Blame
Date:
Wed Feb 1 05:00:29 2023 UTC
Message:
Daily backup
01
2023-01-22
jrmu
version=pmwiki-2.2.130 ordered=1 urlencoded=1
02
2023-01-22
jrmu
agent=w3m/0.5.3+git20210102
03
2023-01-22
jrmu
author=jrmu
04
2023-01-22
jrmu
charset=UTF-8
05
2023-01-22
jrmu
csum=
06
2023-01-22
jrmu
ctime=1598328415
07
2023-01-22
jrmu
host=38.87.162.8
08
2023-01-22
jrmu
name=Openbsd.Sftp
09
2023-01-22
jrmu
rev=11
10
2023-01-22
jrmu
targets=
11
2023-01-22
jrmu
text=(:redirect sftp/chroot:)%0a!! Users with sftp access without ssh access (for file hosting)%0a%0a1. Do one time setup%0a%0a[@%0a$ doas mkdir /var/www/OrangeShare/%0a$ doas groupadd sftponly%0a@]%0a%0aEdit your httpd config to set "/OrangeShare" as the root location.%0a%0aAdd this into sshd_config%0a%0a[@%0aSubsystem sftp internal-sftp%0aMatch Group sftponly%0a PasswordAuthentication yes%0a ForceCommand internal-sftp%0a ChrootDirectory /var/www/OrangeShare/%25u%0a AllowTcpForwarding no%0a AllowAgentForwarding no%0a PermitTunnel no%0a PermitTTY no%0a X11Forwarding no%0a@]%0a%0aSave script for adding new user%0a%0a[@%0a#!/bin/ksh%0a# add user%0adoas adduser%0a# add user to sftponly group, otherwise they will have full ssh access%0adoas usermod -g sftponly $1%0a# make user's directory%0adoas mkdir /var/www/OrangeShare/$1%0adoas mkdir /var/www/OrangeShare/$1/pub%0adoas chown $1:$1 /var/www/OrangeShare/$1/pub%0a# set the user's password%0adoas passwd $1%0a@]%0a%0a2. For each new user %0a%0a $ ksh newuser.sh usernameHere%0a Then email to the user their credentials, from either your personal email or from your team email if it has one.%0a%0a----%0a%0aSources:%0a[@%0ahttp://undeadly.org/cgi?action=article&sid=20080220110039%0ahttps://man.openbsd.org/sftp-server%0ahttps://unix.stackexchange.com/questions/503312/is-it-possible-to-grant-users-sftp-access-without-shell-access-if-yes-how-is-i%0a@]%0a%0a!! To change sftp accessed directory from /home/USER to /var/www/htdocs/USER%0a
12
2023-01-22
jrmu
time=1640844075
13
2023-01-22
jrmu
author:1640844075=jrmu
14
2023-01-22
jrmu
diff:1640844075:1598591960:=1d0%0a%3c (:redirect sftp/chroot:)%0a
15
2023-01-22
jrmu
host:1640844075=38.87.162.8
16
2023-01-22
jrmu
author:1598591960=gry
17
2023-01-22
jrmu
csum:1598591960=+
18
2023-01-22
jrmu
diff:1598591960:1598585367:=34c34%0a%3c doas usermod -g sftponly $1%0a---%0a> usermod -G sftponly $1%0a
19
2023-01-22
jrmu
host:1598591960=203.129.25.247
20
2023-01-22
jrmu
author:1598585367=gry
21
2023-01-22
jrmu
csum:1598585367=+
22
2023-01-22
jrmu
diff:1598585367:1598524246:=6c6,7%0a%3c $ doas mkdir /var/www/OrangeShare/%0a---%0a> $ doas chown root:daemon /var/www/htdocs/%0a> $ doas mkdir /var/www/htdocs/orange-chat%0a10,11d10%0a%3c Edit your httpd config to set "/OrangeShare" as the root location.%0a%3c %0a19c18%0a%3c ChrootDirectory /var/www/OrangeShare/%25u%0a---%0a> ChrootDirectory /var/www/htdocs/orange-chat/%25u%0a31,34d29%0a%3c # add user%0a%3c doas adduser%0a%3c # add user to sftponly group, otherwise they will have full ssh access%0a%3c usermod -G sftponly $1%0a36,39c31,37%0a%3c doas mkdir /var/www/OrangeShare/$1%0a%3c doas mkdir /var/www/OrangeShare/$1/pub%0a%3c doas chown $1:$1 /var/www/OrangeShare/$1/pub%0a%3c # set the user's password%0a---%0a> doas mkdir /var/www/htdocs/orange-chat/$1%0a> doas chown root:sftponly /var/www/htdocs/orange-chat/$1%0a> doas chmod 775 /var/www/htdocs/orange-chat/$1%0a> # add user%0a> doas adduser%0a> # add user to sftponly group, otherwise they will have full ssh access%0a> usermod -G sftponly $1%0a
