SFTP & Osx & user?

Hi Guys,

I'm very new to Mac's, but I've been a computer engineer coming up to ten years now.

Ive had a frustrating problem today with trying to get an SFTP server running on my new (as of yesterday) mac. In the end, I resorted to running one on a windows VM and using that.

However, I know that OSX supports it natively and I'd like to make use of that, but I just can't get it working.

I'm following this guide:

Restricted SFTP in Mac OS X Leopard | MacResearch

And I'm pretty sure I've done all the steps correctly. However, when I sftp username@localhost it asks me for the password and then immediately disconnects me; But only if I use the correct password. If I use the wrong one, it simply asks me for it again.

Indeed it also immediately disconnects if i use ssh username@localhost

sftp username@localhost -vv pretty much shows a successful authentication and then just says the remote computer closed the connection.

I've a feeling this is because I haven't enabled a remote login right for the user account I'm trying to access (I think this because I can log in SSH/SFTP just fine with the account I initially set the computer up with)

However, I've no idea at all how to enable a particular user account remote access rights, and I worry about just blindly following tutorials on the web because I know that you can royally screw things up "sudo'ing" commands left right and centre without actually understanding what your doing (Which I don't)

If anyone at all can please give me some pointers that would be amazing, Bear with me because I'm learning but I'm trying my best!

I can provide any logs and output of commands upon request.

Thanks

So - to help me understand better...
You are on one username and trying to connect to another username's account/shared files via sftp to localhost?
Can you sftp into the Mac from another computer?

Hi gsahli, Yes that is correct. I am on one username and trying to connect to another Username's account. The idea being that I can use a specific user on my Mac as a test server to back up files to from a particular server I work a lot with that will only back up to an SFTP server.

What I wish to do is lock down this users SFTP access so they can only access one directory (In this case /Volumes/Storage/CCM) and write files to it via SFTP. I want this directory to be the users root directory (so when Im configuring the SFTP server I just use the correct username and it automatically goes into this directory if I just use / as the target directory)

I have now actually got the SFTP/SSH working for the user - Earlier on I foolishly assumed that when I enabled remote access through settings under my account and selected "all users" it would allow remote access for all users. I have since done the same process but logged in under the CCM account and I can now SSH/SFTP into my mac using that account.

I have also tested the permissions are set as needed (According to my earlier Link)


Carls-MacBook-Air:/ carl$ cd //Volumes/Storage/
Carls-MacBook-Air:Storage carl$ ls
CCM
Carls-MacBook-Air:Storage carl$ cd CCM
-bash: cd: CCM: Permission denied
Carls-MacBook-Air:Storage carl$ su CCM
Password:
bash-3.2$ ls
CCM
bash-3.2$ cd CCM
bash-3.2$ ls
bash-3.2$

The directory is currently empty so this looks good. However when I SFTP in, my home directory doesn't seem to be set correctly. With the following, I'd expect to see nothing when I type ls (as I'd hope the user would automatically be dumped into the CCM directory and doesn't have permissions to get elsewhere?)


bash-3.2$ sftp ccm@localhost
Password:
Connected to localhost.
sftp> ls
Desktop Documents Downloads Library Movies Music Pictures
Public
sftp> ls /Volumes/Storage/
/Volumes/Storage/CCM
sftp> ls /Volumes/Storage/CCM
sftp>


Here is my relevant sshd_config:


# override default of no subsystems
#Subsystem sftp /usr/libexec/sftp-server
Subsystem sftp internal-sftp

# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server

Match User CCM
X11Forwarding no
AllowTcpForwarding no
ChrootDirectory /Volumes/Storage/CCM/


So sum up, now I just need help making this user default to the Volumes/Storage/CCM directory.

Is there any way to make it so this user doesn't appear as an option to login to when I switch on the mac?

Hmmm, I may have some other issue here. I noticed that I was doing:

sftp ccm@localhost

But my match user was against CCM

On the off chance that its probably case sensitive I have changed the match user to ccm and now I'm back to being successfully authenticated but kicked out as soon as I log in:


Password:
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 0
debug1: Authentication succeeded (keyboard-interactive).
Authenticated to localhost ([::1]:22).
debug2: fd 6 setting O_NONBLOCK
debug1: channel 0: new [client-session]
debug2: channel 0: send open
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
Connection to localhost closed by remote host.
Transferred: sent 1520, received 1832 bytes, in 0.0 seconds
Bytes per second: sent 62870.1, received 75775.0
debug1: Exit status -1
Connection closed


Heres some LS's in the off chance they help:


Carls-MacBook-Air:~ carl$ ls -l /Volumes
total 8
lrwxr-xr-x 1 root admin 1 23 Jul 17:53 Macintosh HD -> /
drwxr-xr-x+ 3 root admin 102 23 Jul 12:50 Storage
Carls-MacBook-Air:~ carl$ ls -l /Volumes/Storage/
total 0
drwx------+ 2 CCM admin 68 23 Jul 18:12 CCM
Carls-MacBook-Air:~ carl$ ls -l /Volumes/Storage/CCM
ls: CCM: Permission denied
Carls-MacBook-Air:~ carl$

First thought - you can't login without a home directory. Sounds like you're trying to.

I haven't set one, but it seems at the moment that I can login via SFTP and SSH just fine, just as long as I don't have the match user in my sshd_config.

As soon as I try to set the users home directory for SSH functions it fails...

Confirmed:

sshd_config (With a junk user under match user):

Match User 1234
X11Forwarding no
AllowTcpForwarding no
ChrootDirectory /Volumes/Storage/CCM

Carls-MacBook-Air:~ carl$ sftp ccm@localhost
Password:
Connected to localhost.
sftp> ls
Desktop Documents Downloads Library Movies Music Pictures
Public
sftp> exit


sshd_config 2 (with a proper match user to match the account I'm logging in as):

Match User ccm
X11Forwarding no
AllowTcpForwarding no
ChrootDirectory /Volumes/Storage/CCM

Carls-MacBook-Air:~ carl$ sftp ccm@localhost
Password:
Connection to localhost closed by remote host.
Connection closed