13 Replies Latest reply: Dec 5, 2012 11:55 PM by jcelda
willarizona Level 1 Level 1 (0 points)

Hey guys,

 

Looking for a nudge in the right direction here.

 

So I understand that setting up FTP for OS X Lion Server is a little different than it was previously. I found some resources online that showed me how to set up the FTPd so that i could indeed FTP into my server at home under Lion Server and that works fine.

 

A question I have though is how i can create a new FTP user? Does it just use whatever it set up in the System Preferences > Users section?

 

Secondly, I hear that SFTP is the new ftp protocol to use in Lion and I'd like to set that up. Problem is I am not sure how to set it up. I read i needed to turn on Remote Login in System Preferences > Sharing, which i did. But, i don't seem to be able to connect to my server using SFTP using Transmit (my FTP client). Is there something basic i might be missing?

 

Thank you

William


Mac mini, Mac OS X (10.7)
  • mosespreciado Level 1 Level 1 (0 points)

    William, I had the same concerns and problem as you.

     

    I found that my router wasn't configured to forward port 22 (sftp) i only had 21. Once i enabled it my problem was resolved. I hope this helps.

     

    -Moses

  • Andrew Craft Level 1 Level 1 (25 points)

    William,

     

    You'll definitely want to use SFTP over FTP. The older FTP protocol isn't secure.

     

    You can turn on "Remote Access" in your "Sharing" System Preferences. It's a good idea to limit access only to users that will need remote access.

  • Cerpher Level 1 Level 1 (0 points)

    William,

     

    I had the same problem sort of.....

     

    i wanted to use my Brother MFC to scan using the FTP to PDF function but looked all over the system preferences

     

    Yes even

    system preferences --> sharing --> remote login

    this is great for ssh

     

    i was only doing FTP so found this on-line and it works

     

    Terminal --> su

    to start

    launchctl unload -w /System/Library/LaunchDaemons/ftp.plist

    to stop

    launchctl unload -w /System/Library/LaunchDaemons/ftp.plist

     

    it still used the user as the FTP user (already the main user that i am log in too)

     

    hope that helps you

  • iphoneczar Level 1 Level 1 (0 points)

    All I had to do is go into the sharing folder in system preferences and enable remote login. Then I was able to remotely login using sftp. Now if you are doing this from outside your firewall you will have to add port forwarding for port 22 to your target machine.

     

    You definitelly want to steer clear of ordinary ftp.

     

    iGeoCacher

    www.ayefon.com

  • Cerpher Level 1 Level 1 (0 points)

    Yes even tried but did not work - this is great for SSH access

    system preferences --> sharing --> remote login

     

    Yes even tried SFTP but did not work since no SFTP on Brother

    system preferences --> sharing --> file sharing --> options

    checked the file sharing box

    click on options

    checked share files and folders using AFP

     

    did not see any SFTP settings……

     

     

    this is the only thing that worked for me

     

    sorry left out a command cause i tried to follow my steps and it failed

     

     

    updated walk through steps

    open terminal window

     

    go --> Utilites --> Terminal

    at the command line and sudo admin password it will work

     

    note that the -s will make the next inputs work (SORRY LEFT OUT THE -S)

     

    type to start:

    sudo -s launchctl unload -w /System/Library/LaunchDaemons/ftp.plist

     

    type to stop:

    sudo -s launchctl unload -w /System/Library/LaunchDaemons/ftp.plist

  • iphoneczar Level 1 Level 1 (0 points)

    Not sure about your particular client. Here's what I did.

     

    First, on the server box I enabled Remote login in the sharing preferences. Then, from the client machine I open a terminal window and enter

     

    sftp 192.168.1.45

     

    (this is the address of my server box on my network.)

     

    I'm then prompted for a password and I enter it. I presume it's logging me in as the user I'm logged onto the client machine. That will work as I have the same user id on both machines.

     

    Otherwise, I could have used

     

    sftp userid@192.168.1.45

     

    where userid whas some other user.

     

    On first login, you will get a message complaining that the client is unable to verify the identity of the host and do you still want to connect (yes/no). That's because my host doesn't have a valid ssl certificate. If you answer yes, it will add the signature of that machine to the key store as "ok" and you won't be hassled from that point on. Now it's possible that your SFTP client is rejecting the connection because of this unsigned certificate. You should be able to alter the preferences for the app to allow that. However, once you've connected using the command line SFTP function and thereby added the target machine's fingerprint to your keystore, even your client should no longer app should no longer complain as you have effectively "authorized" the fingerprint.

     

    So take out the variable of your client software and just do your first connection, connection testing using the built in SFTP command line function to connect. If you can do that, then the basic transport is configured.

