I intend to embed an SFTP server into a web page on an HTTPS site. The HTTPS site acts as an ordering portal (essentially I have just set it up as a private eCommerce site.)
I currently use a SolarWinds SFTP server with the desktop client to access files on each end. Is it possible to have a page on the website an access point to the SFTP server where individuals can login, upload and download files? Additionally how would I go about completing this?
The files to be transferred are considered protected, therefore SFTP is the only non-paper method of transfer accepted by the recipient.
I’m looking for an unusual solution that uses SFTP server for data transfer but said SFTP server also should act an encryption proxy i.e. all the data it stores on the server side should be encrypted. Although I could use host (OS-wide) encryption it is not gonna be effective during runtime if the hoster I use decided to peek at it or will be forced by 3rd party or crappy government.
I did some googling but the only thing I found was: https://github.com/libfuse/sshfs Problem is I dont want no custom clients, I want to hide ANY implementation from the client, it should be just your basic SFTP you can use anywhere, even on your microwave, let alone phone or notebook.
This variant: https://serverfault.com/questions/887167/sftp-with-data-encryption-at-rest seems useable but again, at runtime it only protects against other normal users (which I dont have).
Client wants to send them files using SFTP and they just shared the username and their public key.
My understanding is that they will either need to share the username and password OR a username and a private key – is that right?
Basically, I don’t understand ‘who does what’ in an auto-update, and why
wp-config.php requires a private key on the server (as
FTP_PRIKEY) – could somebody please fill in the details for me?
Background – I’m implementing auto-update on an old bare-metal site. I’ve set up sftp on the server, and I’ve tested it from a (Linux) client, and it works. On the client, I generated a public/private key pair, in the usual place (~/.ssh). I then copied the client’s public key to the server. Everything now works when I run the
sftp program on the client – I can ‘log in’ to the server, I can see the WordPress files and directories on the server, and so on. Note, of course, that the server only needed the client’s public key.
Now I’ve reached the next step, which is to enable sftp on WordPress. To do this, I need to set the ftp-related keys in
wp-config.php. Here’s the problem: these keys (
FTP_PRIKEY/FTP_PUBKEY) appear to be a server public/private pair, while I expected that WordPress would only need to know my client’s public key. Why does the server need a key pair, and what does it do with them? Does it actually initiate sftp transactions to another client somewhere? It’s obviously not my client, since my client is not running an sftp/ssh server. So where do I copy the server’s public key to?
I have created a user with nologin permission but when in sshd_config file i add Match group with new created group i.e sftp and restart the sshd_service it shows me error of “Match group” clause .I am using RHEL 5.7 and no luck in finding any relavant answer.PFB sshd configuration.
This is the sshd server system-wide configuration file. See
sshd_config(5) for more information.
This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
The strategy used for options in the default sshd_config shipped with
OpenSSH is to specify options with their default value where
possible, but leave them commented. Uncommented options change a
HostKey for protocol version 1
HostKeys for protocol version 2
Lifetime and size of ephemeral version 1 server key
obsoletes QuietMode and FascistLogging
For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
similar for protocol version 2
Change to yes if you don’t trust ~/.ssh/known_hosts for
RhostsRSAAuthentication and HostbasedAuthentication
Don’t read the user’s ~/.rhosts and ~/.shosts files
To disable tunneled clear text passwords, change to no here!
Change to no to disable s/key passwords
Set this to ‘yes’ to enable PAM authentication, account processing,
and session processing. If this is enabled, PAM authentication will
be allowed through the ChallengeResponseAuthentication mechanism.
Depending on your PAM configuration, this may bypass the setting of
PasswordAuthentication, PermitEmptyPasswords, and
“PermitRootLogin without-password”. If you just want the PAM account and
session checks to run without PAM authentication, then enable this but set
Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL
no default banner path
override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server
Subsystem sftp internal-sftp
Match group sftp
Apparently every once in a while I get this weird “Communication with the local password server failed” error when trying to access SFTP via dolphin, while Terminal access still works.
While a reboot can temporarily fix that is there a way to fix it permanently or without reboot, like restarting that “Password Server” thing?
I work for a municipal government, using mostly Windows servers. In recent days several similar governments in our geographic area have been attacked, some successfully, by ransomware. So our security folks are alarmed, and have decreed (among other things) no more using SMB file-sharing to upload files from the “internal” network to the DMZ. I have a PowerShell script that does just that, to migrate databases; plus we have many other cases to use file shares such as uploading web sites.
They are saying we need to convert to using SSH or SFTP to transfer files. OK, this would be possible, but it would need setup work on every DMZ server, and changing all our current processes, and for what? (We don’t have enough people to do that plus everything else, although we’ve tried to get more warm bodies budgeted.) Anyway I don’t see how that’s more secure. If DMZ server D is listening on a share, and the firewall prevents access from anywhere but authorized internal workstations or servers A, B, and C, then how can that be any more a security risk (specifically, the risk of malware on server D going back the other way and compromising A, B, or C) than server D listening on an SFTP port or an SSH port, with the same firewall restrictions?
If the issue is something like “the file share is open all the time, but SSH isn’t,” then that would be somewhat understandable, and we might deal with that by mapping and unmapping to the shares when needed. But I don’t think this is their reasoning; I think it’s something else. Actually I get the impression it’s kind of a vague “feeling” on their part, that file shares are inherently and materially less secure, in the “backward” direction, even if firewall-protected as described above. If this is actually so, then why? I just don’t see it. Actually I don’t see why any of those protocols would pose a risk in the “backward” direction.
I have to create an User in both FTP and SFTP servers. I have created an user in FTP and when I am trying to create a user in SFTp it says users already exists.
I have mounted an SFTP share using Dolphin, which all works perfectly. However, I would also like to browse these files from the command line.
Pressing F4 in Dolphin to bring up a terminal window just gives me my home directory, and not the remote one. I cannot see the remote mount when running
Is there a way to
cd to the SFTP after mounting it in Dolphin, like I could if I had mounted it with
When searching for SFTP in PowerShell I find Posh-SSH and WinSCP (see https://stackoverflow.com/questions/38732025/upload-file-to-sftp-using-powershell). Surely working solutions. But when I started looking for SFTP in PowerShell I expected to find a PSDrive. Is the concept of PSDrives not fitting or what might be the reason there is no SFPT-PSDrive? There must be a reason why WinSCP and Posh-SSH took an other approach.