Home / server / Questions / 820591
In Process
Vic85
Asked: 2016-12-14 21:42:49 +0800 CST

Creating multiple SFTP users in Centos (installed in AWS EC2) with SELinux

  • 772

I am having difficulty letting others FTP/SFTP to our site. I have multiple Virtual Name Servers created and each of them running their own website. So , I would like to give FTP/SFTP access to users.

I followed the same steps as described in this Serverfault forum question. Made sure all folder (not files) are 755 to root and made root as owner.

My Steps are as follows,

Adding a group

groupadd sftp

Created User

useradd -d /var/www/vivektest.com.au/public_html vivek

passwd vivek

Added to group and modified bin 

usermod -g sftp vivek
usermod -s /sbin/nologin vivek

Modified SSHD config

Subsystem sftp internal-sftp
Match group sftp
    X11Forwarding no
    ChrootDirectory %h
    AllowTcpForwarding no
    ForceCommand internal-sftp

Restarted the sshd service. Made sure the home folder is root owned. 

sudo ls -ld /var/www/vivektest.com.au/public_html
drwxr-xr-x. 2 root root 23 Dec 14 03:10 /var/www/vivektest.com.au/public_html

Again not the files inside. There are other virtual server directories for different websites (like abctest.com.au, xyz.com.au) and they all have same permission settings.

I tried various other ways and followed many other suggestions but they are all failing and I don't want to break the server anymore.

The log file at /var/log/secure doesn't give me much

Dec 14 05:12:10 ip-xxx-xx-xx-xx sshd[3833]: error: Received disconnect from 149.135.125.62: 14: No supported authentication methods available [preauth]

File Zilla says 

Status: Connecting to ec2-xx-xx-xxx-xx.ap-southeast-2.compute.amazonaws.com...
Response:   fzSftp started, protocol_version=7
Command:    open "[email protected]" 22
Error:  Disconnected: No supported authentication methods available (server sent: publickey,gssapi-keyex,gssapi-with-mic)
Error:  Could not connect to server

It is a CentOS machine residing in Amazon AWS EC2.

There are other files and folder before /var/www such as httpd,logs,home which are not under root but centos (default ec2 user). Will that be a problem?

Also, I have webmin. However, when I go to SSH login module I get a message 

There is no SSH server running on xx.xxx.xx.xx port 22.

I am not sure whether it has any significance to the problem I have.

Also, my SELINUX is Enforcing. However, I haven't made any modification to it.

It would be great, if someone could shed some light on it.

Thanks. V

amazon-ec2 sftp centos7 selinux

0 Answers