     

    I just used Dreamweaver using SFTP to connect to my remote server box and it worked.

     

    Note: on a hunch I just tried this in the reverse direction. It DID NOT work. I got the message "received message too long" that others have reported.

     

    Now, AFAIK, the only difference is that in this case, the target machine does NOT have the Lion Server component installed. I've got three machines to play with, a MacBook Pro and two Mac Mini's the Mini's both have Lion and Lion Server on them. The MBP does not. I can SFTP into the Mini's by just enabling remote login. This does NOT appear to be true for the MBP which is ONLY RUNNING LION. Perhaps SFTP isn't fully installed unless you are running the SERVER component. I suppose that makes sense. Are you running just LION or also LION Server?

     

    iGeoCacher

    www.ayefon.com

  • iphoneczar Level 1 Level 1 (0 points)

    Snooping around and doing a "man ftpd" at the command line I get the man page for "tnftpd." Check it out. It looks like this is a newer FTP daemon setup that offers a bit more insulation for the OS as FTP is insecure. From the man page, I'm guessing you run it as a daemon process and you'd need to set it up to auto start if that's your cup of tea. Again, I concur with what others have said. FTP is inherently insecure and I'd recommend SFTP if at all possible. It's starting to look like the latter may only be there for LION SERVER based on my meager experience.

     

    iGeoCacher

    www.ayefon.com

  • iphoneczar Level 1 Level 1 (0 points)

    Got a bit more info. Just to follow this up, I went ahead and installed Server on my MBP. I sitll couldn't login with my original user but when I ADDED a user through server panel, I could login into that account via SFTP. Not quite sure what all this means but I noted that during the server setup the progress steps indicated something about setting up a certificate. I suspect that it is the server install that sets up things for SFTP. So, my conclusion is that if you want to use SFTP "out of the box" you need to install LION Server. Now Lion is fundamentally UNIX and I'm sure that you could get some sort of SFTP/FTP working without LION Server but frankly, given the nominal cost ($49) and the fact that you can then put it on ALL of your servers due to the App Store licensing terms. I'd just go with LION Server.

     

    Being an old Fedora/Red Hat man with a lot of installs under my belt, I've tried to roll my own on a number of occasions and inevitably I conclude that Apple makes it easier if you'll just stick with their approach. Everytime I've wandered off into the weeds I've always come back. Now that the cost is so low for these components, it just isn't worth the time to NOT use them.

     

    -dB

  • iphoneczar Level 1 Level 1 (0 points)

    Found more info here:

     

    http://hintsforums.macworld.com/archive/index.php/t-20831.html

     

    Not sure but it might be relevant. Doing more testing.

     

    iGeoCacher

    www.ayefon.com

  • iphoneczar Level 1 Level 1 (0 points)

    Well, I've come full circle. Just logged into my daughter's machine. It's a Mac Mini. Running just LION. No Server. I can SFTP into her account from mine using MBP. So I guess SERVER is NOT required. I'm guessing the message too long thing referenced in the link above may be more at fault. I get that for one of my user accounts but the others work fine. My suggestion would be to try creating more than one account on the machine and see if you can SFTP into the second account. It might be that something in the environment of the principal account (or a permission or something) is gumming up the works per the link above. It's a puzzler. But it DOES appear that you can SFTP into ordinary LION by just enabling remote login in the sharing. It doesn't take the server version. Good to know so this has been a worthwhile investingation. Be sure and post anything else you find. Inquiring minds want to know. I'm out of experiments.

     

    iGeoCacher

    www.ayefon.com

  • iphoneczar Level 1 Level 1 (0 points)

    One final experiment. I was puzzled as to why my main user wouldn't allow SFTP login but another user would. Per the link above, I checked my .bashrc file and found that I had some leftover stuff in it from migrating. It tried to set some mySQL params and I no longer even have MySQL on this MBP. This no doubt causes some output. I deleted the lines from my .bashrc file in the home directory of that user and now I can login via SFTP.

     

    So it appears that the extra text being sent back on login is problematic for SFTP clients per the discussion at:

     

    http://hintsforums.macworld.com/archive/index.php/t-20831.html

     

    Check out your .bashrc. You might have some leftovers in there like me. If you need them, I'd suggest setting up a separate account for SFTP.

     

    iGeoCacher

    www.ayefon.com

  • deadlenin Level 1 Level 1 (0 points)

    Yeah, removing echo lines from .bashrc totally fixed it for me.  Nice catch iphoneczar!

  • jcelda Level 1 Level 1 (0 points)

    It works! (as apache says!)

     

    I removed echo lines from .bashrc and now i can use sftp. Good trick!