maje90
Posts: 6
Joined: Sun Nov 10, 2013 1:54 pm

How to access SFTP easily like FTP/FTPS

Thu Oct 11, 2018 2:54 pm

Hi all!

I like to use raspberry as a fileserver to drop and pick files easily from anywhere. I don't care about safety of those files or that folder...

In past I've used FTP (with Pure-FTPd) and it was great:
- i can access directly from everywhere with "ftp://mydomain_OR_ip" , from a web browsers er even Window explorer!
- I had to set up a new specific user for ftp with access only to its own folders

Now, I've read up almost anywhere that FTP or FTPS is unsafe.... but it was simple and easy!

So I've turn on SFTP (the ssh one) on on my raspberry (after full OS reset), but there are some things I don't like:
- to access to it I have to install additional software like filezilla, which is unpratical;
- actually I log in with main user/password, and the folder I see is the main user one (home?) ... but I can even access to ALL the other folders of the storage drive....I don't like this.
(this last can be probably changed...)

My question(s) is:
Does safety matters about FTP/FTPS regards the whole systems?
Or just about read/write/spying data in/to ftpuser folders?

If the first (ftp/ftps expose the whole system), then, how can I access more rapidly/directly?
(it's a bother to install filezilla in every pc you go to)

Thank you everyone in advance!
(please tell me if i was unclear in some part, my main language is not english... :? )

tpyo kingg
Posts: 317
Joined: Mon Apr 09, 2018 5:26 pm
Location: N. Finland

Re: How to access SFTP easily like FTP/FTPS

Thu Oct 11, 2018 3:20 pm

maje90 wrote:
Thu Oct 11, 2018 2:54 pm
So I've turn on SFTP (the ssh one) on on my raspberry (after full OS reset), but there are some things I don't like:
- to access to it I have to install additional software like filezilla, which is unpratical;
- actually I log in with main user/password, and the folder I see is the main user one (home?) ... but I can even access to ALL the other folders of the storage drive....I don't like this.
(this last can be probably changed...)
You haven't mentioned which system you are connecting from but if you are using any GNU/Linux system, then SFTP support is built into the file managers. Here is a demo of one such file manager: https://www.youtube.com/watch?v=9S4DV1PluzA

You can make the home directories hidden from the other users by changing the file system permissions for /home/ and then the users' individual home directories. Mode 701 should do it for /home/ and mode 700 for the top level of the users' individual home directories. But the rest of the system will still be visible.

If you want to see only the home folder then you can add to that an SFTP chroot. Depending on your familiarity with servers it may be easy or a learning experience. The reference document would be the manual page for the SSH server configuration "man sshd_config" in the paragraphs on Match, ChrootDirectory, and ForceCommand. Ask if it's too new.
maje90 wrote:
Thu Oct 11, 2018 2:54 pm
My question(s) is:
Does safety matters about FTP/FTPS regards the whole systems?
Or just about read/write/spying data in/to ftpuser folders?
If you are using FTP/FTPS with system accounts then it affects the whole system. Some FTP daemons allow for virtual users and then you are talking about just a subfolder on the system. FTP is much harder to deal with when port forwarding or using a firewall, even in passive mode. FTP can be considered deprecated for those reasons plus the security problems.

maje90
Posts: 6
Joined: Sun Nov 10, 2013 1:54 pm

Re: How to access SFTP easily like FTP/FTPS

Thu Oct 11, 2018 4:20 pm

Thank you for the reply.
tpyo kingg wrote:
Thu Oct 11, 2018 3:20 pm
You haven't mentioned which system you are connecting from...
Windows environment.
I'm an eternal newbie when it comes about linux environment, I know some stuff and, well... i'm good at googling when i need.
But going around at friends house, etc... I'll only find windows... So instead of bringing with me a usb drive, I'd like to have my small fileserver always ready.
tpyo kingg wrote:
Thu Oct 11, 2018 3:20 pm
... but if you are using any GNU/Linux system, then SFTP support is built into the file managers. Here is a demo of one such file manager: https://www.youtube.com/watch?v=9S4DV1PluzA
I see, that's cool...
So by "sftp://[email protected]_or_ip/path/path" I can access at any ssh ftp directly from OS explorer... nice to know.

But still, if I can't access SFTP from windows without a dedicated software, I need to go back with FPT/FPTS.
tpyo kingg wrote:
Thu Oct 11, 2018 3:20 pm
If you are using FTP/FTPS with system accounts then it affects the whole system. Some FTP daemons allow for virtual users and then you are talking about just a subfolder on the system. FTP is much harder to deal with when port forwarding or using a firewall, even in passive mode. FTP can be considered deprecated for those reasons plus the security problems.
So, I should install a FTPS server (not just FTP) with a virtual user with r/w access only to a specific folder.
Any advice? Is pure-FTPd enough?