23
2023-01-22
jrmu
host:1598585367=203.129.25.247
24
2023-01-22
jrmu
author:1598524246=gry
25
2023-01-22
jrmu
csum:1598524246=+
26
2023-01-22
jrmu
diff:1598524246:1598522823:=33d32%0a%3c doas chmod 775 /var/www/htdocs/orange-chat/$1%0a
27
2023-01-22
jrmu
host:1598524246=203.129.25.247
28
2023-01-22
jrmu
author:1598522823=gry
29
2023-01-22
jrmu
csum:1598522823=+
30
2023-01-22
jrmu
diff:1598522823:1598522802:=8c8%0a%3c $ doas groupadd sftponly%0a---%0a> $ doas addgroup sftponly%0a
31
2023-01-22
jrmu
host:1598522823=203.129.25.247
32
2023-01-22
jrmu
author:1598522802=gry
33
2023-01-22
jrmu
csum:1598522802=+
34
2023-01-22
jrmu
diff:1598522802:1598520430:=18c18%0a%3c ChrootDirectory /var/www/htdocs/orange-chat/%25u%0a---%0a> ChrootDirectory %25h%0a37d36%0a%3c doas passwd $1%0a42,43c41,42%0a%3c $ ksh newuser.sh usernameHere%0a%3c Then email to the user their credentials, from either your personal email or from your team email if it has one.%0a---%0a> * run this script and then %0a> * email to the user their credentials, from either your personal email or from your team email if it has one.%0a
35
2023-01-22
jrmu
host:1598522802=203.129.25.247
36
2023-01-22
jrmu
author:1598520430=gry
37
2023-01-22
jrmu
csum:1598520430=+
38
2023-01-22
jrmu
diff:1598520430:1598520396:=3,4c3,4%0a%3c 1. Do one time setup%0a%3c %0a---%0a> 1. Add this into sshd_config%0a> %0a6,13d5%0a%3c $ doas chown root:daemon /var/www/htdocs/%0a%3c $ doas mkdir /var/www/htdocs/orange-chat%0a%3c $ doas addgroup sftponly%0a%3c @]%0a%3c %0a%3c Add this into sshd_config%0a%3c %0a%3c [@%0a26,27c18,19%0a%3c Save script for adding new user%0a%3c %0a---%0a> 2. Do one time setup%0a> %0a28a21,28%0a> $ doas chown root:daemon /var/www/htdocs/%0a> $ doas mkdir /var/www/htdocs/orange-chat%0a> $ doas addgroup sftponly%0a> @]%0a> %0a> 3. Save script for adding new user%0a> %0a> [@%0a39c39%0a%3c 2. For each new user %0a---%0a> 4. For each new user %0a
39
2023-01-22
jrmu
host:1598520430=203.129.25.247
40
2023-01-22
jrmu
author:1598520396=gry
41
2023-01-22
jrmu
csum:1598520396=expanded
42
2023-01-22
jrmu
diff:1598520396:1598329723:=1,4c1,4%0a%3c !! Users with sftp access without ssh access (for file hosting)%0a%3c %0a%3c 1. Add this into sshd_config%0a%3c %0a---%0a> !! To add users with sftp access without ssh access%0a> %0a> 1. Toss that into sshd_config%0a> %0a18,44c18,23%0a%3c 2. Do one time setup%0a%3c %0a%3c [@%0a%3c $ doas chown root:daemon /var/www/htdocs/%0a%3c $ doas mkdir /var/www/htdocs/orange-chat%0a%3c $ doas addgroup sftponly%0a%3c @]%0a%3c %0a%3c 3. Save script for adding new user%0a%3c %0a%3c [@%0a%3c #!/bin/ksh%0a%3c # make user's directory%0a%3c doas mkdir /var/www/htdocs/orange-chat/$1%0a%3c doas chown root:sftponly /var/www/htdocs/orange-chat/$1%0a%3c # add user%0a%3c doas adduser%0a%3c # add user to sftponly group, otherwise they will have full ssh access%0a%3c usermod -G sftponly $1%0a%3c @]%0a%3c %0a%3c 4. For each new user %0a%3c %0a%3c * run this script and then %0a%3c * email to the user their credentials, from either your personal email or from your team email if it has one.%0a%3c %0a%3c ----%0a---%0a> %0a> 2. The user's home folder /home/username must be owned by root:wheel%0a> %0a> 3. The new users must be in the 'sftponly' group.%0a> %0a> Sources:%0a
