Fatal: unable to initialise SFTP on server

To solve it, I had to use the domain options:

mkgroup -d >> ..\etc\group
mkpasswd -l -d -u >> ..\etc\passwd

and then restart the ‘OpenSSH Server’ service.

Hope this helps someone..

Thanks!

The requirement that you are looking for is called “change root”. WuFTP and openssh-chroot use the same scheme to tell the application to change root the user to their login directory or a parent directory that is part of the home direcotry path.
In /etc/passwd file, for the home direcotory path, an administrator simply adds /./ to the path for the home directory at the point that the user is to be change rooted to…. example: mysql:*:74:74:MySQL Server:/var/empty/./:/usr/bin/sh Note the /./ after empty. When a user then uses the unix pwd command after login in, they will not see /var/empty as their directory path, but / only, thus performing a cd .. will not move their path to /var, they will remain at /var/empty, but the system will not report this path to the user. Any subdirectories under empty will be accessible, but only if the directory permissions allow. If the users login directory is /export/home/thomas, an administrator could enter /export/home/./thomas. When the user logs in and performs a pwd, they will get /thomas as their directory path. Using change root (chroot) is a great way to restrict user access to the contents of a computer system…. the gotcha. When a user is running in a change rooted environment, they cannot access other parts of the system… this means that in order for them to perform minimal functions, you must create an OS type of environment by replicating at the /./ directory level the minimum library and executable files for the user to be able to function on the system, else chances are they will not be able to log into their change rooted account. For an sftp environment, I would also include the sftpsh shell script. This will disallow users from using ssh or scp from logging onto the server is you trying to restrict the user to sftp only. In the above account example, instead of /usr/bin/sh for the shell, you would change this to /usr/bin/sftpsh.

Try using a shellexec tool like plink (it’s part of the putty suite)

sftp -b ScriptFile hostname

contents of ScriptFile:
user username_password
ls
quit

- since you can’t use a domain account, create the same local account on each cluster node with the same password, and use it to create each passwd file.

Now, assuming the sftp directory is on a shared storage, for ex S:\SharedFtp, also note:

- add OpenSSHd service as a Generic Service resource in the cluster configuration in the same resource group as the shared storage disk and the virtual server IP, with proper dependancy.
- assign proper NTFS permissions to the home directory S:\SharedFtp in EACH node for the local account created on that particular node. Also you should probably deny access to all other drives and folders outside this directory, in each node, for the ftp account created.

If you require clarification, just ask.