Setup SFTP server with public key authentication and chroot on Ubuntu

Reason why i setup SFTP server with public key authentication is for lab testing purpose.


Using username "test1".
Authenticating with public key "rsa-key-20171018"
Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.10.0-37-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

71 packages can be updated.
0 updates are security updates.

Last login: Wed Oct 18 22:00:19 2017 from 192.168.1.68
test1@ubuntu:~$


0. install sshd and vsftpd

sudo apt-get update
sudo apt-get install vsftpd
sudo apt-get install openssh-server

1. create sftp user group

sudo groupadd sftponly

2. create testing user

sudo useradd -g sftponly -d /incoming -s /sbin/nologin test2
passwd test2

3. check user and group just created

grep test2 /etc/passwd
cat /etc/group

4. config sshd

nano /etc/ssh/sshd_config

change/add:
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      %h/.ssh/authorized_keys /var/ftpdir/.ssh/authorized_keys



Match group sftponly
ChrootDirectory /var/ftpdir/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

you also can change to : UsePAM no 

5. create required folders

sudo mkdir /var/ftpdir
sudo mkdir /var/ftpdir/.ssh
sudo mkdir /var/ftpdir/test1/psdir

6 set folder permission and restart ssh server

sudo chown test1:sftponly /var/ftpdir/test1/psdir
sudo service sshd restart

7 create private/public key with putty key-gen and upload public to to the server folder

sudo nano /var/ftpdir/.ssh/authorized_keys
public key key-gen with putty

---- BEGIN SSH2 PUBLIC KEY ----
Comment: "rsa-key-20171018"
AAAAB3NzaC1yc2EAAAABJQAAAQEAj3Hx0olZ1a7CD1vcFCHz4jhc80fbr7Buq2+I
07Lox0rYuBJS3uZJj8b7Qo1BxlrWI44zWyZcOCssOtkNIEBD6B5prKGqd4osuh+b
G+Pz2PRhIT1FkJU3SWnbnuASmr06lUSxbBQYMg+lum1AV5Y+5k3bN6nv3kgvfHz3
Y0wZNOuM/a6B9mDX9+miiGeDopzAklPaObSVbdVurfpUSa3/GDVco7ZYiY75B42y
w9cvVLVVDQbHrBJNlihLw6h79VtAsydn93RQFkDhr7piIdWrouOUM/O+vSOIPpaa
AO8mZeEpC40ut0SDRpXIALS8Kt3S31bHRGjFbyblN+7zAofEQw==
---- END SSH2 PUBLIC KEY ----

you have to modify it to be like
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQ......... all in one line

8 connect with putty +key and use psftp to connect to server

PS C:\Users\user\Desktop> .\psftp.exe -load test1@homelab
Using username "test1".
Remote working directory is /
psftp> dir
Listing directory /
drwxr-xr-x    3 0        0            4096 Oct 19 05:30 .
drwxr-xr-x    3 0        0            4096 Oct 19 05:30 ..
drwxr-xr-x    2 1002     1001         4096 Oct 19 05:30 psdir
psftp>
psftp> cd /etc
Directory /etc: no such file or directory

Enable and Disable an Network Adapter using PowerShell

u can type and run ” ncpa.cpl” in powershell
it will open windows network adapter listing and setting

1. WMIC
in powershell (Run as Admin):

wmic nic get name","index


PS C:\Users\chako> wmic nic get name","index
Index  Name
0      Intel(R) Ethernet Connection I217-V
1      Realtek PCIe GBE Family Controller
2      Broadcom 802.11ac Network Adapter
3      Microsoft Kernel Debug Network Adapter
4      Microsoft Wi-Fi Direct Virtual Adapter
5      WAN Miniport (SSTP)
6      WAN Miniport (IKEv2)
7      WAN Miniport (L2TP)
8      WAN Miniport (PPTP)
9      WAN Miniport (PPPOE)
10     WAN Miniport (IP)
11     WAN Miniport (IPv6)
12     WAN Miniport (Network Monitor)
13     Microsoft ISATAP Adapter
14     Microsoft Teredo Tunneling Adapter
15     Bluetooth Device (Personal Area Network)
16     Bluetooth Device (RFCOMM Protocol TDI)
17     Microsoft KM-TEST Loopback Adapter
18     VMware Virtual Ethernet Adapter for VMnet1
19     VMware Virtual Ethernet Adapter for VMnet8
25     VirtualBox Host-Only Ethernet Adapter
26     Microsoft ISATAP Adapter #6


PS C:\Windows\system32> wmic path win32_networkadapter where index=18 call enable
Executing (\\DESKTOP-G0J7PAP\root\cimv2:Win32_NetworkAdapter.DeviceID="18")->enable()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 0;
};



2. netsh
in powershell (Run as Admin):



PS C:\Windows\system32> netsh interface show interface

Admin State    State          Type             Interface Name
-------------------------------------------------------------------------
Enabled        Disconnected   Dedicated        Ethernet
Disabled       Disconnected   Dedicated        Npcap Loopback Adapter
Disabled       Disconnected   Dedicated        VirtualBox Host-Only Network
Disabled       Disconnected   Dedicated        VMware Network Adapter VMnet1
Disabled       Disconnected   Dedicated        VMware Network Adapter VMnet8
Enabled        Connected      Dedicated        Wi-Fi
Enabled        Disconnected   Dedicated        Ethernet 2



Disable Ethernet :

netsh interface set interface "Ethernet" disabled



3. Get-NetAdapter
in powershell (Run as Admin):


PS C:\Windows\system32> Get-NetAdapter

Name                      InterfaceDescription                    ifIndex Status       MacAddress             LinkSpeed
----                      --------------------                    ------- ------       ----------             ---------
Ethernet 2                Realtek PCIe GBE Family Controller           20 Disconnected 70-A0-20-0B-0A-99          0 bps
Wi-Fi                     Broadcom 802.11ac Network Adapter             9 Up           54-CA-6B-A1-A3-23        78 Mbps
VMware Network Adapte...8 VMware Virtual Ethernet Adapter for ...       3 Not Present  00-50-56-C0-00-08          0 bps
VMware Network Adapte...1 VMware Virtual Ethernet Adapter for ...      10 Disabled     00-50-56-C0-00-01       100 Mbps
VirtualBox Host-Only N... VirtualBox Host-Only Ethernet Adapter        23 Not Present  0A-00-27-00-00-1B          0 bps
Npcap Loopback Adapter    Npcap Loopback Adapter                       19 Not Present  A2-00-CC-CC-FF-5A          0 bps
Ethernet                  Intel(R) Ethernet Connection I217-V          16 Disabled     50-D0-AB-CB-FB-99          0 bps



PS C:\Windows\system32> Get-NetAdapter -Name Ethernet | Enable-NetAdapter
PS C:\Windows\system32> Get-NetAdapter -Name Ethernet | Disable-NetAdapter

Confirm
Are you sure you want to perform this action?
Disable-NetAdapter 'Ethernet'
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): y
PS C:\Windows\system32>


[reference]
https://support.microsoft.com/en-za/help/192806/how-to-run-control-panel-tools-by-typing-a-command