SFTP Read/Delete Access Only [closed] - ssh

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 3 years ago.
Improve this question
I would like to setup a server with the ability for users to use SFTP to download files we have placed in their user folder and delete them. But not to be able to leave their folders. I was able to get that to work, but it had the unexpected issue of causing the regular users on the server to no longer be able to upload files to the server.
I am requiring the user to use a Password and SSH Key to login.
The setup I went with was:
addgroup --system sftponly
vim /etc/ssh/sshd_config
AuthenticationMethods publickey,password
PubkeyAuthentication yes
PasswordAuthentication yes
Subsystem sftp internal-sftp -P write
Match Group sftponly
ChrootDirectory /home/%u
ForceCommand internal-sftp -P write
X11Forwarding no
AllowTcpForwarding no
When Adding a User:
usermod -G sftponly $username
chown root:root /home/$username
chmod 755 /home/$username
mkdir /home/$username/ftp
chown $username:$username /home/$username/ftp
I would then put their user files in the FTP folder. Which they were able to read from and delete their own files.
What can I do to make a normal user (one not part of the sftponly group) able to upload files?

Leave the Match Group as is. Edit the "Subsystem" line.
From this:
Subsystem sftp internal-sftp -P write
To this:
Subsystem sftp internal-sftp

Related

Ubuntu and www:data permissions in amazon aws [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
I have a Joomla website hosted at amazon aws and having issues with permissions.
Every time I have to go to terminal, ssh and do this to change the permissions between Joomla (www-data) and FileZilla (ubuntu)
sudo chown -R www-data.www-data /var/www/html (Joomla)
sudo chown -R ubuntu /var/www/html (File Zilla)
How do I set it so that I don't have to change this every time?
Add the ubuntu user to the www-data group
# usermod -a -G www-data ubuntu
then
# chmod g+w /var/www/html -R
(group writeable) all your files.

how do you load an ssh_config file within a cron job [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
ssh_config files allow you to configure an ssh client
You can specify aliases, default users and identity files for different ssh hosts, amongst other things
The docs state that the ssh_config options are loaded magically by the ssh client in the following order:
command line options
user-specific file (~/.ssh/config)
system-wide file (/etc/ssh/ssh_config)
However, these configuration options aren't automatically available/respected within a cron job context
how can you load an ssh configfile such as ~/.ssh/config for a crontab context or in a specific cronjob?
Update:
issue was this: https://superuser.com/questions/508408/public-key-always-asking-for-password-and-keyphrase
ssh --help says that there is a -F configfile option. However, I think ssh should still be checking in ~/.ssh/config and /etc/ssh/ssh_config, even when run via cron.
When run from cron, the HOME environment variable is set to point to your normal home directory, so ssh has all the information it needs to locate the standard configuration files.
I tested this by putting the following cron job in place:
* * * * * strace -o /tmp/trace -f -s 80 ssh localhost uptime > /tmp/trace
And inspecting /tmp/trace after the job has run, I see:
29079 open("/home/lars/.ssh/config", O_RDONLY) = 3
29079 open("/etc/ssh/ssh_config", O_RDONLY) = 3
Update
On my OS X machine (OS X 10.10.3), I set up the following ~/.ssh/config file:
Host stackoverflow
Hostname fileserver.house
IdentityFile fileserver_rsa
I created the following cron entry:
* * * * * ssh stackoverflow uptime > $HOME/output
The only way that would work would be if ssh were reading my ~/.ssh/config file...and it works just fine. What leads you do believe that things aren't working?

SSH config file paragraph to open a specific directory on remote server [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
Is there a way to specifically ssh into a particular directory in remote location, specifically using the local ssh config file (not terminal)? Something like Dir option in the paragraph below, for example,
Host remote_dir
Hostname remote_server
User username
Dir path/to/remote_dir/
So, if I, ssh using the Host value from above paragraph,
ssh remote_dir
Then, I would like to be logged in and the terminal to be ready for me at path/to/remote_dir/ of the remote server,
username#remote_server: path/to/remote_dir/ > pwd
/home/username/path/to/remote_dir/
In this post on ServerFault, they say you can't do it all through the ssh config file. But you can do it with the ssh config and your .bash_profile or whatever the terminal nerds call it.
in the ssh config file add
Host dev
Hostname server.com
User joe
then in your .bash_profile add an alias
alias domain1="ssh dev -t 'cd domains/domain1; bash'"
Here the dev refers to what you set up in the config file.
In the Terminal, just type domain1, you will be asked to put in your password and will go straight to the directory. Make a new alias for all your domains and it will make logging in to each one super easy.
Take a look at
https://serverfault.com/questions/167416/change-directory-automatically-on-ssh-login
This is the accepted answer:
LocalCommand isn't what you want, anyway. That's run on your machine. You want RemoteCommand. Something like this worked for me:
Host example.net
RemoteCommand cd / && exec bash --login
RequestTTY yes
(Old answer) For a similar use case, ssh -t is also an option:
ssh server -t "cd /my/remote/directory; bash --login"
It is not the same, as it does not use ssh config. But you can define an alias for the command and end up with a similar effect.

enable root log-in in Ubuntu Server 12.04 [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
How do I enable root login to an Ubuntu Server 12.04?
That is, to be able to ssh as root. I can only login now as a regular user.
Thanks
Make sure you have set a root password (sudo su passwd)
Depending how your ssh is installed, you usually need to edit /etc/ssh/sshd_config and change "PermitRootLogin no" to "PermitRootLogin yes"
Edit /etc/ssh/sshd_config and add the following line:
PermitRootLogin yes
You really shouldn't allow direct SSH login as root. It's a pretty major security risk. See http://www.cyberciti.biz/tips/openssh-deny-or-restrict-access-to-users-and-groups.html
Why not log in as a user with sudo privileges then do 'sudo bash' or 'sudo sh'
This site explains a bit more: https://askubuntu.com/questions/57040/what-is-the-difference-between-su-sudo-bash-and-sudo-sh
If you really must enable ssh as root the first link should give you the info you need to configure OpenSSH assuming that's the server you're using.
You'll have to set a root password too, this site should help: https://help.ubuntu.com/community/RootSudo#Enabling%20the%20root%20account

How to set default group permissions for SFTP uploads? [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I am connecting to a web server running Debian. Our team uses Apache and all users are members of the www-data group. When we connect to this server via SFTP (e.g. Transmit), all of our newly uploaded files take on a group name that is the same as the user's name (i.e. their primary group).
Is there a way to change this default group assignment to www-data on SFTP? On the command line, one can type:
$ newgrp www-data
Which assigns the current user's primary group to www-data. All new files created by the user are assigned to this group. Is there an equivalent for SFTP?
Setting a directory setgid means that files created within it will acquire the directory's group ownership.
mkdir web
chgrp www-data web
chmod g+s web
You may require the additional step of setting the umask before the server process starts:
umask 0002;
/usr/lib/openssh/sftp-server
Or in sshd_config, "you can pass a flag and value in (-u 0002) like the following to set the umask value:"
Subsystem sftp /usr/lib/openssh/sftp-server -u 0002