{{tag>Serveur SFTP}}

= Monter un serveur SFTP (SSH) avec ProFTPd

Voir :
http://linuxfr.org/news/se-passer-de-dropbox-en-montant-son-coffre-fort-numerique-a-la-maison

Voir aussi :
* https://www.linuxjournal.com/content/sftp-port-forwarding-enabling-suppressed-functionality
* [[Notes rclone]]

** Ne pas confondre FTPS avec SFTP ! **


<code bash>
apt-get install proftpd-basic
</code>

''/etc/proftpd/proftpd.conf''
<code apache>
#<Limit LOGIN>
#    Allow from 127.0.0.1 192.168.1.0/8
#    Allow from 78.233.103.193
#    DenyAll
#</Limit>

#######
##
## SFTP Config
SFTPEngine      On
Port <PORT>
SFTPHostKey /etc/ssh/ssh_host_rsa_key
SFTPHostKey /etc/ssh/ssh_host_dsa_key
SFTPClientMatch "WS_FTP" channelWindowSize 1GB
# enable for sftp debugging:
TraceLog /var/log/proftpd/sftp-trace.log
#Trace scp:20 sftp:20 ssh2:20
Trace scp:7 sftp:7 ssh2:7
## End SFTP Config
##
SFTPLog            /var/log/proftpd/sftp.log
TransferLog        /var/log/proftpd/sftp-xferlog

SFTPAuthMethods    publickey password
#SFTPAuthMethods    publickey
AuthUserFile       /etc/proftpd/sftp.passwd
#SFTPAuthorizedUserKeys file:/etc/proftpd/authorized_keys/%u
SFTPAuthorizedUserKeys file:/etc/proftpd/sftp.passwd.keys/%u

# SFTP specific configuration
#DefaultRoot        ~
DefaultRoot        /partage


# Enable compression
SFTPCompression delayed

######
</code>

''/etc/proftpd/sftp.passwd''
<code ->
<USER>:<$1$PASSWORD.>:1005:1008::/partage:/usr/bin/rssh
</code>

''/etc/rssh.conf''
<code ->
user=<USER>:007:000110:"/partage"
</code>


Déposez les clef SSH publiques (à convertir) /etc/proftpd/sftp.passwd.keys/
Now fill the file with the SSH public keys you want. You need to convert it in RFC4716 style before:

<code bash>
ssh-keygen -e -f id_rsa.pub > /etc/proftpd/sftp.passwd.keys/virtual2
</code>


<code bash>
mkdir /etc/proftpd/authorized_keys
ssh-keygen -e -f id_rsa.pub > /etc/proftpd/authorized_keys/jean
chmod 600 /etc/proftpd/authorized_keys
chmod 600 /etc/proftpd/authorized_keys/*
service proftpd restart
</code>



== Installation sur Debian ou Ubuntu

Avant toute chose vérifier que votre système d'exploitation soit à jour
<code bash>
sudo -s
apt-get update 
apt-get upgrade 
apt-get dist-upgrade

apt-get install proftpd-basic rssh

mkdir -p /partage/jean
mkdir -p /partage/public
addgroup sftp 
chgrp sftp /partage -R
chmod 750 /partage/*
chmod 1777 /partage/public
</code>

<code apache>
<Limit LOGIN>                                                        
    Allow from 78.234.113.74 127.0.0.1 192.168.2.0/8                
    DenyAll                                                          
</Limit>                                                             
</code>
  
<code ->
#######                                                                                                                         
  ## SFTP Config                                                       
  SFTPEngine      On                                                   
  Port 7010                                                            
  SFTPHostKey /etc/ssh/ssh_host_rsa_key                                
  SFTPHostKey /etc/ssh/ssh_host_dsa_key                                
  SFTPClientMatch "WS_FTP" channelWindowSize 1GB                       
  # enable for sftp debugging:                                         
  TraceLog /var/log/proftpd/sftp-trace.log                             
  #Trace scp:20 sftp:20 ssh2:20                                        
  Trace scp:7 sftp:7 ssh2:7                                            
                                                                
