MySecureShell is very secure FTP server based on OpenSSH. Since it is based on OpenSSH, so you have the high level of security of it MORE functionality and POWERFUL FTP server. It is easy to install and administrate. We can administrate MySecureShell easily with cool web interface.
Features
- Control of bandwidth.
- Security rights informations.
- Easy installation and administration of the server with a graphical interface.
- Management of activity of the server with logs.
- Restrictions of users by ip, groups.
- Power Encryption.
- No certificate problems non-certified or certificate generation.
- Support public and private keys for secure authentication without password.
- Only one port to open for SSH and SFTP (port 22 by default).
- The protocol used is much more optimized than FTP because it is based on the protocol of the NFS .
- Finally it’s free and open source.
Install MySecureShell On Linux
Add the MySecureShell repository depending upon the distribution you use. All steps should run as ‘root’ user.
On Debian:
You can add the official repository of MySecureShell for Debian by adding 2 lines to the file “/etc/apt/sources.list”:
deb http://mysecureshell.free.fr/repository/index.php/debian testing main deb-src http://mysecureshell.free.fr/repository/index.php/debian testing main
To import GPG key, enter:
# gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys E328F22B; gpg --export E328F22B | apt-key add -
OR
wget -O - "http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x7601D76CE328F22B" | apt-key add -
Now update the source list and install MySecureShell as shown below.
# apt-get update # apt-get install mysecureshell
On Ubuntu:
Edit file “/etc/apt/sources.list” and add the following lines,
deb http://mysecureshell.free.fr/repository/index.php/ubuntu testing main deb-src http://mysecureshell.free.fr/repository/index.php/ubuntu testing main
To import GPG key, enter:
# gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys E328F22B; gpg --export E328F22B | apt-key add -
OR
# wget -O - "http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x7601D76CE328F22B" | apt-key add -
Now update the source list and install MySecureShell as shown below.
# apt-get update # apt-get install mysecureshell
On RHEL/CentOS:
Edit file “/etc/yum.conf” and the following lines at the end.
[mysecureshell] name=MySecureShell baseurl=http://mysecureshell.free.fr/repository/index.php/centos/$basearch/ enabled=1 gpgcheck=0
Update Repository and install MySecureShell as shown below.
# yum update # yum install mysecureshell
On Fedora:
Edit file “/etc/yum.conf” and add the following lines,
[mysecureshell] name=MySecureShell baseurl=http://mysecureshell.free.fr/repository/index.php/fedora/$basearch/ enabled=1 gpgcheck=0
Update Repository and install MySecureShell as shown below.
# yum update # yum install mysecureshell
Create FTP Users
Create users to use MySecureShell shell with command:
# useradd -m -s /bin/MySecureShell unixmen # passwd unixmen
Also you assign the existing users to MySecureShell using command:
# usermod -s /bin/MySecureShell sk
Mow you can connect to your SFTP server from your clients as shown below.
$ sftp unixmen@192.168.1.200 unixmen@192.168.1.200's password: Connected to 192.168.1.200. sftp>
Also you can login to your SFTP server with any graphical clients such as FileZilla from your client system.
Open your favourite FTP client ex.FileZilla. Enter the user name, password and SFTP port 22 and click Connect.
Unlike vsftpd or other FTP servers, MySecureShell SFTP server is lot easy to install and configure.
Configure MySecureShell
The main MySecureShell config file is /etc/ssh/sftp_config. MySecureShell will work well with default configuration. The options in the configuration are well explained, so I don’t have to explain them.
You can adjust or specify various options such as specify upload and download bandwidth, chroot users, the max. amount of connections etc., in the MySecureShell configuration file. You can set this options for everybody or just for a particular group.
For a complete list of configuration examples, please a have look here. This page is in French, but you can translate it to your required language using Google-Trasnlate button on the left.
Say for example, Let us limit the download speed of the FTP users to 25K. To do that open MySecureShell main configuration file.
# nano /etc/ssh/sftp_config
Find the following line and set the download limit to 25k under Default section.
[...] <Default> GlobalDownload 25k #total speed download for all clients [...]
Save and close the file. Restart MySecureShell service to take effect the saved changes.
On Debian/Ubuntu users:
# /etc/init.d/mysecureshell restart
On RHEL/CentOS users:
# service mysecureshell restart
Now the FTP users will be able to download files at 25k speed.
MySecureShell Commands
MySecureShell has the following set of commands to administrate your SFTP server.
- sftp-admin
- sftp-kill
- sftp-state
- sftp-user
- sftp-verif
- sftp-who
Let us see a small introduction of each command.
sftp-admin
This command allows to manage a MySecureShell waiter remotely.
