secure shell…

Generate a (4096 bits long) private+public -key-pair on the local machine. To generate a key without password, just press enter:

ssh-keygen -b 4096

Find the public key in ~/.ssh/id_rsa.pub

To login on a remote machine without password, you need to add the public key to the file ~/.ssh/authorized_keys on that box.

less ~/.ssh/id_rsa.pub  # copy this

.. on the remote machine:

nano ~/.ssh/authorized_keys  # paste key in **ONE** line

Another option is to use the following command to add the key to authorized_keys on the remote machine:

ssh-copy-id -i .ssh/id_rsa.pub user@remoteserver

this creates a tunnel from local port 4950 to port 4949 on the remote machine, using a socket

ssh -L 4950:localhost:4949 -f -N -p222 -M -S /var/run/ssh_tunnel1.sock -o ExitOnForwardFailure=yes root@re.mo.te.IP

Mount remote directories (for all users and reconnect, if network is interrupted)

Install:

apt-get install sshfs

Mount:

sshfs -p 222 root@server:/path/ /mnt/server -o allow_other -o reconnect

vsftp server is not required to run a sftp server - openssh handles it.

setup is tricky: permissions of dirs are very important!

/etc/ssh/sshd_config:

#Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp
#...
Match group sftp
ChrootDirectory /var/www/%u 
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

add group and user:

groupadd sftp
useradd -g sftp  -d /var/www/user/  -s /sbin/nologin user
passwd user

set permissions, chown to root:

chown root:root /var/www/  # basedir must belong to root
chmod 0755 /var/www/
chown root:root /var/www/user/  #root not only for for parent!

“Their home directory must be owned as root and not writable by another user or group. This includes the path leading to the directory” https://wiki.archlinux.org/index.php/SFTP_chroot