I beseech the wisdom of the HardGawds: SFTP (SSH) User Permission settings

Discussion in 'Networking & Security' started by FoxFlame, May 6, 2008.

  1. FoxFlame

    FoxFlame Limp Gawd

    Messages:
    143
    Joined:
    Sep 3, 2005
    I have successfully configured my server to allow SSH connections using OpenSSH. I'm able to log in as an administrator and browse files by command line.

    When I don't use UNC for my home directories (as I do with my domain under user accounts so I have a home directory) I am able to browse files within Filezilla.

    The problem is that I *cannot* log into the SFTP site with an account if it does not have administrative rights. Is there a specific right that I need to grant to that user account using ntrights.exe? I'm baffled. So close, yet still so insecure.

    I'm tempted to just use FTPS with Serv-U or something. Can't remember if that will run as a service.

    Oh, I'm using Windows 2003, Enterprise Edition (MSDNAA)

    Thanks in advance, and if you require any additional information, please let me know!

    My next step will to be able to figure out how to apply virtual directories for my users.

    --Fox

    Edit: Oh, and yes, the users do have permission to access their home directories.
     
  2. FoxFlame

    FoxFlame Limp Gawd

    Messages:
    143
    Joined:
    Sep 3, 2005
    C'mon. Someone must have an answer for this?
     
  3. Malk-a-mite

    Malk-a-mite [H]ard|Gawd

    Messages:
    2,023
    Joined:
    Feb 16, 2002
    You *might* have better luck in the OS based forum for this... maybe...
     
  4. utshost

    utshost [H]Lite

    Messages:
    99
    Joined:
    Feb 22, 2006
    any user that needs to connect needs at least read/excute rights to the default dir.
     
  5. FoxFlame

    FoxFlame Limp Gawd

    Messages:
    143
    Joined:
    Sep 3, 2005
    They've read, read/execute and list abilities.

    actually, to make sure this isn't a permissions problem as far as the home directory goes, I'm going to give them full access and ownership to the folder and try to log in again.