1

I am trying to set up vsftpd (or another application) to serve as sftp service on an Ubuntu server. I would like to expose sftp for one (or a handfull) of system users, ideally they should have a chroot jail to location different from their home directory. This seems like something I should be able to handle with vsftpd, however I do not understand what is happening and suspect "some other service" is actually responding to my sftp requests. This is what I have done:

  1. apt install vsftpd and configure to the best of my knowledge.
  2. I can sftp in to the server and put and get files, however the chroot does not work.
  3. I remove vsftpd with apt purge vsftpd
  4. I can still connect to the server with sftp and put and get files?

So - to it seems that the first problem I need to understand/solve is who is actually replying to my sftp requests - as it does not seem to be the vsftpd installation?

This is a stock Ubuntu 20.04 installation

user422005
  • 123
  • 1
  • 4
  • Is `openssh-server` installed? That would provide sftp by default. AFAIK `vsftpd` provides an *FTPS* service. See also [How to configure SFTP so it behaves like ftp chrooting user to his home directory?](https://unix.stackexchange.com/questions/64523/how-to-configure-sftp-so-it-behaves-like-ftp-chrooting-user-to-his-home-director) – steeldriver Jun 02 '22 at 11:35
  • Yes - `openssh-server` is installed; so that is probably my secret helper. – user422005 Jun 02 '22 at 11:37

2 Answers2

3

SFTP is, in fact, the SSH File Transfer Protocol aka Secure File Transfer Protocol. It is a SSH application and it has nothing to do with FTP (and therefore with vsftpd). As you correctly said, it is provided by the package openssh-server, service sshd.

You were probably looking for FTPS (FTP Secure aka FTP-SSL) which is an extension to FTP and, as such, is can be provided by vsftpd and other FTP servers; it uses TLS to make FTP secure.

To further complicate things, there was once a SFTP (Simple File Transfer Protocol), an insecure, simplified version of FTP which never became a standard and has now historical status only. A simplified, lightweight, no-login FTP that is in use nowadays is TFTP (Trivial File Transfer Protocol).

You can use either SFTP or FTPS to replace the insecure, plaintext FTP. I'd say that SFTP is probably more standard and robust.

dr_
  • 28,763
  • 21
  • 89
  • 133
1

OK - as pointed out by @steeldriver my main confusion came from the fact that I was using the sftp service of openssh and not the vsftpd software I had installed.

user422005
  • 123
  • 1
  • 4