Proper setup of user permissions for OpenSSH on Windows?

permissions sftp ssh windows-server-2000 cygwin
26,619

Solution 1

How bad do you want SFTP? Cygwin is somewhat hacky, and OpenSSH for Windows is way, way outdated. My approach has been to use WebDAV which solves most of the problems you have:

  • Read and write files
  • Encrypted protects authentication tokens and files
  • supported on damn near every OS
  • overzealous firewall configuration resistant

IIS supports it, even on the version that comes with server 2000.

Solution 2

After further research I have found that my original suggestion below to use the built-in chroot functionality is not supported under cygwin.

You might be better off looking at other alternatives. Perhaps webdav, perhaps a ftps server (filezilla), or maybe one of the other proprietary sftp servers.

A option that is available if you must do this with the cygwin OpenSSH would be to use the scponly shell. Here is an pdf describing the procedure.

Not sure which version of openssh you have on windows. But it sounds like you want to setup a sftp chroot.

You might want to check out these related questions.

Share:
26,619

Related videos on Youtube

dmr83457
Author by

dmr83457

Updated on September 17, 2022

Comments

  • dmr83457
    dmr83457 almost 2 years

    I am trying to setup OpenSSH on Windows to provide SFTP sites. I am running into some problems with user security settings.

    Here are the basic steps I've gone through to create a user:

    1. Create a new user on the host machine
    2. Add user to openssh passwd file with adjusted filepath for cygwin that points to the client's home folder (example: /cygdrive/e/homefolders/username)
    3. Allow user read/write access to their folder

    The problem I am running into is that the user needs to have execute permission to the OpenSSH program folder for them to be able to login. I found I can disable access to specific folders such as "etc" but I'm concerned I have to provide permissions in here at all. When using FileZilla I am shown a folder hierarchy "/cygdrive/e/homefolders/username" and can browser the "/" to folders with read access.

    Is there a specific strategy I should be using for proper security in this setup? A specific file or folder I might need to provide execute permissions on but nothing more? I would like to completely lock down everything except read/write access to their own folder but that doesn't appear to be possible.

  • dmr83457
    dmr83457 over 14 years
    Unfortunately it appears that there are Linux only and don't work in cygwin.
  • Zoredache
    Zoredache over 14 years
    The ChrootDirectory SSH option isn't supported under cygwin. See this thread cygwin.com/ml/cygwin/2008-11/msg00256.html
  • dmr83457
    dmr83457 over 14 years
    Your first 3 sentences summarize my thoughts lately about this problem. We went the route of SFTP because it seemed like a pretty standard approach that our users would be able to find clients and support for, and we didn't have to purchase software to provide. However it is looking more and more like we need to purchase a commercial server that supports SFTP for Windows or move on to another option.
  • underscore_d
    underscore_d over 8 years
    (Probably because it's 6 years later,) I've set up Cygwin, OpenSSH, and ChrootDirectory, and it seems to work just fine.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Locking down SFTP user in cygwin
How can I allow a user sudo/root on SFTP?
How to create a SFTP (SSH) User with extremely limited permissions
SFTP login returns "Authenticated with partial success." for public key
Can't sftp into server Permission denied, please try again
CopSSH SFTP -- limit users access to their home directory only
SFTP permission denied but SSH works fine
SFTP user can't edit or create files
How do I set default permissions for SFTP for an Ubuntu Server?
How to get full control of umask/PAM/permissions?