Tiny Core Base > Raspberry Pi
piCore 14.x sftp not working after update from 13.x?
Cheembus:
As for user permissions (ownership of root:root), to my best of knowledge the chroot directory is supposed to be root-owned, and any folder or file inside can be user-owned.
I'd rather not use user tc as sftp user, as it's a sudoer and I prefer low-permission users to be used for external connections, for security reasons.
Edit: I can confirm doing
--- Code: ---sftp tc@raspivpn
--- End code ---
actually drops me into my /home/tc/ home directory.
now, as to why www-data can't do the same, is whats confusing me.
patrikg:
Great, now success of knowing little more about what the problem maybe is.
You could also try to get the sshd running config. So you can see that it's corresponding to what you think of. Is it the same as you running before the picore update.
--- Code: ---sudo sshd -T
--- End code ---
And you should try to get rid of some lines of it, first so you could connect and get it working.
Don't take to many steps at time.
After it's working then you can hardening your system, with all things you think of, like not using passwords for authentication and so on.
Cheembus:
I made a temporary "home" directory for www-data located:
--- Code: ---drwxr-s--- 2 www-data staff 4.0K Apr 2 18:33 /home/www-data/
--- End code ---
and when I remove the line "ChrootDirectory /mnt/www" from the sshd_config, I then get dropped into this home directory (/etc/passwd has /home/www-data as the home directory for the user www-data)
weirdly enough, if I set the /mnt/www directory to have the exact same ownership and permissions, I still get kicked immediately. What exactly do I have wrong with the ChrootDirectory settings? do I need to specify something else in my sshd config? Maybe I actually have to specify this as my new home directory in the passwd file, for this new version of sftp?
--- Quote --- Is it the same as you running before the picore update.
--- End quote ---
It's about 99% the same, the only major difference I see is the "Subsystem sftp" section was changed to /usr/local/lib/openssh/sftp-server. I believe it was "internal-sftp" originally.
Rich:
Hi Cheembus
Welcome to the forum.
Just a few thoughts.
Run this and make sure the home directory listed exists and is accessible:
--- Code: ---cat /etc/passwd | grep www-data
--- End code ---
Add the syslog boot code to your Pi and reboot it. Check
/var/log/messages after a failed login to see if it provides
any more clues.
Check these links for a couple of other ideas:
https://serverfault.com/a/890751
https://serverfault.com/a/1001818
Cheembus:
--- Quote from: Rich on April 02, 2024, 04:03:11 PM ---Hi Cheembus
Welcome to the forum.
Just a few thoughts.
Run this and make sure the home directory listed exists and is accessible:
--- Code: ---cat /etc/passwd | grep www-data
--- End code ---
--- End quote ---
www-data:x:1003:1003:Linux User,,,:/home/www-data:/bin/false is the output of that command.
I'll try the syslog in a bit and report back in a few minutes.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version