Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: SFTP on FreeNAS install

  1. #1

    Unhappy SFTP on FreeNAS install

    Trying to use FreeNAS as the server, there are settings / checkboxes that claim SFTP works on this OS but I am really starting to not believe it. The docs say (if memory serves me) that I just need to enable SSH and FTP and they almost automagically just work with each other. Well I've tried that, and that's crap.

    Under Services > FTP:
    Local Users Only is checked
    Default Root (chroot() ) is enabled to keep clients from wandering
    TLS/SSL is unchecked

    Under Services > SSH:
    Permit Root Login is disabled
    Password Auth is enabled
    TCP Forwarding is checked (states that this enables SSH tunneling)
    Compression is disabled
    I have generated a private key and it's in place in the gui here.

    The object is to be able to receive sensitive files via SFTP over the internet, the domain is leased / owned whatever you want to call it so ftp.mydomain.com will be forwarded to a static IP, then that static IP will have port forwarding to the physical server.
    Right now the SFTP client WinSCP was erroring out with an error about no SFTP service running or this is not an SFTP server... something to that effect.

    I've generated a private key with openssl which seems to work for the server, but when you try to use it with WinSCP - the client wants a .ppk version not a PEM file.

    I can't seem to find a good tutorial anywhere from beginning to end. Right now I'm just trying to test functionality on a class C 24 bit network. Can anyone provide some helpful advice or maybe recommend a better solution? I like FreeNAS because if I were to present this solution to a company, the web GUI interface would make it very easy for them to add / remove users as they get more clients.
    Analog = Classical
    Digital = Techno

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    SFTP has nothing to do with FTP. SFTP is a function of openssh.

    Since it's just FreeBSD with a couple of extra scripts, edit /etc/ssh/sshd_config. Look for Subsystem somewhere at the bottom.
    Code:
    # override default of no subsystems
    Subsystem       sftp    /usr/libexec/sftp-server
    This enables SFTP.

    Use PuTTYgen to generate a key for WinSCP. Load that key in Pageant and both PuTTY and WinSCP will use it.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    So if SFTP is SSH... should I have SFTP running on port 21? or port 22?

    Thanks for the help!
    Analog = Classical
    Digital = Techno

  4. #4
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    It's a function of SSH, so it runs on the same port.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  5. #5
    Thanks sir dice, so... if I were setting this up for users with less technical knowledge ya think it would be a good idea to move the ssh port to 21 instead of leaving it at 22?
    Analog = Classical
    Digital = Techno

  6. #6
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    No, that would only confuse things. SFTP has nothing to do with FTP.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  7. #7
    So if you set an FTP client to use SFTP it will look for port 22 by default?
    Any suggestions for SFTP clients?
    Analog = Classical
    Digital = Techno

  8. #8
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Quote Originally Posted by blakdeth77 View Post
    So if you set an FTP client to use SFTP it will look for port 22 by default?
    That depends on the client. Some call FTP over SSL also SFTP. But that works completely different.

    Any suggestions for SFTP clients?
    Yes, WinSCP. Works really nice in combination with PuTTY.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  9. #9
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,187
    If you have this server open to the outside, I would highly recommend using key-based authentication. [actually even if it isn't open to the outside, I would recommend that.] As long as you have SSH set up properly, SFTP should work. SirDice hit it on the head. It has nothing to do with standard FTP. It allows you to transfer files utilizing SSH's encryption. Everything will go over port 22.
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  10. #10
    Quote Originally Posted by westin View Post
    If you have this server open to the outside, I would highly recommend using key-based authentication. [actually even if it isn't open to the outside, I would recommend that.] As long as you have SSH set up properly, SFTP should work. SirDice hit it on the head. It has nothing to do with standard FTP. It allows you to transfer files utilizing SSH's encryption. Everything will go over port 22.
    Yeah, the key thing is becoming another whole headache for me. I tried using openssl or something like that on a fedora box I have. So far if the FreeNAS box likes the key, the WinSCP program does not (even after using the putty program to change the key to a ppk(?) file)... I guess I need to search for a tutorial or something to get the key stuff straightened out.
    Analog = Classical
    Digital = Techno

Similar Threads

  1. Turning a Sharp Zaurus into a penetration tool
    By Irongeek in forum The Security Tutorials Forum
    Replies: 8
    Last Post: September 19th, 2008, 04:14 PM
  2. Slack BSD
    By gore in forum Operating Systems
    Replies: 2
    Last Post: February 25th, 2005, 08:12 AM
  3. Replies: 6
    Last Post: October 5th, 2004, 08:26 AM
  4. NetBSD install
    By jr05linux in forum Other Tutorials Forum
    Replies: 1
    Last Post: July 28th, 2004, 12:07 PM
  5. Tcp/ip
    By gore in forum Newbie Security Questions
    Replies: 11
    Last Post: December 29th, 2003, 08:01 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •