Install MySecureShell SFTP Server In Linux

About MySecureShell

MySecureShell is an Open Source, Multi-platform, very secure FTP server based on OpenSSH. Since it is based on OpenSSH, you have the high level of security of it MORE functionality and POWERFUL FTP server. It is easy to install, configure and administrate. The goal of MySecureShell is to offer the power and security of OpenSSH, with enhanced features (like ACL) to restrict connected users. What else you need? We can have a perfect SFTP server in minutes using MySecureShell. It will work on several types of Operating Systems like Linux, Mac OS X, Solaris, BSD and Windows (with Cygwin).

Why MySecureShell?

You might ask me why MySecureShell instead of traditional FTP server. There are several reasons including:

  • You do not have to open some dedicated firewall ports for file transfers ;
  • You are using one of the most used and secure protocol (SSH) ;
  • You do not have to manage SSL certificates to guaranty the security ;
  • As easy to use as a classical FTP server ;
  • As many or more features that you can find on any classical FTP servers ;
  • Easy to install, configure, maintain and use.

Features

Concerning about MySecureShell, we can list the following:

  • Control of bandwidth ;
  • Security rights information ;
  • Only authorized files and folders can be shown ;
  • Easy installation and administration of the server with a graphical interface ;
  • Management of activity of the server with logs ;
  • Restrictions of users by ip, groups ;
  • Power Encryption ;
  • No certificate problems non-certified or certificate generation ;
  • Support public and private keys for secure authentication without password ;
  • Only one port to open for SSH and SFTP (port 22 by default) ;
  • The protocol used is much more optimized than FTP because it is based on the protocol of the NFS ;
  • Free and open source ;
  • Advanced logging information ;
  • ACL can be made with IP/Usernam/Groups/VirtualHost/… ;
  • Confined environments (chroot, which is also available in the latest version of OpenSSH) ;
  • Restrict users to have sftp only (shell access is disabled by default) ;
  • And more…

Install MySecureShell On Linux

Add the MySecureShell repository depending upon the distribution you use. All steps should run as ‘root’ user.

To switch to root user, run:

sudo su

Or

su

On Debian:

MySecureShell is available in the default repositories of Debian 8.

To install it, simply run:

apt-get install mysecureshell

For Debian 7 and previous versions:

Edit /etc/apt/sources.list file,

nano /etc/apt/sources.list

Add the following lines:

deb http://mysecureshell.free.fr/repository/index.php/debian testing main
deb-src http://mysecureshell.free.fr/repository/index.php/debian testing main

To import GPG key, enter:

gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys E328F22B; gpg --export E328F22B | apt-key add -

OR

wget -O - "http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x7601D76CE328F22B" | apt-key add -

Now update the source list and install MySecureShell as shown below.

apt-get update
apt-get install mysecureshell

On Ubuntu:

MySecureShell is available in the default repositories of Ubuntu 15.04, so we can install it using command:

apt-get install mysecureshell

On Ubuntu 14.04 and previous versions, Edit file “/etc/apt/sources.list” and add the following lines,

deb http://mysecureshell.free.fr/repository/index.php/ubuntu testing main
deb-src http://mysecureshell.free.fr/repository/index.php/ubuntu testing main

To import GPG key, enter:

gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys E328F22B; gpg --export E328F22B | apt-key add -

OR

wget -O - "http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x7601D76CE328F22B" | apt-key add -

Now update the source list and install MySecureShell as shown below.

apt-get update && apt-get install mysecureshell

On RHEL/CentOS:

Edit file “/etc/yum.conf” and the following lines at the end.

[mysecureshell]
name=MySecureShell
baseurl=http://mysecureshell.free.fr/repository/index.php/centos/$basearch/
enabled=1
gpgcheck=0

Update Repository and install MySecureShell as shown below.

yum update
yum install mysecureshell

On Fedora:

Edit file “/etc/yum.conf” and add the following lines:

[mysecureshell]
name=MySecureShell
baseurl=http://mysecureshell.free.fr/repository/index.php/fedora/$basearch/
enabled=1
gpgcheck=0

Update Repository and install MySecureShell as shown below.

yum update
yum install mysecureshell

We have installed MySecureShell. Let us now see how to use it.

Usage

Adding users to MySecureShell

First, we have to find where MySecureShell is installed.

To do that, run:

whereis mysecureshell

Sample output:

mysecureshell: /usr/bin/mysecureshell /usr/share/man/man8/mysecureshell.8.gz

As you in the above output, mysecureshell installation path is /usr/bin/mysecureshell. Verifying MySecureShell installation path is must, because, we should specify that path while creating new FTP users or assign exiting users to access the SFTP server.

Now, Create a new user with command:

useradd -m -s /usr/bin/mysecureshell unixmen
passwd unixmen

Also you can assign the existing users to access and use MySecureShell using command:

sudo usermod -s /usr/bin/mysecureshell sk

Mow you can connect to your SFTP server from your clients as shown below.

sftp unixmen@192.168.1.102

Sample output:

unixmen@192.168.1.102's password: 
Connected to 192.168.1.102.
sftp>

Also you can login to your SFTP server with any graphical clients such as FileZilla from your client system.

Open your favourite FTP client (Ex.FileZilla). Enter sftp://IP-address, user name, password, and SFTP port 22 and click Connect.

sftp:--sk@192.168.1.102 - FileZilla_001

Unlike vsftpd or other FTP servers, MySecureShell SFTP server is lot easy to install and configure.

Configure MySecureShell

The main MySecureShell config file is /etc/ssh/sftp_config. MySecureShell will work well with default configuration. The options in the configuration are self-explanatory, so I didn’t cover them.

You can adjust or specify various options such as specify upload and download bandwidth, chroot users, the max. amount of connections etc., in the MySecureShell configuration file. You can set this options to either everybody or just for a particular group.

Say for example, Let us limit the download speed for the FTP users to 25K. To do that open MySecureShell main configuration file.

nano /etc/ssh/sftp_config

Find the following line and set the download limit to 25k under Default section.

[...]
<Default>
GlobalDownload          25k     #total speed download for all clients
[...]

Save and close the file. Restart MySecureShell service to take effect the saved changes.

service mysecureshell restart

Or,

systemctl restart mysecureshell

Now the FTP users will be able to download files at 25k speed.

MySecureShell Commands

MySecureShell has the following set of commands to administrate your SFTP server.

  • sftp-admin
  • sftp-kill
  • sftp-state
  • sftp-user
  • sftp-verif
  • sftp-who

Let us see a brief description of each command.

sftp-admin

This command allows to manage a MySecureShell waiter remotely.

Usage:

sftp-admin [ssh options] user@hostname

sftp-kill

It will disconnect the user from the FTP server.

Usage:

sftp-kill unixmen

sample output:

Kill unixmen on PID 6753
No lamer to kill ?

The above command will disconnect the user ‘unixmen’ from FTP server.

sftp-state 

It allows you to control activity of the server.

sftp-state

Sample output:

Server is up

sftp-user

This command allows you to create a SFTP user.

Usage:

sftp-user create test

The above command will create a user called test.

sftp-user delete test

The above command will delete the the user test.

sftp-user list

Sample output:

test
unixmen

The above command will list SFTP users.

sftp-verif 

This command will verify and correct problems on a MySecureShell server.

Usage:

sftp-verif

Sample output:

################################################################################
MySecureShell Verification Tool
################################################################################

### Verifing file existance ###

/bin/MySecureShell                                                       [ OK ]
/bin/sftp-who                                                            [ OK ]
/bin/sftp-kill                                                           [ OK ]
/bin/sftp-state                                                          [ OK ]
/bin/sftp-admin                                                          [ OK ]
/bin/sftp-verif                                                          [ OK ]
/bin/sftp-user                                                           [ OK ]

