-
May 4th, 2011, 09:36 PM
#1
SFTP on FreeNAS install
Trying to use FreeNAS as the server, there are settings / checkboxes that claim SFTP works on this OS but I am really starting to not believe it. The docs say (if memory serves me) that I just need to enable SSH and FTP and they almost automagically just work with each other. Well I've tried that, and that's crap.
Under Services > FTP:
Local Users Only is checked
Default Root (chroot() ) is enabled to keep clients from wandering
TLS/SSL is unchecked
Under Services > SSH:
Permit Root Login is disabled
Password Auth is enabled
TCP Forwarding is checked (states that this enables SSH tunneling)
Compression is disabled
I have generated a private key and it's in place in the gui here.
The object is to be able to receive sensitive files via SFTP over the internet, the domain is leased / owned whatever you want to call it so ftp.mydomain.com will be forwarded to a static IP, then that static IP will have port forwarding to the physical server.
Right now the SFTP client WinSCP was erroring out with an error about no SFTP service running or this is not an SFTP server... something to that effect.
I've generated a private key with openssl which seems to work for the server, but when you try to use it with WinSCP - the client wants a .ppk version not a PEM file.
I can't seem to find a good tutorial anywhere from beginning to end. Right now I'm just trying to test functionality on a class C 24 bit network. Can anyone provide some helpful advice or maybe recommend a better solution? I like FreeNAS because if I were to present this solution to a company, the web GUI interface would make it very easy for them to add / remove users as they get more clients.
Analog = Classical
Digital = Techno
-
May 5th, 2011, 07:02 AM
#2
SFTP has nothing to do with FTP. SFTP is a function of openssh.
Since it's just FreeBSD with a couple of extra scripts, edit /etc/ssh/sshd_config. Look for Subsystem somewhere at the bottom.
Code:
# override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server
This enables SFTP.
Use PuTTYgen to generate a key for WinSCP. Load that key in Pageant and both PuTTY and WinSCP will use it.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
May 6th, 2011, 04:49 PM
#3
So if SFTP is SSH... should I have SFTP running on port 21? or port 22?
Thanks for the help!
Analog = Classical
Digital = Techno
-
May 9th, 2011, 07:27 AM
#4
It's a function of SSH, so it runs on the same port.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
May 9th, 2011, 11:26 PM
#5
Thanks sir dice, so... if I were setting this up for users with less technical knowledge ya think it would be a good idea to move the ssh port to 21 instead of leaving it at 22?
Analog = Classical
Digital = Techno
-
May 10th, 2011, 07:09 AM
#6
No, that would only confuse things. SFTP has nothing to do with FTP.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
May 11th, 2011, 04:02 PM
#7
So if you set an FTP client to use SFTP it will look for port 22 by default?
Any suggestions for SFTP clients?
Analog = Classical
Digital = Techno
-
May 12th, 2011, 04:37 PM
#8
Originally Posted by blakdeth77
So if you set an FTP client to use SFTP it will look for port 22 by default?
That depends on the client. Some call FTP over SSL also SFTP. But that works completely different.
Any suggestions for SFTP clients?
Yes, WinSCP. Works really nice in combination with PuTTY.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
May 12th, 2011, 05:07 PM
#9
If you have this server open to the outside, I would highly recommend using key-based authentication. [actually even if it isn't open to the outside, I would recommend that.] As long as you have SSH set up properly, SFTP should work. SirDice hit it on the head. It has nothing to do with standard FTP. It allows you to transfer files utilizing SSH's encryption. Everything will go over port 22.
\"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"
-HST
-
May 13th, 2011, 07:19 AM
#10
Originally Posted by westin
If you have this server open to the outside, I would highly recommend using key-based authentication. [actually even if it isn't open to the outside, I would recommend that.] As long as you have SSH set up properly, SFTP should work. SirDice hit it on the head. It has nothing to do with standard FTP. It allows you to transfer files utilizing SSH's encryption. Everything will go over port 22.
Yeah, the key thing is becoming another whole headache for me. I tried using openssl or something like that on a fedora box I have. So far if the FreeNAS box likes the key, the WinSCP program does not (even after using the putty program to change the key to a ppk(?) file)... I guess I need to search for a tutorial or something to get the key stuff straightened out.
Analog = Classical
Digital = Techno
Similar Threads
-
By Irongeek in forum The Security Tutorials Forum
Replies: 8
Last Post: September 19th, 2008, 04:14 PM
-
By gore in forum Operating Systems
Replies: 2
Last Post: February 25th, 2005, 08:12 AM
-
By gore in forum Other Tutorials Forum
Replies: 6
Last Post: October 5th, 2004, 08:26 AM
-
By jr05linux in forum Other Tutorials Forum
Replies: 1
Last Post: July 28th, 2004, 12:07 PM
-
By gore in forum Newbie Security Questions
Replies: 11
Last Post: December 29th, 2003, 08:01 AM
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|