Jailed ssh in vesta

[Arash]

Hello
i want to give the user jailed ssh for git python and ruby commands
what can i do ?

[fsoyer]

Hi,
I'm also searching for something like that. I have definitely stopped FTP on my servers (unsecure, obsolete, and so so so on), and my users transfer files in SFTP (via SSH port). All tools and frameworks actually know SFTP.
Another reason is that FTP (passive mode) is too boring to open behind firewalls. I'll never open dozen of ports because a protocol is not able to use one unique. FTPS isn't an alternative, for this same reason. You'll say "active mode", but no, FTP is dead, RIP, and look ahead.

But, for some users, it's a problem to be able to navigate in the whole tree, and see other directories next to them (not a problem for the users, rather a problem for the admin ;) ) The chroot feature of sftp (like for ssh) implies to make root as owner of the chroot tree... Impossible.

I know, also, that a file manager is coming, it's a good news, but also not matching some users constraints (using the ability of some frameworks of sending files directly to the server, without an external tool, for example, need FTP - sorry : SFTP).

Anybody's seeing a solution ?

[Arash]

before i migrate to vestacp i was using ispconfig
with ispconfig i set up a jailed env and users can easily connect to ssh and run git command inside that
i migrate to vestacp only for users mapping /home/$username/{web,tmp} and so on
now its not secure to give user the bash or rbash .
i want to use jailkit and i want to know how can i deploy jailkit with this user instructure
anyone can help me to fix this and then run gunicorn and unicorn or puma in vesta all my problems will be gone
and i never use ispconfig again :)

[fsoyer]

Hi Arash,
well, I didn't know jailkit. I'll try to implement it and do report here.

[Arash]

Hi Arash,
well, I didn't know jailkit. I'll try to implement it and do report here.

I tried before but i cant complete the jailed so i give up but i think if we analyse ispconfig that how do this with mysql then we can complete the vesta :)

[donat]

Hi,

Are there any news on this? I'm interested in the solution with jailkit.

Donat

[Felix]

I'm interested for something like that too. Giving chrooted access to users is really useful!

[skurudo]

There is manual -> https://www.howtoforge.com/how-to-creat ... ian-wheezy
Who want to test? ;-)

[donat]

I just installed and tested it for the ftp user access. It seems to work, but it changes all paths of the user to the jailkit path.

Next we will jail the created user. Create a directory /jail for Jail environment

So vesta has to change all paths for this. It would be worthy, but it is part of the vestacp team, I guess.