Setup Secure FTP Server With MySecureShell

by
Share this Article: Facebook0Google+0Twitter18LinkedIn7Reddit0StumbleUpon1

MySecureShell is very secure FTP server based on OpenSSH. Since it is based on OpenSSH, so you have the high level of security of it MORE functionality and POWERFUL FTP server. It is easy to install and administrate. We can administrate MySecureShell easily with cool web interface.

Features

- Control of bandwidth.
- Security rights informations.
- Easy installation and administration of the server with a graphical interface.
- Management of activity of the server with logs.
- Restrictions of users by ip, groups.
- Power Encryption.
- No certificate problems non-certified or certificate generation.
- Support public and private keys for secure authentication without password.
- Only one port to open for SSH and SFTP (port 22 by default).
- The protocol used is much more optimized than FTP because it is based on the protocol of the NFS .
- Finally it’s free and open source.

Install MySecureShell On Linux

Add the MySecureShell repository depending upon the distribution you use. All steps should run as ‘root’ user.

On Debian:

You can add the official repository of MySecureShell for Debian by adding 2 lines to the file “/etc/apt/sources.list”:

deb http://mysecureshell.free.fr/repository/index.php/debian testing main
deb-src http://mysecureshell.free.fr/repository/index.php/debian testing main

To import GPG key, enter:

# gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys E328F22B; gpg --export E328F22B | apt-key add -

OR

wget -O - "http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x7601D76CE328F22B" | apt-key add -

Now update the source list and install MySecureShell as shown below.

# apt-get update
# apt-get install mysecureshell

On Ubuntu:

Edit file “/etc/apt/sources.list” and add the following lines,

deb http://mysecureshell.free.fr/repository/index.php/ubuntu testing main
deb-src http://mysecureshell.free.fr/repository/index.php/ubuntu testing main

To import GPG key, enter:

# gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys E328F22B; gpg --export E328F22B | apt-key add -

OR

# wget -O - "http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x7601D76CE328F22B" | apt-key add -

Now update the source list and install MySecureShell as shown below.

# apt-get update
# apt-get install mysecureshell

On RHEL/CentOS:

Edit file “/etc/yum.conf” and the following lines at the end.

[mysecureshell]
name=MySecureShell
baseurl=http://mysecureshell.free.fr/repository/index.php/centos/$basearch/
enabled=1
gpgcheck=0

Update Repository and install MySecureShell as shown below.

# yum update
# yum install mysecureshell

On Fedora:

Edit file “/etc/yum.conf” and add the following lines,

[mysecureshell]
name=MySecureShell
baseurl=http://mysecureshell.free.fr/repository/index.php/fedora/$basearch/
enabled=1
gpgcheck=0

Update Repository and install MySecureShell as shown below.

# yum update
# yum install mysecureshell

Create FTP Users

Create users to use MySecureShell shell with command:

# useradd -m -s /bin/MySecureShell unixmen
# passwd unixmen

Also you assign the existing users to MySecureShell using command:

# usermod -s /bin/MySecureShell sk

Mow you can connect to your SFTP server from your clients as shown below.

$ sftp unixmen@192.168.1.200
unixmen@192.168.1.200's password:
Connected to 192.168.1.200.
sftp>

Also you can login to your SFTP server with any graphical clients such as FileZilla from your client system.

Open your favourite FTP client ex.FileZilla. Enter the user name, password and SFTP port 22 and click Connect.

sftp:--unixmen@192.168.1.200 - FileZilla_002 Unlike vsftpd or other FTP servers, MySecureShell SFTP server is lot easy to install and configure.

Configure MySecureShell

The main MySecureShell config file is /etc/ssh/sftp_config. MySecureShell will work well with default configuration. The options in the configuration are well explained, so I don’t have to explain them.

You can adjust or specify various options such as specify upload and download bandwidth, chroot users, the max. amount of connections etc., in the MySecureShell configuration file. You can set this options for everybody or just for a particular group.

For a complete list of configuration examples, please a have look here. This page is in French, but you can translate it to your required language using Google-Trasnlate button on the left.

Say for example, Let us limit the download speed of the FTP users to 25K. To do that open MySecureShell main configuration file.

# nano /etc/ssh/sftp_config

Find the following line and set the download limit to 25k under Default section.

[...]
<Default>
GlobalDownload          25k     #total speed download for all clients
[...]

Save and close the file. Restart MySecureShell service to take effect the saved changes.

On Debian/Ubuntu users:

# /etc/init.d/mysecureshell restart

On RHEL/CentOS users:

# service mysecureshell restart

Now the FTP users will be able to download files at 25k speed.

MySecureShell Commands

MySecureShell has the following set of commands to administrate your SFTP server.

- sftp-admin

- sftp-kill

- sftp-state

- sftp-user

- sftp-verif

- sftp-who

Let us see a small introduction of each command.

sftp-admin

This command allows to manage a MySecureShell waiter remotely.

Usage:

sftp-admin [ssh options] user@hostname

sftp-kill

It will disconnect the user from the FTP server.

Usage:

# sftp-kill test

sample output:

Kill test on PID 6753
No lamer to kill ?

The above command will disconnect the user ‘test’ from FTP server.

sftp-state 

It allows you to control activity of the server.

