Hostname: sftp://sftp.community-info.orgUserName: anonymous
Password: woofwoof
Hostname: sftp://sftp.community-info.orgThat's a screenshot taken on my Windows 7 PC, Serval; logged in to my sftp server (for those of you who haven't read my earlier blogs, see http://community-info.org/sftp.htm too find out what sftp is, and why I'm using it). This is the same way it would've looked when I had my sftp server running on Serval, but now it runs on PuppyPC9908; see my last blog about how I'm now running Internet services on PuppyPC9908 (a Dell Dimension 4600c) too relieve the burden on Serval (so my web server is more responsive).
This was easy to setup using sshd on PuppyPC9908 (which was running Wary Puppy Linux 5.3 when I got started, but I upgraded to 5.5 since then). I created a folder that could be connected to using sftp, but you can't cd out of (it's listed on the Internet as a SSH Jail), created an anonymous user, and in the ssh configuration file (/etc/ssh/sshd_config) set the anonymous user as the only user allowed to login (and set the jail as the login directory). You can look up how to do all of this on the Internet (I did). I was able to log into sshd as anonymous when I told FileZilla (the sftp client I'm using) that the hostname was puppypc9908, but when I tried using sftp://sftp.community-info.org (the URL I already have setup on my DNS server to my sftp server) it didn't connect; FileZilla said "software caused connection abort".
I already know my sshd software is OK for a connection over the LAN (i.e., a local connection) but failed when trying to connect through the WAN (i.e., some URL string sent to the router from the outside). My first thought was I needed to give WAN permissions to the sshd running on PuppyPC9908. I checked this out by starting the ssh server in debug mode (/usr/sbin/sshd -d -d -d) and tried connecting again through FileZilla; sshd gave an error message that the "connection refused by tcp wrapper".
That tcp wrapper message I got looked like it was sent before there was any type of handshaking, but to be sure about that I tried connecting with the Putty command line program for logging into an sftp server (sshd in my case), psftp; hoping to get command line error messages. psftp just timed out; no handshaking at all. So it looked like that tcp wrapper thing was preventing a connection to sshd. Once again I googled the Internet and found out that tcp wrapper was a program created in 1990 to prevent tcp access to everybody but those you wanted in. So, I just needed to tell tcp wrapper that I wanted a specific WAN connection in; i.e., sftp://sftp.community-info,org on port 22 (that's the port number for sftp).
It turns out that tcp wrapper has two configuration files; hosts.allow and hosts.deny. The default setting for tcp wrapper in deny is "ALL: ALL", which denies everyone. The default seting for tcp wrapper in allow is "ALL: LOCAL" which allows all connections through the LAN (makes sense, since the LAN was already working for me). I changed hosts.deny to "ALL: ALL EXCEPT KNOWN" and made sftp.community-info.org known by putting it in /etc/hosts (for Windows users, Windows has a hosts file, too), and for good measure I modified /etc/ssh/sshd_config by un-commenting the line "UseDNS yes".
I started everything back up on PuppyPC9908 and then started up FileZilla on Serval. As you can see in the image at the top of this web page, I was able to login using the hostname sftp://sftp.community-info.org I created this blog to let all of my visitors know that my sftp server is back up and running (I shut it down for a while) and they can log into it with the username "anonymous" and the password "woofwoof". I need to take that password restriction off, but since I reduced the security level of PuppyPC9908 a little, I want to check that out first. There is a second reason for this blog; there are postings all over the Internet about that "software caused connection abort" message, but I haven't seen a single explanation about how you need to modify the settings on tcp wrapper to eliminate the problem. This blog is needed by some people who are unable to connect to an sftp server through a WAN.