This tutorial will shows you how to installing and Configure MySecureShell on ubuntu server edition. MySecureShell adds interesting features in terms of safety-SFTP Server. This tool uses the OpenSSH encryption to protect data and queries that are issued.There are more problems with the generation of certificates and public and private keys are supported for authentication without password.
Another advantage MySecureShell requires opening a single port for SSH and SFTP!The protocol used is based on the NFS (Network File System) and proves to be much more efficient than the simple FTP protocol.
- Support public and private keys for secure authentication without password.
- Only one port to open for SSH and SFTP (port 22 by default).
- The protocol used is much more optimized than FTP because it is based on the protocol of the NFS .
- It’s free and open source.
- Management of activity of the server with logs.
- Restrictions of users by ip, groups.
- Power Encryption.
- Control of bandwidth.
- Security rights informations.
- Easy installation and administration of the server with a graphical interface.
- No certificate problems non-certified or certificate generation.
MySecureShell Installation is relatively simple, and many parameters can be adjusted.
Installing MySecureShell in Ubuntu Server 12.04/12.10/13.04/13.10
Step 1: You need to add the official repository of MySecureShell for ubuntu into the file /etc/apt/sources.list by copy and paste the following commands:
cat << EOF | sudo tee -a /etc/apt/sources.list deb http://mysecureshell.free.fr/repository/index.php/ubuntu testing main deb-src http://mysecureshell.free.fr/repository/index.php/ubuntu testing main EOF
Step 2: To import the GPG signature of the MySecureShell repository, by execute the following commands:
wget -O - "http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x7601D76CE328F22B" | sudo apt-key add -
Step 3: Then update your package list and install MySecureShell package
sudo apt-get update
sudo apt-get install mysecureshell
Step 4. Create FTP User for MySecureShell:
Create a group that SFTP users will belong to. In example I’ll create group called “mssftp”.
sudo groupadd mssftp
Create authorized users to make sftp and allowed to do only sftp. In this case I’ll create user johndoe.
sudo useradd -m -s /bin/MySecureShell -g mssftp johndoe
sudo passwd johndoe
If you want to assign the existing users to MySecureShell, use the following commands. in this case I have username “precise”:
sudo usermod -s /bin/MySecureShell -g mssftp johndoe
Configure MySecureShell Server
The main configuration file of MySecureShell is usually called sftp_config , it placed on directory /etc/ssh/. With default configuration MySecureShell will work well. In the configuration file, you can define various per-group security settings. For a complete list of configuration examples, you can found it at here. Use nano or vi command to editing file /etc/ssh/sftp_config
This example configuration of MySecureShell with group “mssftp”. In the configuration file, you can define various rule per-group security settings
sudo nano /etc/ssh/sftp_config
<Group mssftp> Download 50k # limit download speed for each connection Upload 0 # unlimit upload speed for each connection StayAtHome true # limit user to his/her home directory VirtualChroot true # fake a chroot to the home account LimitConnectionByUser 1 # max connection for each account LimitConnectionByIP 1 # max connection by IP for each account IdleTimeOut 300 # disconnect user if idle too long time (in sec) HideNoAccess true # hide file/directory which user has no access </Group>
Run the following command to Restart MySecureShell service to take effect the saved changes:
Connection to sftp server.
Now you can access sftp server from client computer the program sftp . It is normally present by default in Ubuntu Server edition:
You can also login to SFTP Server from computer client using any ftp client apps with GUI such as FileZilla, BareFTP, Jftp, etc. Enter the user name, password and SFTP port 22 to connect to a ftp server
MySecureShell has the following set of commands to administrate your SFTP server. sftp-admin, sftp-kill, sftp-state, sftp-user, sftp-verif, sftp-who.