I need to change the sshd_config so that I can authenticate users using internal sftp. I created a template-custom for this but it did not work, I want to see what I might have done wrong.
I created it as follows:
sshd_config custom -> /etc/e-smith/templates-custom/etc/ssh/sshd_config/sshd.config/80ssh
after that I ran expland-template /etc/ssh/sshd_config
At first it had been ok, but when restarting the server the sshd_config file returned to the original.
The initial goal of all this is to be able to authenticate users in the shell using sftp, since I currently own a server that does this and would like to use the same format in Nethserver.
But there is still a problem kk
With the template I added a new fragment to the sshd_config configuration, however I needed to do a complete override of the original config with the config that I inserted into the custom template.
I just want to add that you should avoid to override original templates with templates-custom because if original templates are updated by software update, the template updates are not applied and that may lead to errors or security problems.
In the case of sshd_config it seems not possible to not override it but please post your custom template(s), maybe we find another solution.
@mrmarkuz Below is the configuration file, I have manually commented the original part of sshd_config, below is the configuration that I use on my old CentOS 6 server.
In my scenario I have clients that connect using normal FTP port 21 and others that connect via SFTP port 22, so I need this configuration in the sshd_config file. With the manual change everything works perfectly, I can use vsftpd for FTP and SFTP with local system users.
# ================= DO NOT MODIFY THIS FILE =================
#
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at NethServer official site: https://www.nethserver.org
#
#
#Port 22
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
#HostKey /etc/ssh/ssh_host_rsa_key
#LoginGraceTime 2m
#Protocol 2
#UsePAM yes
#ChallengeResponseAuthentication no
#MaxAuthTries 6
#MaxStartups 10:30:60
#PasswordAuthentication yes
#PermitRootLogin yes
#UsePrivilegeSeparation sandbox
#Subsystem sftp /usr/libexec/openssh/sftp-server
#X11Forwarding yes
#ClientAliveInterval 60
#ClientAliveCountMax 3
# Cipher selection 2018-03-30
#Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr
#MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160
#KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1
##################################################################
Port 22
Protocol 2
SyslogFacility AUTHPRIV
PasswordAuthentication yes
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
UsePAM yes
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
X11Forwarding yes
ChrootDirectory /home
Subsystem sftp internal-sftp