43
2023-01-22
jrmu
host:1598520396=203.129.25.247
44
2023-01-22
jrmu
author:1598329723=gry
45
2023-01-22
jrmu
csum:1598329723=clarified
46
2023-01-22
jrmu
diff:1598329723:1598328430:=1,4d0%0a%3c !! To add users with sftp access without ssh access%0a%3c %0a%3c 1. Toss that into sshd_config%0a%3c %0a6,24c2,17%0a%3c Subsystem sftp internal-sftp%0a%3c Match Group sftponly%0a%3c PasswordAuthentication yes%0a%3c ForceCommand internal-sftp%0a%3c ChrootDirectory %25h%0a%3c AllowTcpForwarding no%0a%3c AllowAgentForwarding no%0a%3c PermitTunnel no%0a%3c PermitTTY no%0a%3c X11Forwarding no%0a%3c @]%0a%3c %0a%3c %0a%3c 2. The user's home folder /home/username must be owned by root:wheel%0a%3c %0a%3c 3. The new users must be in the 'sftponly' group.%0a%3c %0a%3c Sources:%0a%3c [@%0a---%0a> 12:02 %3c jrmu> let me see if I've got it somewhere%0a> 12:02 %3c jrmu> Subsystem sftp internal-sftp%0a> 12:02 %3c jrmu> Match User username%0a> 12:02 %3c jrmu> PasswordAuthentication yes%0a> 12:02 %3c jrmu> ForceCommand internal-sftp%0a> 12:02 %3c jrmu> ChrootDirectory %25h%0a> 12:02 %3c jrmu> AllowTcpForwarding no%0a> 12:02 %3c jrmu> AllowAgentForwarding no%0a> 12:02 %3c jrmu> PermitTunnel no%0a> 12:02 %3c jrmu> PermitTTY no%0a> 12:02 %3c jrmu> X11Forwarding no%0a> 12:02 %3c jrmu> toss that into sshd_config%0a> 12:03 %3c jrmu> then the user's home folder /home/username%0a> 12:03 %3c jrmu> must be owned by root:wheel%0a> %0a> %0a27,30c20%0a%3c https://unix.stackexchange.com/questions/503312/is-it-possible-to-grant-users-sftp-access-without-shell-access-if-yes-how-is-i%0a%3c @]%0a%3c %0a%3c !! To change sftp accessed directory from /home/USER to /var/www/htdocs/USER%0a---%0a> @]%0a\ No newline at end of file%0a
47
2023-01-22
jrmu
host:1598329723=203.129.25.247
48
2023-01-22
jrmu
author:1598328430=jrmu
49
2023-01-22
jrmu
diff:1598328430:1598328415:=1d0%0a%3c [@%0a19,20c18%0a%3c https://man.openbsd.org/sftp-server%0a%3c @]%0a\ No newline at end of file%0a---%0a> https://man.openbsd.org/sftp-server%0a\ No newline at end of file%0a
50
2023-01-22
jrmu
host:1598328430=38.81.163.143
51
2023-01-22
jrmu
author:1598328415=jrmu
52
2023-01-22
jrmu
diff:1598328415:1598328415:=1,18d0%0a%3c 12:02 %3c jrmu> let me see if I've got it somewhere%0a%3c 12:02 %3c jrmu> Subsystem sftp internal-sftp%0a%3c 12:02 %3c jrmu> Match User username%0a%3c 12:02 %3c jrmu> PasswordAuthentication yes%0a%3c 12:02 %3c jrmu> ForceCommand internal-sftp%0a%3c 12:02 %3c jrmu> ChrootDirectory %25h%0a%3c 12:02 %3c jrmu> AllowTcpForwarding no%0a%3c 12:02 %3c jrmu> AllowAgentForwarding no%0a%3c 12:02 %3c jrmu> PermitTunnel no%0a%3c 12:02 %3c jrmu> PermitTTY no%0a%3c 12:02 %3c jrmu> X11Forwarding no%0a%3c 12:02 %3c jrmu> toss that into sshd_config%0a%3c 12:03 %3c jrmu> then the user's home folder /home/username%0a%3c 12:03 %3c jrmu> must be owned by root:wheel%0a%3c %0a%3c %0a%3c http://undeadly.org/cgi?action=article&sid=20080220110039%0a%3c https://man.openbsd.org/sftp-server%0a\ No newline at end of file%0a
53
2023-01-22
jrmu
host:1598328415=38.81.163.143
IRCNow