### Verifing rights ###

Verifing file rights of /etc/ssh/sftp_config                             [ OK ]
Verifing file rights of /bin/sftp-who                                    [ OK ]
Verifing file rights of /bin/sftp-verif                                  [ OK ]
Verifing file rights of /bin/sftp-user                                   [ OK ]
Verifing file rights of /bin/sftp-kill                                   [ OK ]
Verifing file rights of /bin/sftp-state                                  [ OK ]
Verifing file rights of /bin/sftp-admin                                  [ OK ]
Verifing file rights of /bin/MySecureShell                               [ OK ]

### Verifing rotation logs ###

Rotation logs have been found                                            [ OK ]

### Verifing server status ###

Verifing server status (ONLINE)                                          [ OK ]

### Verifing server dependencies ###

Show only error(s) :

### Verifing server configuration ###

Show only error(s) :
Trying user: root

### All tests dones ###

sftp-who

This command will tell you who is currently logged-in to the FTP server.

Usage:

sftp-who

Sample output:

--- 1 / 10 clients ---
Global used bandwidth : 0 bytes/s / 0 bytes/s
PID: 1472   Name: unixmen   IP: sk
    Home: /home/unixmen
    Status: idle    Path: 
    File: 
    Connected: 2015/06/26 17:29:44 [since 03s]
    Speed: Download: 0 bytes/s [5.00 kbytes/s]  Upload: 0 bytes/s [unlimited]
    Total: Download: 134 bytes   Upload: 23 bytes

MySecureShell GUI Front-end

Managing MySecureShell via command line is not that difficult. However if you’re looking for a graphical management tool for MSecureShell, there is a MySecureShell GUI front-end is available.

You Can install this GUI tool in any of your client system and start managing your SFTP server graphically as well as remotely. Also you have to install Java on your system before installing this front-end tool.

Please note: Before using MySecureShell GUI, you must adjust the configuration file to allow the SFTP server to be managed remotely.

To do so, go to your SFTP server, edit file /etc/ssh/sftp_config,

nano /etc/ssh/sftp_config

Find and uncomment the following line.

[...]
#<Group sftp_administrator>
        IsAdmin         true            #can admin the server
[...]

Save and close the file. Restart mysecureshell service to take effect the changes.

systemctl restart mysecureshell

Or,

service mysecureshell restart

Now, download the MySecureShell client from here or download it directly from your Terminal using command:

wget http://sourceforge.net/projects/mysecureshell/files/MySecureShell%20Graphical%20Tools/v1.90/MSS_Frontend_v1.9.zip

Extract and run it as shown below.

unzip MSS_Frontend_v1.9.zip
java -jar sftp-mss.jar

The following screen should appear. Enter the your remote SFTP server username and password and click Connect.

Graphical Tools v1.9 for MySecureShell v1.20_002

After connecting to the SFTP server it will look like below.

Graphical Tools v1.9 for MySecureShell v1.20_003

Now you can manage your SFTP server remotely.

Sftp-who

To see the connected users to SFTP server click on sftp-who tab. It will show the current users connected to the SFTP server.

Graphical Tools v1.9 for MySecureShell v1.20_004

Sftp-state

To view the SFTP server status, click on sftp-state tab.

Graphical Tools v1.9 for MySecureShell v1.20_005

Config Wizard

To create user, go to Wizard tab. Select Configuration of users:

Graphical Tools v1.9 for MySecureShell v1.20_006

Click Create New user. Enter the new user name and password. Finally click Ok and Finish.

Graphical Tools v1.9 for MySecureShell v1.20_007

Also you can change the default home directory, global download/upload speed of the ftp users. To do that, go to Wizard -> Configuration of Server. Enter the new values and click Finish.

Graphical Tools v1.9 for MySecureShell v1.20_008

Expert Mode

In the expert mode, you can adjust/modify various configuration options like Global, Security ad Advanced security. It’s not that difficult. Every option is self-explanatory.

Graphical Tools v1.9 for MySecureShell v1.20_009

Log

You can analyze what’s happening in the SFTP server using logs.

Graphical Tools v1.9 for MySecureShell v1.20_010

That’s all for now. At this stage, you will have a working SFTP server.

Reference links: