kc2orw
09-27-2008, 12:25 PM
I was playing around with my sftp client (Winscp) and realized that there were features (extensions) available to the sftpserver that were not available in my current configuration. In Winscp look in the menu "Commands", "Server/Protocol Information" and the the "Capabilities" tab. In a default openssh installation you won't see many capabilities enabled.
I set about searching for a method to enable some or all of these capabilities and found none, the included sftp server only supports Protocol Level 3. But I did see several alternative sftpservers out there. I decided to stay away from java, too much memory needed for a vps server, and may look into a python implementation, eventually (paramiko)
I did find some source that seemed interesting http://www.greenend.org.uk/rjk/sftpserver/ read about it and see that using it and winscp will provide you access to protocol level 5 features.
* Protocol versions 3 and higher:
o Upload and download files
o List files
o Create directories and symbolic links
o Rename and delete files
* Protocol versions 4 and higher:
o Filename encoding translation
o Text mode transfers
o String owner/group names (instead of numeric)
o Sub-second timestamps (where supported by server OS)
* Protocol versions 5 and higher:
o Extended rename semantics (e.g. atomic overwrite)
* Protocol versions 6 and higher:
o Create hard links
* Several SFTP extensions
So why would I, or anyone else, care, I was tired of having to open a putty ssh session and changing to the right directory and issuing and appropriate chown command all the time. In Ubuntu it is wise to chown to www-data:www-data so that app will run correctly. With the greenend server I can now chown via winscp or any other sftp client.
Installation:
apt-get install bzr
Make sure you have autoconf, autotools, autogen, and libtools installed if you are going to play around with compiling source code. Greenend was developed by the author for FreeBSD and OS X but can be compiled for Linux or Ubuntu in my case.
So assuming you feel confident that you have the preliminaries installed get the source. Choose a root directory to work from and issue this command
bzr clone http://www.greenend.org.uk/rjk/bzr/sftpserver.dev sftpserver
It will create the subdirectory sftpserver and you can cd sftpserver and run the sh script ./prepare which will check your dependencies and create a Makefile. Assuming you received no errors or even if you did run Gnu make make. If you didn't receive and error and it actually compiled you are ready for some tests to incorporate it into your system. Now I am running this in a local vps and a remote vps I also use webmin for quick configuration adjustments. So I have a means of accessing my server should something go wrong with ssh access. Webmin provides me access to the ssh config files via the web so I can still fix ssh access even if something goes wrong and can no longer access the server. I have nothing but ssh and webmin installed so I could get locked out.
I installed the compiled file gesftpserver into /bin/sftp-server (Note I renamed it so at a minimum winscp might not get confused Set the new sftp-server file executable and then edit the /etc/ssh/sshd_config file.
Go to the bottom of the config file and find the subsystem line, mine looks like this.
#Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp /bin/sftp-server
I commented out the top line and added the lower line 8.04 and then restarted the sshd service /etc/init.d/ssh restart, in my case Webmin issues that command for me.
Pretty slick now I can chown via my sftp client Winscp perhaps this is something you might wish to consider for your vps installation, I like it for mine... handy.
I set about searching for a method to enable some or all of these capabilities and found none, the included sftp server only supports Protocol Level 3. But I did see several alternative sftpservers out there. I decided to stay away from java, too much memory needed for a vps server, and may look into a python implementation, eventually (paramiko)
I did find some source that seemed interesting http://www.greenend.org.uk/rjk/sftpserver/ read about it and see that using it and winscp will provide you access to protocol level 5 features.
* Protocol versions 3 and higher:
o Upload and download files
o List files
o Create directories and symbolic links
o Rename and delete files
* Protocol versions 4 and higher:
o Filename encoding translation
o Text mode transfers
o String owner/group names (instead of numeric)
o Sub-second timestamps (where supported by server OS)
* Protocol versions 5 and higher:
o Extended rename semantics (e.g. atomic overwrite)
* Protocol versions 6 and higher:
o Create hard links
* Several SFTP extensions
So why would I, or anyone else, care, I was tired of having to open a putty ssh session and changing to the right directory and issuing and appropriate chown command all the time. In Ubuntu it is wise to chown to www-data:www-data so that app will run correctly. With the greenend server I can now chown via winscp or any other sftp client.
Installation:
apt-get install bzr
Make sure you have autoconf, autotools, autogen, and libtools installed if you are going to play around with compiling source code. Greenend was developed by the author for FreeBSD and OS X but can be compiled for Linux or Ubuntu in my case.
So assuming you feel confident that you have the preliminaries installed get the source. Choose a root directory to work from and issue this command
bzr clone http://www.greenend.org.uk/rjk/bzr/sftpserver.dev sftpserver
It will create the subdirectory sftpserver and you can cd sftpserver and run the sh script ./prepare which will check your dependencies and create a Makefile. Assuming you received no errors or even if you did run Gnu make make. If you didn't receive and error and it actually compiled you are ready for some tests to incorporate it into your system. Now I am running this in a local vps and a remote vps I also use webmin for quick configuration adjustments. So I have a means of accessing my server should something go wrong with ssh access. Webmin provides me access to the ssh config files via the web so I can still fix ssh access even if something goes wrong and can no longer access the server. I have nothing but ssh and webmin installed so I could get locked out.
I installed the compiled file gesftpserver into /bin/sftp-server (Note I renamed it so at a minimum winscp might not get confused Set the new sftp-server file executable and then edit the /etc/ssh/sshd_config file.
Go to the bottom of the config file and find the subsystem line, mine looks like this.
#Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp /bin/sftp-server
I commented out the top line and added the lower line 8.04 and then restarted the sshd service /etc/init.d/ssh restart, in my case Webmin issues that command for me.
Pretty slick now I can chown via my sftp client Winscp perhaps this is something you might wish to consider for your vps installation, I like it for mine... handy.