# sftp-state

Sample output:

Server is up

sftp-user

This command allows you to create a SFTP user.

Usage:

# sftp-user create test

The above command will create a user called test.

# sftp-user delete test

The above command will delete the the user test.

# sftp-user list

Sample output:

test
unixmen

The above command will list SFTP users.

sftp-verif 

This command will verify and correct problems on a MySecureShell server.

Usage:

# sftp-verif

Sample output:

################################################################################
MySecureShell Verification Tool
################################################################################

### Verifing file existance ###

/bin/MySecureShell                                                       [ OK ]
/bin/sftp-who                                                            [ OK ]
/bin/sftp-kill                                                           [ OK ]
/bin/sftp-state                                                          [ OK ]
/bin/sftp-admin                                                          [ OK ]
/bin/sftp-verif                                                          [ OK ]
/bin/sftp-user                                                           [ OK ]

### Verifing rights ###

Verifing file rights of /etc/ssh/sftp_config                             [ OK ]
Verifing file rights of /bin/sftp-who                                    [ OK ]
Verifing file rights of /bin/sftp-verif                                  [ OK ]
Verifing file rights of /bin/sftp-user                                   [ OK ]
Verifing file rights of /bin/sftp-kill                                   [ OK ]
Verifing file rights of /bin/sftp-state                                  [ OK ]
Verifing file rights of /bin/sftp-admin                                  [ OK ]
Verifing file rights of /bin/MySecureShell                               [ OK ]

### Verifing rotation logs ###

Rotation logs have been found                                            [ OK ]

### Verifing server status ###

Verifing server status (ONLINE)                                          [ OK ]

### Verifing server dependencies ###

Show only error(s) :

### Verifing server configuration ###

Show only error(s) :
Trying user: root

### All tests dones ###

sftp-who

This command will tell you who is currently logged-in to the FTP server.

Usage:

# sftp-who

Sample output:

--- 1 / 10 clients ---
Global used bandwith : 0 bytes/s / 0 bytes/s
PID: 6892   Name: test   IP: sk.local
Home: /home/test
Status: idle    Path:
File:
Connected: 2013/12/13 19:52:41 [since 04s]
Speed: Download: 0 bytes/s [5.00 kbytes/s]  Upload: 0 bytes/s [unlimited]
Total: Download: 134 bytes   Upload: 23 bytes

How to manage MySecureShell server graphically?

Managing MySecureShell via command line is not that difficult. However if you’re looking for a graphical management tool for MSecureShell, there is a MySecure GUI front-end is available.

You Can install this GUI tool in any of your client system and start managing your SFTP server graphically as well as remotely. Also you have to install Java on your system before installing this front-end tool.

Please note: before using MySecureShell GUI, you must adjust the configuration file to allow the SFTP server to be managed remotely.

To do so, go to your SFTP server, edit file /etc/ssh/sftp_config,

# nano /etc/ssh/sftp_config

Find and uncomment the following line.

[...]
#<Group sftp_administrator>
        IsAdmin         true            #can admin the server
[...]

Save and close the file. Restart mysecureshell service to take effect the changes.

# /etc/init.d/mysecureshell restart

Now download the MySecureShell client from here or download it directly from your Terminal using command:

# wget http://sourceforge.net/projects/mysecureshell/files/MySecureShell%20Graphical%20Tools/v1.90/MSS_Frontend_v1.9.zip

Extract and run it as shown below.

# unzip MSS_Frontend_v1.9.zip
# java -jar sftp-mss.jar

The following screen should appear. Enter the your remote SFTP server username and password

Graphical Tools v1.9 for MySecureShell v1.20_003After connecting to the SFTP server it will look like below.

Graphical Tools v1.9 for MySecureShell v1.20_005Now you can manage your SFTP server remotely.

Sftp-who

To see the connected users to SFTP server click on sftp-who tab. It will show the current users connected to the SFTP server.

Graphical Tools v1.9 for MySecureShell v1.20_006

Sftp-state

To view the SFTP server status, click on sftp-state tab.

Graphical Tools v1.9 for MySecureShell v1.20_007

Wizard

To create user, go to Wizard tab. Select Configuration of users and click Create New user. Enter the new user name and password. Finally click Ok and Finish.

Graphical Tools v1.9 for MySecureShell v1.20_012

Please note that the users can be created only when MSS-Frontend is installed in SFTP server. Install MSS-Front-end on your SFTP server itself and start creating users.

Also you can change the default home directory, global download/upload speed of the ftp users. To do that, go to Wizard -> Configuration of Server. Enter the new values and click Finish.

Graphical Tools v1.9 for MySecureShell v1.20_013Expert Mode

In the expert mode, you can adjust/modify various configuration options like Global, Security ad Advanced security. It’s not that difficult. Every option is self-explanatory.

Graphical Tools v1.9 for MySecureShell v1.20_009Log

You can analyze what’s happening in the SFTP server using logs.

Graphical Tools v1.9 for MySecureShell v1.20_014That’s it for now. At this stage, you will have a working SFTP server.

Reference Links:

MySecureShell Website

For questions please refer to our Q/A forum at : http://ask.unixmen.com/

Share this Article: Facebook0Google+0Twitter18LinkedIn7Reddit0StumbleUpon0