Recommended VPS Complete list of best VPS hosting providers.

How to Configure MySecureShell FTP Server

MySecureShell is shortly a free FTP server you can install on your either VPS or Dedicated server to enable file transfer between your server and your local computer (or another server). It is a great alternative to vsFTPd or ProFTPd. MySecureShell or MSS for short, is claimed to be very secure, easy to use, easy to configure and highly configurable because it is based on the very secure protocol called OpenSSH. Yet, the installation is also pretty easy which can be done within seconds on any Linux Distro.

With MSS FTP server you can:

Control of FTP bandwidth.
Security rights information.
Administration of the server with a graphical interface.
Management of activity of the server with logs.
Restrictions of users by ip, groups…
No certificate problems non-certified (for paying for it is authenticated) or certificate generation.
– Support public and private keys for secure authentication without password.

So are your ready to switch your old FTP server to MSS? Follow steps below and you’ll how easy it is to setup and configure MySecureShell on your VPS.

What You Need

  1. A VPS running your favorite Linux Distro. In this example I use a 512MB cloud VPS from Atlantic.net (a test server of Servermom). Need recommendation? If you need a test server with hourly billing then Atlantic.net, DigitalOcean and few other cloud providers will come in handy.
  2. SSH client to access your server. Putty or terminal will help you.
  3. Basic knowledge of top common shell command.
  4. A cup of coffee or tea
  5. About 15 minutes of your time

How To

Step 1 – Login to your server as root or as a user with root privilege (sudo):

2015-07-03_221847

Step 2Install MySecureShell FTP server on your VPS following my previous guide.

2015-07-03_221820

Step 3 – Find out in which directory MSS is installed, this is important because youu should specify that path while creating new FTP users or assign exiting users to access the SFTP server. Simply issue this magic command:

whereis mysecureshell

It will then give you an output similar to this:

2015-07-03_221922

Step 4 – In my example above, the MSS was installed at /usr/bin/mysecureshell. Next you can create new user with this command:

useradd -m -s /usr/bin/mysecureshell servermom

change the MSS path and servermom with your own. Also define new password for that newly created user:

passwd servermom

example:

2015-07-03_222023

Step 5 – Once the user created, you have to assign that user to MSS

usermod -s /bin/mysecureshell servermom

again, replace MSS path and servermom with your own.

2015-07-03_222837

Step 6 – You can now use your favorite FTP Client to access your server.

2015-07-03_220759

or, if you access your FTP server using another Unix server or Linux local computer, issue this command:

sftp servermom@xxx.xxx.xxx.xxx

change servermom with your own username and xxx.xxx.xxx.xxx is your server IP:

2015-07-03_222145

That’s it.

MySecureShell Configuration

Default MSS config file is located at /etc/ssh/sftp_config which you can edit it using your favorite editor like Nano or vi.

nano /etc/ssh/sftp_config

I looks like this by default:

mysecureshell-configuration

The good news is every line of configuration has its own explanation so you can easily understand what each line is for.

2015-07-03_223408

Common Adjustments

1. Limit the download or upload speed for the FTP users.

2015-07-03_223927

2. Make users to have access ONLY to their own home directory

<Default>
    # For all users, they will have access to their own home directory
    Home        /home/$USER
</Default>

3. Force users to stay in their home directory, limit their download speed to (any)k and limit their upload speed to (any)k

<Group users>
    # Force users to stay in their home directory
    StayAtHome  true
    # Limit their download speed to 128k
    Download    128k
    # Limit their upload speed to 16k
    Upload      16k
</Group>

4. Common MySecureShell setting for multiple websites:

– Give clients full rights to manage their website content
– Limit the bandwidth
– Force rights creation
– Limit the number of connexions and idle time
– Restrict their rights on files and folders

can be done with these lines:

<Default>
    # For all users, they will have access to their own home directory
    Home                    /home/$USER
    # Force users to stay in their home directory
    VirtualChroot           true
    # Set global download for the server to 100m
    GlobalDownload          100m
    # Set global upload for the server to 100m
    GlobalUpload            100m
    # Limit user download speed to 1m
    Download                1m
    # Limit user upload speed to 1m
    Upload                  1m
    # Limit 6 users per IP
    LimitConnectionByIP     6
    # We limit a user up to 2 simultaneous connections
    LimitConnectionByUser   2
    # We do not want users to keep forever their idle connection
    IdleTimeOut             10m
    # Force user and group to apache daemon username
    # to avoid rights issues
    ForceUser               www-data
    ForceGroup              www-data
    # We do not want users to be able to set execution files
    MaximumRights           0640 0750
    # We do not want users to be able to change file attributes
    DisableSetAttribute     true
</Default>

<VirtualHost www.example.com>
    # Set home directory for this virtualhost
    Home                    /var/www/sites/www.example.com
    # Set dedicated log file
    LogFile                 /var/log/sftp/www.example.com
</Group>

<VirtualHost www.exemple.fr>
    # Set home directory for this virtualhost
    Home                    /var/www/sites/www.exemple.fr
    # Set dedicated log file
    LogFile                 /var/log/sftp/www.example.com
    # Override the maximum number of connection per user
    LimitConnectionByUser   4
</Group>

5. Common command: Adding new user

New ftp user can be added using command below:

sftp-user create username

This example I created a new FTP user called servermom2:

2015-07-03_224344

6. Common command: Check FTP server status, stop or restart it

# check the current status (up/down)
service mysecureshell status

# Allow new SFTP connections
service mysecureshell start

# Deny new SFTP connections and keep current connected users
service mysecureshell stop

# Deny new SFTP connexions and kill current running (clean memory as well)
service mysecureshell fullstop

# Make a fullstop and start
service mysecureshell restart

example:

2015-07-03_225632

7. Common command: Check MySecureShell installation / config

sftp-verif

sample output:

2015-07-03_225942

Conclusion

MySecureShell is really great alternative to vsFTP or ProFTP considering how easy it is to use and to configure. It is also supported with complete straight forward documentation make it easy to learn. So if you want an easy solution to build, setup and have a working FTP server in no time, MySecureShell is the answer.

4 Comments

Add a Comment

Your email address will not be published. Required fields are marked *

Get more stuff like this
in your inbox

Subscribe and get interesting stuff plus faster updates to your email.