SFTP Rejecting All Passwords

This error is usually caused by invalid permissions in /srv/daemon/config/credentials. It can be fixed by correcting the permissions as follows:

First of all, you need to be in /srv/daemon/config/credentials:

cd /srv/daemon/config/credentials

Next, you need to begin updating permissions. The permission tree is laid out as follows:

  • root:root 755 ssh
    • root:root 600 ssh_host_dsa_key
    • root:root 644 ssh_host_dsa_key.pub
    • root:root 600 ssh_host_ecdsa_key
    • root:root 644 ssh_host_ecdsa_key.pub
    • root:root 600 ssh_host_ed25519_key
    • root:root 644 ssh_host_ed25519_key.pub
    • root:root 600 ssh_host_rsa_key
    • root:root 644 ssh_host_rsa_key.pub
  • root:root 755 users
    • root:root 644 group
    • root:root 644 passwd
    • root:shadow 640 shadow
    • root:root 644 subgid
    • root:root 644 subuid

We're going to need to set all of the files in the directory to be owned by root with group root, and then set the shadow file to be owned by root with group shadow, since it's the only one in the directory that isn't completely owned by root. This can be done with the following commands:

chown -hR root:root *
chown root:shadow users/shadow

Next, we need to fix the permissions to align with the tree. First, we're going to set ssh and users to 755, which allows the owner to execute, and everyone else to read/write. Next, we're going to set everything in the ssh directory to 600, which allows the owner to read and write, and nobody else to do anything. You may have noticed in the tree that the .pub files are 644, so we're going to set those specifically to 644. Next, we're going to set everything in the users folder to 644, and finally, set the shadow file to 640. These can be done with the following commands:

chmod 775 ssh users
chmod -R 600 ssh/*
chmod -R 644 ssh/*.pub
chmod -R 644 users/*
chmod -R 640 users/shadow

After doing all of that, it should now be working properly. You may or may not need to restart the daemon for changes to take effect with systemctl restart wings.