I currently use AndFTP to download files remotely using the ftp or sftp protocol. For local file access, I use something like ASTRO File Manager or Linda File Manager. I recently discovered EStrong File Explorer, a file manager that lets me access both local and remote files. You can access or stream remote files directly without downloading it first. That is, you can select an mp3 file and play it with your favorite music app directly. It is like the remote server is mounted on the device like in Linux which makes file access feel seamless. Too bad streaming movie files like XviD is a little laggy with MX Video Player or Rockplayer Lite even when the server is on the local network.
I have an FTP server running on my web server to easily update plugins via the web admin page since the default WordPress install only allows updates to be made via FTP and FTPS. FTP is an old protocol that is insecure. To update via sftp (ssh), install
libssh2-php in Ubuntu and restart apache (credit here).
I recently needed to set up an ftp server (or sftp server) that allows the user to transfer files. I had some restrictions:
- The account cannot have
sshaccess since I don’t want an unauthorized person to run jobs on the server.
- The account needs to be restricted to a single directory. I don’t want the account to have access to all files on the server.
I first followed this guide to get proftpd up with an account. However, I kept getting errors trying to log in using Nautilus or Filezilla. The error came from
PASV mode, which I think stems from a firewall/NAT issue. I next tried this to use vsftpd. Still no go (same error).
I decided to use sftp since I know for sure ssh works and that it’s more secure. Now that I think about it, none of my server has an ftp server running since sftp is more secure and Nautilus and Filezilla supports the sftp protocol.
From this post, I re-discovered rssh and the native support from recent versions of openssh. The “match user” method for openssh and the rssh method did not work for me. I finally stumbled on this post that made things work.
sudo apt-get install openssh ## this is already installed for me ## modify /etc/ssh/sshd_config # Use the following line to *replace* any existing 'Subsystem' line Subsystem sftp internal-sftp # These lines must appear at the *end* of sshd_config Match Group sftponly ChrootDirectory %h ForceCommand internal-sftp AllowTcpForwarding no ## in shell sudo groupadd sftponly sudo useradd newuser sudo passwd newuser ## set password sudo usermod -g sftponly -s /bin/false -d /home/newuser newuser sudo chown root:root /home/newuser cd /home/newuser sudo mkdir upload ## upload files in here sudo chown newuser:newuser upload sudo /etc/init.d/ssh restart
Now, ssh with the
newuser should not work, and sftp (via command line, nautilus, or filezilla) should only access one location.
/home/newuser is own by root, so
newuser can’t do much in there. Create a directory
upload, and make
newuser the owner.