External SFTP Access to a WordPress Jail

The good folk at Automattic, owners of WordPress, have offered to help me resolve a credentialing problem I’m experiencing. However, they require the site’s SSH/SFTP/FTP credentials to access the WordPress installation folder. Up to this point, it hadn’t occurred to me to allow external access to the WordPress jail. I wasn’t even sure if this was even possible to set up given my edge router is a FRITZ!Box. Well, the good news is, it is possible, but there is at least one caveat.

My first hurdle was trying to figure out the difference between SSH, SFTP and FTP. During my research, I also came across FTPS and FTPES! Google will help you tease out the differences between each of these protocols. Anyway, I settled on SFTP based on the appeal of restricting SFTP in a TrueNAS Jail.

Step 1: Get SFTP working on the internal network.

So, my first step was to get SFTP working and tested on the local network on a test WordPress jail with a LAN IP address 10.1.50. Using PuTTY, I logged into the TrueNAS server and then connected to the test jail iocage console wordpress. Next, I added a user:

Next I enabled SSH as per the TrueNAS guide. I then started SSH service sshd start.

Using FileZilla, I then confirmed that I could access the jail locally.

…and I’m in.

Traversing to /usr/local/www/wordpress, I can see the files in the WordPress directory.

Step 2: Get SFTP working externally

This required me to set up a port forward in my FRITZ!Box router.

To test, I connected a laptop to a mobile hotspot and using FileZilla, attempted to access the jail via the the FQDN I had associated with the jail.

Initially, it failed…

…until I realised, I had to switch off proxying in Cloudflare.

Once I did that, I could connect externally to to the WordPress jail.

Logins are logged in /var/log/auth.log in the jail.

Keep Reading



Leave a Reply