/11/2018 7:43 AM, Karl Auer wrote:
Turns out you were right. HTML-kit does not use sFTP.
I found the problem in vsftpd.conf.
Apparently the default for 16.04 LTS is to comment out
write_enable = YES

so obvious. I got started down the wrong path early in the
problem solving.

BTW: this is being used only on a local network with non-routable
IP addresses.

-bill