Thanks for the confirmation on the port number change method.

Yes, I'm behind a firewall, but the SSH port of the firewall has to be open so I can have access to the machine when I'm at the office.

Both the mythtv user and root user names are banned from SSH. Since WinSCP uses SSH, the mythtv user name won't work.
We need to have a user that isn't banned from SSH given the privilages to read and write to the /myth partition.

_________________
KnoppMyth R5.5, Asus A8N-VM CSM (nvidia 6150 onboard video), AMD Athlon 64 dual-core 4200+, two 1GB sticks DDR 400, HD-3000 HDTV card, PVR-150 card, Iguanaworks RS-232 IR receiver/transmitter, Pioneer DVR-110 DVD burner

Well, that _is_ the purpose of the "other" account that gets setup when you install. Then you can su - to the mythtv account as you know its password.

In the previous posts in the thread regarding WinSCP use, it has been established that WinSCP does not allow you to change users after you log in. (you can't type su - root)

Thus, the user you log in with, MUST have privilages for the folders and partitions you want to read/write to. So, if I log in with user 'abcde' and want to read and write files to the /myth partition, then user 'abcde' must have read/write privilages to the /myth partition.

_________________
KnoppMyth R5.5, Asus A8N-VM CSM (nvidia 6150 onboard video), AMD Athlon 64 dual-core 4200+, two 1GB sticks DDR 400, HD-3000 HDTV card, PVR-150 card, Iguanaworks RS-232 IR receiver/transmitter, Pioneer DVR-110 DVD burner

You may want to look into the free SSH client here: http://ftp.ssh.com/pub/ssh/ It gives you up/download capabilities as well. I have used it for many years without issue.

I'm using WinSCP now because:
1. it runs in Windows (provides a conduit between my Windows machines and the Linux machine)
2. has a Graphic User Interface

Does the free SSH client fulfill both of these requirements?

_________________
KnoppMyth R5.5, Asus A8N-VM CSM (nvidia 6150 onboard video), AMD Athlon 64 dual-core 4200+, two 1GB sticks DDR 400, HD-3000 HDTV card, PVR-150 card, Iguanaworks RS-232 IR receiver/transmitter, Pioneer DVR-110 DVD burner

Yes

I'm trying it now. Thus far, it seems to behave like WinSCP - the username you log in with is the only username you can access via the graphic user interface windows.
For example, if I log in as user 'abcde', and then change to root by doing "su - root", I do have root access in the SSH text window. But, when I click "NEW FILE TRANSFER WINDOW", it am still logged in as user 'abcde'. The window starts in "/home/abcde". I can change directories to "/myth/video" but I don't have access to put files there - which is the goal.
Slowtolearn, do you know of some switches or controls to make it work as desired?

_________________
KnoppMyth R5.5, Asus A8N-VM CSM (nvidia 6150 onboard video), AMD Athlon 64 dual-core 4200+, two 1GB sticks DDR 400, HD-3000 HDTV card, PVR-150 card, Iguanaworks RS-232 IR receiver/transmitter, Pioneer DVR-110 DVD burner

Hi Eric,

I don't get why do you need to transfer them as root? Why not transfer as yourself and in your ssh - session (incidentally, "root" appended to this is superfluous) move them to where you want them?
I can also see that if you're either low on disk space or a bit obsessive about double handling, you'll want to find a solution to make it work how you want it to.

Here are your options:
1. log in to your box, become root, edit "/etc/ssh/sshd_config" and comment out the DenyUsers line and change PermitRootLogin to Yes. This will allow you to log in directly as root and do what you want. You should only allow ssh2 connections and have a fabulously cryptic password.
Have a look at http://www.linux.com/feature/61061?theme=print for why you shouldn't permit root logins.
2. Even better, do the above, then:
- install putty on the windows box
- generate a dsa key pair (please use a passphrase),
- copy the public key on your myth box (add it to /root/.ssh/authorized_keys),
- start pageant on the Windows box (make it run at startup, too),
- add the generated private key (you'll have to do this each time you start windows)
Do the above and you can disable password logins (stop anyone connecting with a password) by changing PasswordAuthentication to "no" in the sshd_config.
This is your most complete solution, IMO. You can have your root login without compromising security much.
3. change directory permissions on the directories you want to drop files into.
4. add yourself (your currently valid login) to appropriate groups for access.

Good luck

Mike

_________________
*********************
LinHES 7.4
Australian Dragon
*********************

That's a great article and explains a lot of what I've been asking. I'm already sold on keeping root logins from occuring. My /var/log/auth.log file shows that there are people trying to hack into my ssh connection almost every day!

I think the way I'd like to have access to the /myth partition is to give my general user (call that user, 'abcde') privilages to that partition. That will be good enough to allow me in with WinSCP or SSH-client-GUI.
It seems like there are 2 major ways to accomplish this:
1. make user 'abcde' a member of the mythtv group or
2. give user 'abcde' permissions to read/write to the /myth partition.

Is the previously mentioned method of group assignment the best way to do that?
What about the /etc/group file which seems to contain the groups information and looks easy enough to edit. I'd like someone to comment on the /etc/group file.

_________________
KnoppMyth R5.5, Asus A8N-VM CSM (nvidia 6150 onboard video), AMD Athlon 64 dual-core 4200+, two 1GB sticks DDR 400, HD-3000 HDTV card, PVR-150 card, Iguanaworks RS-232 IR receiver/transmitter, Pioneer DVR-110 DVD burner

The usermod command is just a convenient way of updating /etc/group, /etc/passwd and other configuration files. It also does some other helpful things like move home directories. You can still edit the files if you want.

That's it!!

I just did this as root and it worked just like I wanted!

Hey, tjc, you'll be proud of me. I used the man page for usermod to find out that the -G was necessary here.

After entering this command, I was able to log in with WinSCP as user abcde and transfer files into /myth/video just fine!
AND I was able to leave root and mythv users banned from SSH login, so there is still some measure of security, which I do care about.

Thanks for all the input, everybody!

_________________
KnoppMyth R5.5, Asus A8N-VM CSM (nvidia 6150 onboard video), AMD Athlon 64 dual-core 4200+, two 1GB sticks DDR 400, HD-3000 HDTV card, PVR-150 card, Iguanaworks RS-232 IR receiver/transmitter, Pioneer DVR-110 DVD burner

Something a little better than the above is a combination of #1 & #2:

- generate the dsa key pair with puttygen and add the key to /root/.ssh/authorized_keys2
- use pAgent on Windows for WinSCP/PuTTY
- in /etc/ssh/sshd_config, set PermitRootLogin to without-password
- comment out the DenyUsers line for "root"
- restart sshd

The without-password setting will only allow "root" logins via an authorized_key only. I've found this to be highly secure in combination with firewall rules that prevent hacking other than from authorized IPs. There are also scripts out there that can help with adding ipchains rules based on the output of /var/log/auth.log and the like against sshd attacks.