Danny wrote: > I am trying to setup SFTP (ssh) with ProFTP. It looks to me like you might be confusing ssh sftp with proftpd sftp. I assume you are not using ftps.
http://www.proftpd.org/docs/contrib/mod_sftp.html > My /etc/proftpd/conf.d/sftpd.conf looks like this: > > <IfModule mod_sftp.c> > SFTPEngine on > Port 7003 > SFTPLog /var/log/proftpd/sftp.log > # Configure both the RSA and DSA host keys, using the same host key > # files that OpenSSH uses. > SFTPHostKey /etc/ssh/ssh_host_rsa_key > SFTPHostKey /etc/ssh/ssh_host_dsa_key > SFTPAuthMethods publickey > SFTPAuthorizedUserKeys file:/etc/proftpd/authorized_keys/%u > SFTPCompression delayed > </IfModule> Here you are using the ssh host keys for proftpd. I assume that is okay. > I added the following line in /etc/ssh/sshd_config: > > Subsystem sftp /usr/lib/openssh/sftp-server This flew a red flag for me. If you are using proftpd for sftp then why does the above line in ssh matter? Secondly you say you added that line to the file and yet that file already contains that line when installed. This leads me to think that maybe you are confusing ssh sftp with proftpd sftp? Maybe? > I generated a key for each user that will use SFTP located in their > /home/USER/.ssh/ directory Good. > As you can see, I have setup SFTP to listen on port 7003. Yes. What is your reasoning? It is okay whatever it is. I know very savvy people who like to have a non-standard port just to avoid the dictionary attacks causing endless noise in their log files. I on the other hand prefer to use fail2ban to watch over the logs and to ban abusive users. > My question is the following: The users that will connect to the ssh > server uses FileZilla and mostly from Windows based machines. I > copied the "id_rsa" key files (which was generated on Debian) to the > Windows user's "My Documents" folder on Windows. I also added the > (copied) "id_rsa" files to FileZilla. I don't generally use MS-Windows so don't know how things work there but it sounds strange to me to need to have the private key in two different places. I expect there to be one exactly correct location to have the private key. > However, I get an "Authentication Failed" followed by a "Critical > Error:Could not connect to server" from FileZilla. What a useless error message! :-( If it were me I would turn on sshd debug and then connect to the ssh sftp and see what the server side of the connection reported. For example like this. Then connect to it using port 2222 and watch the server side of the messages. Very useful for debugging. # /usr/sbin/sshd -d -p 2222 Since you are trying to set up proftpd instead I suggest looking in the /var/log/proftpd/sftp.log file and see what the server side errors were in the connection. > 1:Do I need to generate different keys on Windows or is it o.k to > use the copied ones from Debian? > 2:Do I have to name the copied or generated files the same as the user? > 3:Where do I put the key files on Windows? These would be good questions for an MS-Windows user mailing list that deals with FileZilla. > (I use puTTY to normally connect to my ssh servers, which works fine) But that would use putty+sshd not filezilla+proftpd, right? In which case it doesn't have any relationship to the problem you are trying to solve now. Bob
signature.asc
Description: Digital signature
