Create New SFTP Users...How?

17 posts / 0 new
Last post
#1 Tue, 01/15/2013 - 22:39
katir

Create New SFTP Users...How?

We don't allow simple FTP on our server because log ins are sent in clear text. But the VirtualMin --> My Domain --> Edit Users only allows for adding an "FTP" user... and there is no way to add a second "FTP and SSH" user to the site with his or her own unique password.

I sometimes need to give some expert access, I can certainly trust the person, and would turn off his access when his work is done. Changing the main admin SSH password and giving that to him that is a royal pain, as the rest of our team that has that password embedded in the keychain (or where ever) has to fix all the SFTP book marks... so it is better if I can give a unique discreet FTP + SSH user name and password to a new user, let him work, the revoke his privileges when he is done.

Is there a solution for this?

Tue, 01/15/2013 - 22:44
tpnsolutions
tpnsolutions's picture

Hi,

By default adding an FTP user, is the same thing as adding an SFTP user. That is, FTP users are "unix" users, so all you need to do, in order to disable FTP access, is merely turn off "ProFTPD".

*** we disabled FTP access a few years ago after adopting SFTP/SCP as the means of accessing file transfer ***

-Peter

Best Regards,
Peter Knowles | TPN Solutions
Email: pknowles@tpnsolutions.com | Skype: tpnassist
Wed, 01/16/2013 - 20:49
katir

@Peter

We do have two "low level" sites with no certificates and I need to be able to FTP to those... so disabling ProFTPD may be a problem... but disabling FTP is not the issue... adding and SFTP enable user is the issue.

in the "Edit User" panel we have the option to "

"Add a user to this server" (on the let set of options/links) OR

" Add a website FTP access user."

it does not matter which option I use... in both cases

1) no new directory is created in /home (where the other linux users are...) 2) the user is added but only gets FTP access and not FTP and SSH.

I see these two users:

domainowner     domainowner     Development Site for Himalayan Academy Publications     Unlimited   27.63 GB    FTP and SSH     All
newuser     newuser.domainowner     HisReal Name    1024 kB     Unlimited   FTP only    No

and the server will not accept an SFTP connection from the newuser.

Perhaps I have to add that from the terminal as root?

But I don't know how to limit the user to a particular directory...

Wed, 01/16/2013 - 21:09
katir

I looked up adding and SFTP user in RedHat, but it's a bit of a black art requiring me to touch the sftpvd.conf file and create some chroot list etc. which are a bit above my pay grade ..

I'm a believer in "If you don't understand it, don't do it!"

So.. hoping we can manage this from inside the VirtualMin GUI.

Wed, 01/16/2013 - 22:21
andreychek

The "Add a website FTP access user" user wouldn't actually work for SSH... that sort of user is indeed FTP only. (as the shell is set to "/bin/false)".

However, if you use the "Add a user to this server" option, and you set the login permissions to Email, FTP, and SSH (which should be the default) -- that user will be given the "sh" or "bash" shell, and will then be able to login via SFTP and SSH.

-Eric

Wed, 01/16/2013 - 22:24
tpnsolutions
tpnsolutions's picture

Hi,

What shell is the newuser being assigned?

I think we may be talking two different things here. SFTP, is "file transfer over SSH"...

When a linux user is created, they are generally by default granted SSH/SFTP access, unless specifically setup differently.

*** SFTP operates over port 22, and you need a client program which is setup to connect over SFTP. Thankfully most FTP clients have been equipped with SFTP capability for a number of years. The client we recommend is FileZIlla as it's cross platform compatible (Mac, PC, Linux) ***

Best Regards,
Peter Knowles
TPN Solutions

E: pknowles@tpnsolutions.com
P: 604-782-9342
W: http://www.tpnsolutions.com
Best Regards,
Peter Knowles | TPN Solutions
Email: pknowles@tpnsolutions.com | Skype: tpnassist
Wed, 01/16/2013 - 22:31
katir

"Add a user to this server" does not offer the option for

Email, FTP, and SSH

only

Email and FTP

And to spice things up: when I added the user to the server and set the directory for him to "automatic"

VirtualMin moved the entire content of public_html folder into

/home/devdomain/homes/newuser/[all public_html content here! Yikes, site off line!]

Virtual min in effect did this (my guess)

mkdir /home/devdomain/homes/newuser mv /home/devdomain/public_html/* home/devdomain/homes/newuser/* rm public_html

wow!

I suddenly got calls from my team "our site just disappeared!" hehe.. fortunately it is a devserver and I retraced all my actions history in root showed no mv or rm activity so i looked into /devdomain/ found the content, moved it back out and rename "newuser" to "public_html" and the site was up again whew!