Or, again, do you know some alternative solution? (for an easy and universal solution for a simple and direct access to a file server, like a webpage? maybe?)

tpyo kingg
Posts: 317
Joined: Mon Apr 09, 2018 5:26 pm
Location: N. Finland

Re: How to access SFTP easily like FTP/FTPS

Thu Oct 11, 2018 4:44 pm

maje90 wrote:
Thu Oct 11, 2018 4:20 pm
Or, again, do you know some alternative solution? (for an easy and universal solution for a simple and direct access to a file server, like a webpage? maybe?)
If SFTP is not your cup of tea, I'd still say to avoid FTP / FTPS like the plague. I wish the legacy operating systems would catch up to this decade in regards to encryption. However, grumbling aside, a web-based option can work over HTTPS.

So you might take a look at Nextcloud. It is all web-based and has a lot of active users in many languages. The downside is that there is no pre-packaged version, you have to do a fair amount of manual intervention to get the service up and running. But once you get to an administrative interface via the web browser it is smooth sailing thereafter. It may also have some smartphone support, too. You'll definitely be able to upload and download from any machine with a web browser that can reach your server.

maje90
Posts: 6
Joined: Sun Nov 10, 2013 1:54 pm

Re: How to access SFTP easily like FTP/FTPS

Sun Oct 14, 2018 10:38 pm

tpyo kingg wrote:
Thu Oct 11, 2018 4:44 pm
...I'd still say to avoid FTP / FTPS like the plague.
I tried.
I watched around for vsftpd, and such... a mess! For someone newbie like me, its no use: every forum says a little different thing.
I tried to install what you said... couldn't get it done... Once you do a couple of "apt-get install" that broke up your system, you're doomed and again i feel like i should reinstall the whole system again. Too much anarchy in linux world...
(my first time i used pure-ftpd it worked in 5 mins, this time, installing it after other ftps/sftp server made it impossible to work... done "purge" many times, took hours to get it working again...)

But also, I found out windows explorer only works with basic FTP (no SFTP or FTPS)... so as i want to avoid install anything, i must go with basic ftp.

Going back to my OP:
(after many purges and such) i managed again to make pure-ftpd work.
I added "pi" user to /etc/ftpusers to disable it, and made a new "ftpuser" virual user (no ssh, or home folder) to use it with ftp but restricted in a specified folder (in my case is "/mnt/myfolder").

As I didn't fully understand you answer, I have to to ask you again: (you were comprehensibly pessimistic, but vague)
does this situation (using ftp) expose my full system or just ftpuser and its folder?

tpyo kingg
Posts: 317
Joined: Mon Apr 09, 2018 5:26 pm
Location: N. Finland

Re: How to access SFTP easily like FTP/FTPS

Mon Oct 15, 2018 6:06 am

maje90 wrote:
Sun Oct 14, 2018 10:38 pm
As I didn't fully understand you answer, I have to to ask you again: (you were comprehensibly pessimistic, but vague)
does this situation (using ftp) expose my full system or just ftpuser and its folder?
The forum guidelines discourage cussing so it's more difficult to talk about FTP in clear terms. :P

In some FTP daemons you can have a set of users and passwords that exist only inside the daemon itself and not in the main system. With Virtual Users as they are called, the damage is limited to your FTP folder when, not if, the service gets compromised. Or you can use regular system accounts. With regular system users, well, it's party time then once unauthorized access occurs. So if you have a choice, virtual users would be the way to go. Either way, the data, the user names, and the passwords go unencrypted over the net. If you use FTP from a public space like a cafe or airport wi-fi, you will eventually get visitors in your machine and perhaps some data stored there which they dare not leave on their own machines.

It's unfortunate that even the most recent editions of legacy operating systems fail SFTP support. I hope that would change, but seeing as decades have already gone by, I doubt it will be added. Of them, OS X does have the regular text-based SFTP client from OpenSSH however.

I mentioned Nextcloud earlier. If you were brave enough to take a crack at FTPS then you might be able to conquer the Nextcloud installation process. The "only" hard part there is setting up the MariaDB / MySQL account for Nextcloud. TLS certificates for HTTPS are now freely available from Let's Encrypt. But there are a lot of steps in the set up. Nextcloud would allow reasonably encrypted access via any web browser. There appear to also be a few dedicated phone apps.

Return to “Networking and servers”