Group, Owner, Permissions

Advertisement

someone
Guest

Group, Owner, Permissions

Hi,

I've been trying to use WinSCP and OpenSSH using the instructions here: https://winscp.net/eng/docs/guide_windows_openssh_server

However, I was stuck in this part:

Ensure that your account home directory, your .ssh directory and file authorized_keys are not group-writable or world-writable. Recommended permissions for .ssh directory are 700. Recommended permissions for authorized_keys files are 600. Read more about changing permissions.

When I create a .ssh folder, I assign 0700 in the Octal text box. It was created but when I right click->Properties, Octal was still 0777 and Group: - [0] and Owner: - [0]. I believe this is why when I try to connect via public key authentication, I am getting 'server refused our key' error. Also, Checksum is disabled. Am I missing something from the instructions? I am using SFTP.

Thanks!



LOG:
. 2018-02-18 12:40:42.809 Using SFTP protocol.
. 2018-02-18 12:40:42.809 Doing startup conversation with host.
> 2018-02-18 12:40:42.824 Type: SSH_FXP_INIT, Size: 5, Number: -1
< 2018-02-18 12:40:42.824 Type: SSH_FXP_VERSION, Size: 150, Number: -1
. 2018-02-18 12:40:42.824 SFTP version 3 negotiated.
. 2018-02-18 12:40:42.824 Unknown server extension posix-rename@openssh.com="1"
. 2018-02-18 12:40:42.824 Supports statvfs@openssh.com extension version "2"
. 2018-02-18 12:40:42.824 Unknown server extension fstatvfs@openssh.com="2"
. 2018-02-18 12:40:42.824 Supports hardlink@openssh.com extension version "1"
. 2018-02-18 12:40:42.824 Unknown server extension fsync@openssh.com="1"
. 2018-02-18 12:40:42.824 We believe the server has signed timestamps bug
. 2018-02-18 12:40:42.824 We will use UTF-8 strings until server sends an invalid UTF-8 string as with SFTP version 3 and older UTF-8 strings are not mandatory
. 2018-02-18 12:40:42.824 Limiting packet size to OpenSSH sftp-server limit of 262148 bytes
. 2018-02-18 12:40:42.824 Changing directory to "/C:/Users/sample/Documents/SFTP Server".
. 2018-02-18 12:40:42.824 Getting real path for '/C:/Users/sample/Documents/SFTP Server'
> 2018-02-18 12:40:42.824 Type: SSH_FXP_REALPATH, Size: 49, Number: 16
< 2018-02-18 12:40:42.824 Type: SSH_FXP_NAME, Size: 101, Number: 16
. 2018-02-18 12:40:42.824 Real path is '/C:/Users/sample/Documents/SFTP Server'
. 2018-02-18 12:40:42.824 Trying to open directory "/C:/Users/sample/Documents/SFTP Server".
> 2018-02-18 12:40:42.824 Type: SSH_FXP_LSTAT, Size: 49, Number: 263
< 2018-02-18 12:40:42.824 Type: SSH_FXP_ATTRS, Size: 37, Number: 263
. 2018-02-18 12:40:42.824 Getting current directory name.
. 2018-02-18 12:40:42.878 Listing directory "/C:/Users/sample/Documents/SFTP Server".
> 2018-02-18 12:40:42.878 Type: SSH_FXP_OPENDIR, Size: 49, Number: 523
< 2018-02-18 12:40:42.878 Type: SSH_FXP_HANDLE, Size: 13, Number: 523
> 2018-02-18 12:40:42.878 Type: SSH_FXP_READDIR, Size: 13, Number: 780
< 2018-02-18 12:40:42.878 Type: SSH_FXP_NAME, Size: 169, Number: 780
> 2018-02-18 12:40:42.878 Type: SSH_FXP_READDIR, Size: 13, Number: 1036
< 2018-02-18 12:40:42.878 Type: SSH_FXP_STATUS, Size: 28, Number: 1036
< 2018-02-18 12:40:42.878 Status code: 1
> 2018-02-18 12:40:42.878 Type: SSH_FXP_CLOSE, Size: 13, Number: 1284
. 2018-02-18 12:40:42.878 sample@localhost.log;-;7621;2018-02-18T04:40:40.000Z;3;"-" [0];"-" [0];rw-******;1
. 2018-02-18 12:40:42.878 ..;D;0;1899-12-30T08:00:00.000Z;0;"" [0];"" [0];---------;0
. 2018-02-18 12:40:42.909 Startup conversation with host finished.
. 2018-02-18 12:44:54.868 Creating directory ".ssh".
. 2018-02-18 12:44:54.870 Canonifying: ".ssh"
. 2018-02-18 12:44:54.870 Getting real path for '/C:/Users/sample/Documents/SFTP Server/.ssh'
> 2018-02-18 12:44:54.870 Type: SSH_FXP_REALPATH, Size: 54, Number: 1808
< 2018-02-18 12:44:54.873 Type: SSH_FXP_STATUS, Size: 24, Number: 1284
. 2018-02-18 12:44:54.873 Discarding reserved response
< 2018-02-18 12:44:54.878 Type: SSH_FXP_NAME, Size: 111, Number: 1808
. 2018-02-18 12:44:54.878 Real path is '/C:/Users/sample/Documents/SFTP Server/.ssh'
. 2018-02-18 12:44:54.878 Canonified: "/C:/Users/sample/Documents/SFTP Server/.ssh"
> 2018-02-18 12:44:54.878 Type: SSH_FXP_MKDIR, Size: 58, Number: 1550
< 2018-02-18 12:44:54.908 Type: SSH_FXP_STATUS, Size: 24, Number: 1550
< 2018-02-18 12:44:54.908 Status code: 0
> 2018-02-18 12:44:54.908 Type: SSH_FXP_LSTAT, Size: 54, Number: 2055
< 2018-02-18 12:44:54.915 Type: SSH_FXP_ATTRS, Size: 37, Number: 2055
> 2018-02-18 12:44:54.915 Type: SSH_FXP_SETSTAT, Size: 62, Number: 2313
< 2018-02-18 12:44:54.920 Type: SSH_FXP_STATUS, Size: 24, Number: 2313
< 2018-02-18 12:44:54.920 Status code: 0
. 2018-02-18 12:44:54.920 Listing directory "/C:/Users/sample/Documents/SFTP Server".
> 2018-02-18 12:44:54.920 Type: SSH_FXP_OPENDIR, Size: 49, Number: 2571
< 2018-02-18 12:44:54.923 Type: SSH_FXP_HANDLE, Size: 13, Number: 2571
> 2018-02-18 12:44:54.923 Type: SSH_FXP_READDIR, Size: 13, Number: 2828
< 2018-02-18 12:44:54.925 Type: SSH_FXP_NAME, Size: 273, Number: 2828
> 2018-02-18 12:44:54.928 Type: SSH_FXP_READDIR, Size: 13, Number: 3084
< 2018-02-18 12:44:54.933 Type: SSH_FXP_STATUS, Size: 28, Number: 3084
< 2018-02-18 12:44:54.933 Status code: 1
> 2018-02-18 12:44:54.933 Type: SSH_FXP_CLOSE, Size: 13, Number: 3332
. 2018-02-18 12:44:54.933 .ssh;d;0;2018-02-18T04:44:54.000Z;3;"-" [0];"-" [0];rwx******;3
. 2018-02-18 12:44:54.933 sample@localhost.log;-;9693;2018-02-18T04:40:44.000Z;3;"-" [0];"-" [0];rw-******;1
. 2018-02-18 12:44:54.933 ..;D;0;1899-12-30T08:00:00.000Z;0;"" [0];"" [0];---------;0

Reply with quote

Advertisement

someone
Guest

Thank you martin. One last query. Does having - [0] as Group and Owner boxes have effect on the .ssh folder access? Why was it [0] in the first place? I have been seeing tutorials or even the one in here: https://winscp.net/eng/docs/ui_properties where Group was users[546] and Owner was martinp[1002].

Mine was - [0] and I was logged on in WinSCP as the usual User in my machine (I was the only user). Your response will be much much appreciated.

Reply with quote

martin
Site Admin
martin avatar

It's about how a non *nix SSH server presents advanced remote ACL via simple *nix style permissions. Some may try to at least partially present the permissions somehow. Some (what seems to be the case) simply send 0 and ignore any changes.

Reply with quote

Advertisement

You can post new topics in this forum