- Frequently Asked Questions
- What can I do if I have a problem?
- Some features seem not working correctly
- I can’t open symbolic link folders
- Connection refused after connection
- Why do I got random errors on download or file access?
- Why uploaded files have 0 size on the server?
- Clients do not see all folders or files on the server, why?
- Only allow MySecureShell users for SFTP connections
- How can I enforce security like blocking bruteforce attacks?
- How coud I limit the number of simultaneous unauthenticated connections?
- How can I make a passwordless connection?
- Can I use another authentication system?
- Be sure it’s not a miss-configuration problem first.
- Check out the FAQ to be sure the problem was not already listed.
- If the problem still persist, you can look at the list of issues to see if the problem have not already corrected.
- If not, create an issue on GitHub.
On issues, we’ll do our best to reply as soon as possible.
For some security reasons and for official packaging approval in several Linux distributions, the setuid right on the /usr/bin/mysecureshell binary has been dropped by default.
Please check that you have the setuid with
sftp-verif tool or directly set rights:
> chmod 4755 /usr/bin/mysecureshell
When you have connection refused message when you’re trying to login, this is generally a problem of firewalling.
Check that you’re not behind a firewall or your SSH port (default is 22) is correctly open:
> nc -v your_sftp_server 22 Connection to localhost 22 port [tcp/ssh] succeeded!
If it’s still not ok, please check that your SSH service is properly running:
> service ssh status
This is generally due to SFTP clients cache. Some clients like FileZilla have a cache enabled by default which can indicates wrong informations (connected even if you’re not, showing files that do not exists anymore on the server, etc...).
The solution consist in disabling the cache on the client size.
When this problem occurs, it’s usually because of a disc full on the server side.
Check if the
HideNoAccess child tag is enabled. This tag hides folders and files to your users with no access to them.
If you want your users to be able to see (but do not have access) to any files or folders without having rights, you should consider disabling
If you want to only allow MySecureShell users to use sftp connections on your server, you need to change/adapt this line (OpenSSH version > 4.5) in /etc/ssh/sshd_config:
Subsystem sftp /usr/bin/mysecureshell -c sftp-server
Changing this parameters will block users who do not have MySecureShell as a shell!
You can use a solution called Fail2ban which will check at the authentication logs in real time. If it detects a certain amount of failed login in a given time, it will block an IP address using iptables rules.
If you want to limit the number of simultaneous unauthenticated connections by changing the
MaxStartups value in /etc/ssh/sshd_config file:
In this example, we do not allow more than 5 unauthenticated connections at the same time.
To get a secure connection without credentials, you can use SSH key exchange. One of the advantage of that solution is the security enforcement. To make it work, be sure that your server allow it in its configuration file /etc/ssh/sshd_config:
If you only want to allow this user using SSH key, you can disable it’s password account:
> passwd -d useraccount
Note that it will also disable local password account
Of course you can use another authentication system like:
You have to configure PAM (Pluggable Authentication Module) to be able to authenticate trought another backend. You can check that your backend connection is working fine like this:
$ getent passwd username username:x:1000:1000:username,,,:/home/username:/usr/bin/zsh
We can see here a user called username, with id 1000. You now have to change his shell to make it work properly.