Hi
I have tried to create an SCP user only within an users Virtual Server, but when I log on with this user using SFTP the home directory is / (root).
Isn’t it possible to change the home directory to match the specific VPS home directory as with the normal FTP user?
Have anyone tried to use SFTP and if so, what can I do to provide this extra layer of security to my users.
Thanks in advance.
Howdy,
Yup, it’s possible to have a user who can access the server via SSH, SCP, and SFTP.
In each case, when logging in as that user, it should default to logging you into that user’s home directory.
You may want to verify that the user’s homedir is set as expected, and that you aren’t seeing any errors in the logs.
If something occurred where that user doesn’t have permission to access their homedir, it could drop them to “/” instead.
-Eric
Hi Eric
The home directory was set to automatic and should be /home/[virtualservername]
But I get logged on to / (root) when logging in.
I then tried to do a manual change of the “subdirectory of servers home” to /home/[virtualservername] for the specific user, but then get an error.
So how do I validate the home directory, it works fine with the normal FTP user for that specific virtualserver?
Thanks in advance.
Howdy,
Hmm, what kind of user is this? Is this a Virtual Server owner, and website access user, or a standard user (ie, what process did you use to create this user)?
Also, do you have the same problem if you try logging into SSH/SFTP as another user?
-Eric
Hi Eric
I just tried to add two extra accounts and those seems to work as intended?
There must be something wrong with the first account I created, which has full access to / (root).
The other two accounts only have access to /home/[virtualservername]/homes/[username]
The funny thing is that I have created test.[virtualservername] and test2.[virtualservername] (the first one gives the full root access) and when I tries to reset the password for the test account it tells me that there is already a folder called /home/[virtualservername]/homes/test
There may be a dead bug somewhere here.
I have given you SSH access to our server using the “enable remote login”.
Are you still behind the following IP’s
67.188.12.52
207.192.73.169
The virtualserver in question is eccodresscode
PS.
Its still not possible to attach images.
For me SFTP “just works” maybe you have some problem in your proftpd.conf with the default home…
If you are using it how I am, that is. I only have the sftp module for proftpd loaded, mo messing around with the sshd config.
For me SFTP “just works” maybe you have some problem in your proftpd.conf with the default home…
Or maybe you in fact used only ssh, and not the sftp module in proftpd, do not confuse those; that is how you ended up in /
I only have the sftp module for proftpd loaded, no messing around with the sshd config.
PS: forget about FTPS, SFTP is so much better: only one port so firewalls left intact and/or no stupid modules in iptables, everything secured so on. I was thinking “why the hell was I using FTP(S)”??? FTP and FTPS should have died 20 years ago… That’s not a protocol nowadays, that’s the weird thing that your colleagues specialized in networking are laughing at 
IMPORTANT! Joe, Jamie, andreychek you should seriously consider making SFTP the default file transfer technology in Virtualmin:
-FTP(S) requires a range of high ports opened - that implies you don’t have a firewall anymore; or to use something like ftp_conntrack in iptables, but if you have a different firewall in FRONT of the server, that doesn’t help you anymore; and if you are using FTPS, the firewall can’t really listen for FTP traffic to open ports (it is encrypted). Yeah, I know: CCC, but I rather not trust that all the firewalls I put in front of my server (just for fun) work with that; cause they don’t. So FTPS is difficult for most people to configure. And FTP sends everything in plain text. Never mind it was designed in '70s…
-webDAVS for me sucks big time as you have to let loose the rights on directories - but this is a no-no because that’s what keeps a web server working, not letting scripts influence other virtual servers/directories/files. It seems too me like a serious security issue, that’s how mass defaces are done. And I decided not to use it.
-so SFTP is the only thing we should use. Hope some more people agree with me, and you would consider this. Posted also in “Blue Skies”.
FTP is not secure, agreed with fakemoth, SFTP all the way.
Please +1 it here https://www.virtualmin.com/node/36457 so the nice people at Virtualmin can see that we really want this.
@jimdunn I beg to differ! SSH can be jailed too, but it is a lot of work to do it. You seem to confuse two things here:
-“FTP over SSH” - this shouldn’t be used; in fact you are logging in SSH, on the same port used by SSH, and yes there are difficulties to configure every user and group; in fact this function it is better to be disabled in SSH!
-SFTP “Secure File Transfer Protocol” as the SFTP module for Proftpd; the FTP server (Proftpd) can be configured (easily) to use SFTP, on a DIFFERENT port fom SSH; there are no problems here as it respects the way (FTP or FTPS) it was working, including user access and rights!
-sometimes people often confuse the previous two (not your case, but sometimes it happens) with FTPS “File Transfer Protocol over SSL” - this is just FTP encrypted.
Please read my previous post, here is the link again as https://www.virtualmin.com/node/36457
PS: oh my, I see you already posted… there too!
Hi FakeMoth
It seems that my question has started a live debate here.
@FakeMoth, so what should I do to give an user access to his / her virtual site using SFTP instead of normal FTP and / or SSH?
Looking forward to hear from you.
@-eclipse- Hi, you can follow this tutorial https://www.digitalocean.com/community/tutorials/how-to-configure-proftpd-to-use-sftp-instead-of-ftp ; I for myself replaced the key authentication with the password one, so I wasn’t changing too many things for my users:
SFTPAuthMethods password
I’m not opposed to configuring SFTP in ProFTPd, by default, in Virtualmin. It’s not something that’s been brought up much (I use ssh and scp, and never touch FTP, I would have booted FTP out of the system 10 years ago if I thought I wouldn’t be strung up by my toes by users that have FTP as part of their normal workflow).
I doubt we can convince everyone to use it, as users are real stubborn, but we can make it available by default.
I’ve added it to my todo list. It’ll probably be an install time or post-install wizard time, item. So, for folks who are already up and running, you probably want to go ahead and enable it manually (it’s really easy to enable it and use it).
@Joe - if you don’t mind - yes this should be done as it is fairly easy to set it up. But please (not trying to hyjack the thread just caught ya around here) can we do something about the File Manager first?
I am asking and posting and stuff (I am also tired by… myself really, I get you for years. Now you know it doesn’t work in Chromium (now way bigger than Firefox), because Google decided to drop Java, and all the Linux people can’t use it properly because it has issues with Ice Tea. And it might happen to flash also, so HTML5 is the answer here.
Are you at least working on something, can you tell us something about this?
Now that we have a beautiful theme (Ilia’s Authentic) will we get a working, nice File Manager (with an included very usefull text editor)?
It is necessary, but will also give us the opportunity to laugh our arses @cPanel 
Things you should really find a replacement in the panels:
-File Manager
-SSH login (the Java applet)
-didn’t touch it lately because it deleted a few times, by itself, my /etc directory, but I guess the old Java Graphical Console in Cloudmin is still there https://www.virtualmin.com/node/23097 ?