  SFTPLog            /var/log/proftpd/sftp.log                         
  TransferLog        /var/log/proftpd/sftp-xferlog                     
   
  SFTPAuthMethods    publickey password                                                        
  AuthUserFile       /etc/proftpd/sftp.passwd                             
  SFTPAuthorizedUserKeys file:/etc/proftpd/sftp.passwd.keys/%u         
  
  # SFTP specific configuration                                        
  DefaultRoot        ~                                                                                                        
 
  # Enable compression                                                 
  SFTPCompression delayed                                                                                                                           
  ######  
Commenter 

Changer :

Port
Umask                           007  007 
#TransferLog

</code>

<code ->
$ getent group sftp |cut -d':' -f3
1008
</code>

<code ->
$ mkpasswd --hash=md5 $PASS
$1$L0PQHYcl$fUkBeMISuAg.miC0qJONP.
</code>

<code bash>
cat >>/etc/proftpd/sftp.passwd <EOF
jean:$1$L0PQHYcl$fUkBeMISuAg.miC0qJONP.:1005:1008::/partage:/usr/bin/rssh
EOF
</code>


''/etc/rssh.conf''
<code ini>
logfacility = LOG_USER
umask = 066


# if your chroot_path contains spaces, it must be quoted... 
# In the following examples, the chroot_path is "/usr/local/my chroot" 
#user=rudy:011:000010:"/usr/local/my chroot"  # scp with chroot 
#user=rudy:011:000100:"/usr/local/my chroot"  # sftp with chroot 
#user=rudy:011:000110:"/usr/local/my chroot"  # both with chroot 
user=jean:007:000110:"/partage"  # both with chroot

chrootpath = "/partage"
</code>

''/etc/passwd''
<code ->
jean:x:1006:1007:,,,:/home/jean:/usr/sbin/nologin
</code>

Connexion sans mot de passe
<code bash>
ssh-keygen -e -f ~/.ssh/id_dsa.pub
</code>

<code ->
---- BEGIN SSH2 PUBLIC KEY ---- 
Comment: "1024-bit DSA, converted by jibe@bureau1 from OpenSSH" 
AAAAB3NzaC1kc3MAAACBAJA018SvcOTMOWCnPf+nF8QvPd31ei0spdxTgzualoieKkInx7 
glj+4zoxfUbweL4XmouUpzx0qDWE5EvFp+tNCJpKBrksq2tTPfkRqNl96gpXzY3SzWqslh 
ZQSyuSYaTK09r+IGGK1TRQCSzOXysCPpUGMxUDL3lhG8G7uHmFp3AAAAFQD7+zbnWBW49f 
chkTgTGUXn/ySKXQAAAIBzG//psWQ1KXHDbVNkJIyYfACH+fBiHKO4zhIYSYDbTU8sQBQ9 
bAnzDsUFAlLLmeEZOuux4zeGEPvjqGn+pCbpSRfY8FD3ItdGgipf0SiVpRL1b3uP1GrMpe 
IoQja1nnf7rsQBasWWsw2g3kvYz8OZnYCckVZDzbd0um+gRVRndQAAAIBfsJjGVF90lPWo 
sv1Mqsrn/itJGX67lHyWMLLVJ5/9SgmB4fY66OJXX8Ht7eH98kT5DXQEZ8Rms5WA4/u7SL 
Qbf/t1G096eMuA3WjrxBUOmQnVfGbAKVSQnt8MChikaxu4CChzjk08IfidTPoEdDfSqmZ2 
cE9X54zlPNJ8j+wqCA== 
---- END SSH2 PUBLIC KEY ---- 
</code>

Copier la clef publique sur le serveur SFTP :
* /etc/proftpd/sftp.passwd.keys/jean