Menu
I am trying to use Amazon EC2 Servers as my SFTP server where I can create authenticated users to sftp into my server. I have mounted s3 buckets onto the servers at location /mnt/buckets/{username} for each user using s3fs. Reading and writing onto the /mnt/buckets/{username} directory works with s3 as expected.
My sshd_config has the following.
ChrootDirectory /mnt/buckets/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
When SFTP-ing I get the following response
...
debug1: Authentication succeeded (publickey).
Authenticated to ec2-54-173-113-164.compute-1.amazonaws.com ([54.173.113.164]:22).
debug2: fd 5 setting O_NONBLOCK
debug3: fd 6 is O_NONBLOCK
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting [email protected]
debug1: Entering interactive session.
Write failed: Broken pipe
Connection closed
The mounted bucket has these permissions.
/home/ubuntu# ls -l /mnt/buckets/
total 1
drwxrwxrwx 1 root root 0 Jan 1 1970 sftptester
When I change the Chroot Directory to /mnt/buckets I am able to log into the sftp server as well as read and write into the s3 mounted bucket
Can I chroot the user into a mounted s3 bucket?
(Also if there are any tools that have this functionality already I would be interested in knowing them as well)
792
Just mount the bucket using s3fs file system (or similar) to a Linux server (e.g. Amazon EC2) and use the server's built-in SFTP server to access the bucket. Add your security credentials in a form access-key-id:secret-access-key to /etc/passwd-s3fs For details, see my guide Setting up an SFTP access to Amazon S3.
Just mount the bucket using s3fs file system (or similar) to a Linux server (e.g. Amazon EC2) and use the server's built-in SFTP server to access the bucket. Install the s3fs Add your security credentials in a form access-key-id:secret-access-key to /etc/passwd-s3fs
Or you can just use a (GUI) client that natively supports S3 protocol (what is free). In your Amazon AWS Console, go to AWS Transfer for SFTP and create a new server. In SFTP server page, add a new SFTP user (or users).
Storage Units: FTP/SFTP vs. Amazon S3 Buckets The FTP and SFTP protocols were designed to transfer files, while Amazon S3 buckets were designed to store objects. Although both are popular for sharing and storing data remotely, they work differently.
The issue might be that the S3 "bucket folders" that appear as user directories in the mount folder don't have the correct permissions for the SFTP users to read them.
Try adding this to your S3FS execution -o umask=022. This will add the following permissions to your SFTP user folders: drwxr-xr-x
Example: sudo s3fs bucket-name /mount/folder/ -o iam_role=role_name -o allow_other -o stat_cache_expire=10 -o enable_noobj_cache -o enable_content_md5 -o umask=022
-o allow_other and -o umask=022 were both required for me to get this working.
179
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