So, there is some serious bug there..

and back to the point: no option to grant "new user" any ftp-over-ssh privileges.

Wed, 01/16/2013 - 22:40
katir

@Peter, yes, I think we are all on the same page. The problem is that VirtualMin's "Add user to this server" is not working as advertised...and in fact is just added a FTP user we are not getting a new linux user with the default SSH/SFTP access.

Can i add screen shots here? OK I added an attachment image of the options available for permission after clicking "Add user to this server"

Thu, 01/17/2013 - 00:00
tpnsolutions
tpnsolutions's picture

Hi,

Very odd, when we click on Add a user to this server. we're presented with Email only, Email and FTP, or Email and SCP, while if we click on Add a website FTP access user. we're presented with FTP only, or SCP only as outlined in my two attachments.

Are you sure the proper shells are available, and/or that they are properly configured under Virtualmin > System Customization > Custom Shells. We use the default setup when installing Virtualmin. Also which version are you running?

Best Regards,
Peter Knowles
TPN Solutions

E: pknowles@tpnsolutions.com
P: 604-782-9342
W: http://www.tpnsolutions.com
Best Regards,
Peter Knowles | TPN Solutions
Email: pknowles@tpnsolutions.com | Skype: tpnassist
Thu, 01/17/2013 - 12:05
katir

@Peter: Well my assumption (perhaps wrong) would be that if the main domain owner/name, which is by default the name of the home folder with all the domain content... in this case "devhap" .... if that user has FTP and SSH access... on assumes the proper shells are available. But I will look at the Custom Shells options. But would rather here back first from VirtualMin team on why I don't see what you see.

Thu, 01/17/2013 - 13:10 (Reply to #10)
tpnsolutions
tpnsolutions's picture

Hi,

Could you take a snapshot of your Custom Shells page and post here?

This may shed light on what could be causing the problem, which would help both the Virtualmin team, and me to help diagnose the problem.

*** I've been an active part of the Virtualmin community (forums) since 2009, have been using the product since it was first developed, and prior to that Webmin for nearly 10 years. Eric, Jamie, and Joe (the Virtualmin team) can clarify that I'm pretty well versed with the programs, as are a number of other community members. ***

Best Regards,
Peter Knowles
TPN Solutions

E: pknowles@tpnsolutions.com
P: 604-782-9342
W: http://www.tpnsolutions.com
Best Regards,
Peter Knowles | TPN Solutions
Email: pknowles@tpnsolutions.com | Skype: tpnassist
Thu, 01/17/2013 - 19:19
katir

Peter: Custom Shells screen shot attached. They are set as per VirtualMin Defaults. I'm not familiar enough with these to know what to turn on to allow additional users "FTP and SSH"

Thu, 01/17/2013 - 19:26
katir

and, as requested: the version: VirtualMin 3.97 (CentOS Linux 6.3)

Thu, 01/17/2013 - 20:19
tpnsolutions
tpnsolutions's picture

Hi,

Try this, switch to Custom shells below .. then place a check mark in the first column to Enable row 7 with the Path to shell reading /usr/bin/scponly.

This will enable SCP (SFTP) access to users you delegate that permission.

Test it out, and if it gives you the desired results, then you're in business, if not you can always revert back the defaults.

*** In my Virtualmin installation, the shell mentioned above is setup by default. I think each linux distribution may be different though ***

Best Regards,
Peter Knowles
TPN Solutions

E: pknowles@tpnsolutions.com
P: 604-782-9342
W: http://www.tpnsolutions.com
Best Regards,
Peter Knowles | TPN Solutions
Email: pknowles@tpnsolutions.com | Skype: tpnassist
Thu, 01/17/2013 - 20:31
katir

OK, done... but it does not appear as a permission option in the virtual server "Edit Users" permissions for a new user. Do I need to stop and start VirtualMin to pick up the new setting?

Thu, 01/17/2013 - 20:49
tpnsolutions
tpnsolutions's picture

Hi,

Try clicking on Add a website FTP access user and see if the permission shows up.

If not, I'd be happy to take a peak over a brief screen sharing session to help diagnose what's going on.

I'm available on Skype with the username tpnsupport

Best Regards,
Peter Knowles
TPN Solutions

E: pknowles@tpnsolutions.com
P: 604-782-9342
W: http://www.tpnsolutions.com
Best Regards,
Peter Knowles | TPN Solutions
Email: pknowles@tpnsolutions.com | Skype: tpnassist
Thu, 01/17/2013 - 20:58
katir

I stopped and restarted webmin after checking the custom shell you suggest, but still that permission does not appear as available.

I'll wait for the VirtualMin Team to chime in first... I have to get some real work done here! Thanks for the offer though.

Topic locked