SFTP root user access

Hi all. Just 'upgraded' vsftpd to use sftp, and disabled ftp access to my linode. Had vsftpd dissallowing root access for obvious security reasons, but this was inconvenient in transferring files to the server that need root access, etc. So, now that I am using sftp, I'd like to go back to using the root user.

My vsftpd.conf is as follows:

#
# User Level (anonymous vs. local):
anonymous_enable=NO
local_enable=YES

#
# FTP Access Rights:
local_umask=022
write_enable=YES

#
# Logging:
xferlog_enable=YES
xferlog_std_format=NO
vsftpd_log_file=/logs/vsftpd.log

#
# Connection Rules:
connect_from_port_20=YES
idle_session_timeout=600
data_connection_timeout=600

#
# FTP Settings:
nopriv_user=nobody
ls_recurse_enable=YES
force_dot_files=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/vsftpd.chroot_list
chroot_local_user=YES
pam_service_name=vsftpd
userlist_enable=YES
userlist_file=/etc/vsftpd/vsftpd.user_list

#
# SSL Settings:
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=NO
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/vsftpd/vsftpd.pem

The PAM file has the following:

# Standard behaviour for ftpd(8).
auth    required    pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed

# Note: vsftpd handles anonymous logins on its own.  Do not enable
# pam_ftp.so.

# Standard blurb.
@include common-account
@include common-session

@include common-auth
auth    required    pam_shells.so

This looks correct, as it denies access to users in the /etc/vsftpd/ftpusers file, and I have removed root from that file.

The userlist_file above has both root and my safe 'ftpuser' account in it.

After removing root from ftpusers, I am still not able to login (get access denied). 'ftpuser' is still able to log in through sftp. Any ideas why root is still being denied?

Thanks,

Paul

2 Replies

I thought SFTP made use of SSH (default port 22), so you'll need to look at that configuration instead I think. Unless I missed something =p

Yes, it was an SSH issue…

Needed to change my sshd_config file to allow for root login.

Thanks!

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct