Setup SFTP server with public key authentication and chroot on Ubuntu

Reason why i setup SFTP server with public key authentication is for lab testing purpose.

Using username "test1".
Authenticating with public key "rsa-key-20171018"
Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.10.0-37-generic x86_64)

 * Documentation:
 * Management:
 * Support:

71 packages can be updated.
0 updates are security updates.

Last login: Wed Oct 18 22:00:19 2017 from

0. install sshd and vsftpd

sudo apt-get update
sudo apt-get install vsftpd
sudo apt-get install openssh-server

1. create sftp user group

sudo groupadd sftponly

2. create testing user

sudo useradd -g sftponly -d /incoming -s /sbin/nologin test2
passwd test2

3. check user and group just created

grep test2 /etc/passwd
cat /etc/group

4. config sshd

nano /etc/ssh/sshd_config

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      %h/.ssh/authorized_keys /var/ftpdir/.ssh/authorized_keys

Match group sftponly
ChrootDirectory /var/ftpdir/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

you also can change to : UsePAM no 

5. create required folders

sudo mkdir /var/ftpdir
sudo mkdir /var/ftpdir/.ssh
sudo mkdir /var/ftpdir/test1/psdir

6 set folder permission and restart ssh server

sudo chown test1:sftponly /var/ftpdir/test1/psdir
sudo service sshd restart

7 create private/public key with putty key-gen and upload public to to the server folder

sudo nano /var/ftpdir/.ssh/authorized_keys
public key key-gen with putty

Comment: "rsa-key-20171018"

you have to modify it to be like
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQ......... all in one line

8 connect with putty +key and use psftp to connect to server

PS C:\Users\user\Desktop> .\psftp.exe -load test1@homelab
Using username "test1".
Remote working directory is /
psftp> dir
Listing directory /
drwxr-xr-x    3 0        0            4096 Oct 19 05:30 .
drwxr-xr-x    3 0        0            4096 Oct 19 05:30 ..
drwxr-xr-x    2 1002     1001         4096 Oct 19 05:30 psdir
psftp> cd /etc
Directory /etc: no such file or directory

Install vmware-tools for Ubuntu

After mount cdrom

cd to the cdrom folder

cd /media/USERname/VMware\ Tools/

extract to another folder

tar -zxvf VMwareTools-10.1.5-5055693.tar.gz -C ~/vm   #tar -zxvf archive.tar -C /target/directory

change to the folder

cd ~/vm/vmware-tools-distrib/

run installation script

sudo ./ 


Install msfpescan

basic update and install metasploit-payloads gem
bundle install have to be in the app folder

sudo gem install metasploit-payloads -v '1.1.4'
sudo gem update --system
chako@kali:/usr/share/metasploit-framework$ sudo bundle install
chako@kali:/usr/share/metasploit-framework$ sudo bundle binstubs metasploit-framework --path=$(dirname $(which msfconsole)) --force
metasploit-framework has no executables, but you may want one from a gem it depends on.
  jsobfu has: jsobfu
  metasploit_data_models has: mdm_console
  nokogiri has: nokogiri
  railties has: rails
  recog has: recog_export, recog_match, recog_verify
  redcarpet has: redcarpet
  patch_finder has: msu_finder
  rex-bin_tools has: msfbinscan, msfelfscan, msfmachscan, msfpescan
  rex-rop_builder has: msfrop

Install Install msfpescan

sudo gem install rex-bin_tools patch_finder rex-rop_builder metasploit_data_models
sudo gem update
gem list

msfpescan installed 🙂

chako@kali:/usr/share/metasploit-framework$ msfpescan
Usage: /usr/local/bin/msfpescan [mode] <options> [targets]

    -j, --jump [regA,regB,regC]      Search for jump equivalent instructions
    -p, --poppopret                  Search for pop+pop+ret combinations
    -r, --regex [regex]              Search for regex match
    -a, --analyze-address [address]  Display the code at the specified address
    -b, --analyze-offset [offset]    Display the code at the specified offset
    -f, --fingerprint                Attempt to identify the packer/compiler
    -i, --info                       Display detailed information about the image
    -R, --ripper [directory]         Rip all module resources to disk 
        --context-map [directory]    Generate context-map files

    -M, --memdump                    The targets are memdump.exe directories
    -A, --after [bytes]              Number of bytes to show after match (-a/-b)
    -B, --before [bytes]             Number of bytes to show before match (-a/-b)
    -D, --disasm                     Disassemble the bytes at this address
    -I, --image-base [address]       Specify an alternate ImageBase
    -F, --filter-addresses [regex]   Filter addresses based on a regular expression
    -h, --help                       Show this message