Usage:
sftp-admin [ssh options] user@hostname
sftp-kill
It will disconnect the user from the FTP server.
Usage:
# sftp-kill test
sample output:
Kill test on PID 6753 No lamer to kill ?
The above command will disconnect the user ‘test’ from FTP server.
sftp-state
It allows you to control activity of the server.
# sftp-state
Sample output:
Server is up
sftp-user
This command allows you to create a SFTP user.
Usage:
# sftp-user create test
The above command will create a user called test.
# sftp-user delete test
The above command will delete the the user test.
# sftp-user list
Sample output:
test unixmen
The above command will list SFTP users.
sftp-verif
This command will verify and correct problems on a MySecureShell server.
Usage:
# sftp-verif
Sample output:
################################################################################ MySecureShell Verification Tool ################################################################################ ### Verifing file existance ### /bin/MySecureShell [ OK ] /bin/sftp-who [ OK ] /bin/sftp-kill [ OK ] /bin/sftp-state [ OK ] /bin/sftp-admin [ OK ] /bin/sftp-verif [ OK ] /bin/sftp-user [ OK ] ### Verifing rights ### Verifing file rights of /etc/ssh/sftp_config [ OK ] Verifing file rights of /bin/sftp-who [ OK ] Verifing file rights of /bin/sftp-verif [ OK ] Verifing file rights of /bin/sftp-user [ OK ] Verifing file rights of /bin/sftp-kill [ OK ] Verifing file rights of /bin/sftp-state [ OK ] Verifing file rights of /bin/sftp-admin [ OK ] Verifing file rights of /bin/MySecureShell [ OK ] ### Verifing rotation logs ### Rotation logs have been found [ OK ] ### Verifing server status ### Verifing server status (ONLINE) [ OK ] ### Verifing server dependencies ### Show only error(s) : ### Verifing server configuration ### Show only error(s) : Trying user: root ### All tests dones ###
sftp-who
This command will tell you who is currently logged-in to the FTP server.
Usage:
# sftp-who
Sample output:
--- 1 / 10 clients --- Global used bandwith : 0 bytes/s / 0 bytes/s PID: 6892 Name: test IP: sk.local Home: /home/test Status: idle Path: File: Connected: 2013/12/13 19:52:41 [since 04s] Speed: Download: 0 bytes/s [5.00 kbytes/s] Upload: 0 bytes/s [unlimited] Total: Download: 134 bytes Upload: 23 bytes
How to manage MySecureShell server graphically?
Managing MySecureShell via command line is not that difficult. However if you’re looking for a graphical management tool for MSecureShell, there is a MySecure GUI front-end is available.
You Can install this GUI tool in any of your client system and start managing your SFTP server graphically as well as remotely. Also you have to install Java on your system before installing this front-end tool.
Please note: before using MySecureShell GUI, you must adjust the configuration file to allow the SFTP server to be managed remotely.
To do so, go to your SFTP server, edit file /etc/ssh/sftp_config,
# nano /etc/ssh/sftp_config
Find and uncomment the following line.
[...] #<Group sftp_administrator> IsAdmin true #can admin the server [...]
Save and close the file. Restart mysecureshell service to take effect the changes.
# /etc/init.d/mysecureshell restart
Now download the MySecureShell client from here or download it directly from your Terminal using command:
# wget http://sourceforge.net/projects/mysecureshell/files/MySecureShell%20Graphical%20Tools/v1.90/MSS_Frontend_v1.9.zip
Extract and run it as shown below.
# unzip MSS_Frontend_v1.9.zip
# java -jar sftp-mss.jar
The following screen should appear. Enter the your remote SFTP server username and password
After connecting to the SFTP server it will look like below.
Now you can manage your SFTP server remotely.
Sftp-who
To see the connected users to SFTP server click on sftp-who tab. It will show the current users connected to the SFTP server.
Sftp-state
To view the SFTP server status, click on sftp-state tab.
Wizard
To create user, go to Wizard tab. Select Configuration of users and click Create New user. Enter the new user name and password. Finally click Ok and Finish.
Please note that the users can be created only when MSS-Frontend is installed in SFTP server. Install MSS-Front-end on your SFTP server itself and start creating users.
Also you can change the default home directory, global download/upload speed of the ftp users. To do that, go to Wizard -> Configuration of Server. Enter the new values and click Finish.
In the expert mode, you can adjust/modify various configuration options like Global, Security ad Advanced security. It’s not that difficult. Every option is self-explanatory.
You can analyze what’s happening in the SFTP server using logs.
That’s it for now. At this stage, you will have a working SFTP server.
Reference Links:
--------------------------------------------------------------------- Setup Secure FTP Server With MySecureShell