Jailed ssh in vesta
Jailed ssh in vesta
Hello
i want to give the user jailed ssh for git python and ruby commands
what can i do ?
i want to give the user jailed ssh for git python and ruby commands
what can i do ?
Re: Jailed ssh in vesta
Hi,
I'm also searching for something like that. I have definitely stopped FTP on my servers (unsecure, obsolete, and so so so on), and my users transfer files in SFTP (via SSH port). All tools and frameworks actually know SFTP.
Another reason is that FTP (passive mode) is too boring to open behind firewalls. I'll never open dozen of ports because a protocol is not able to use one unique. FTPS isn't an alternative, for this same reason. You'll say "active mode", but no, FTP is dead, RIP, and look ahead.
But, for some users, it's a problem to be able to navigate in the whole tree, and see other directories next to them (not a problem for the users, rather a problem for the admin ;) ) The chroot feature of sftp (like for ssh) implies to make root as owner of the chroot tree... Impossible.
I know, also, that a file manager is coming, it's a good news, but also not matching some users constraints (using the ability of some frameworks of sending files directly to the server, without an external tool, for example, need FTP - sorry : SFTP).
Anybody's seeing a solution ?
I'm also searching for something like that. I have definitely stopped FTP on my servers (unsecure, obsolete, and so so so on), and my users transfer files in SFTP (via SSH port). All tools and frameworks actually know SFTP.
Another reason is that FTP (passive mode) is too boring to open behind firewalls. I'll never open dozen of ports because a protocol is not able to use one unique. FTPS isn't an alternative, for this same reason. You'll say "active mode", but no, FTP is dead, RIP, and look ahead.
But, for some users, it's a problem to be able to navigate in the whole tree, and see other directories next to them (not a problem for the users, rather a problem for the admin ;) ) The chroot feature of sftp (like for ssh) implies to make root as owner of the chroot tree... Impossible.
I know, also, that a file manager is coming, it's a good news, but also not matching some users constraints (using the ability of some frameworks of sending files directly to the server, without an external tool, for example, need FTP - sorry : SFTP).
Anybody's seeing a solution ?
Re: Jailed ssh in vesta
before i migrate to vestacp i was using ispconfig
with ispconfig i set up a jailed env and users can easily connect to ssh and run git command inside that
i migrate to vestacp only for users mapping /home/$username/{web,tmp} and so on
now its not secure to give user the bash or rbash .
i want to use jailkit and i want to know how can i deploy jailkit with this user instructure
anyone can help me to fix this and then run gunicorn and unicorn or puma in vesta all my problems will be gone
and i never use ispconfig again :)
with ispconfig i set up a jailed env and users can easily connect to ssh and run git command inside that
i migrate to vestacp only for users mapping /home/$username/{web,tmp} and so on
now its not secure to give user the bash or rbash .
i want to use jailkit and i want to know how can i deploy jailkit with this user instructure
anyone can help me to fix this and then run gunicorn and unicorn or puma in vesta all my problems will be gone
and i never use ispconfig again :)
Re: Jailed ssh in vesta
Hi Arash,
well, I didn't know jailkit. I'll try to implement it and do report here.
well, I didn't know jailkit. I'll try to implement it and do report here.
Re: Jailed ssh in vesta
I tried before but i cant complete the jailed so i give up but i think if we analyse ispconfig that how do this with mysql then we can complete the vesta :)fsoyer wrote:Hi Arash,
well, I didn't know jailkit. I'll try to implement it and do report here.
Re: Jailed ssh in vesta
Hi,
Are there any news on this? I'm interested in the solution with jailkit.
Donat
Are there any news on this? I'm interested in the solution with jailkit.
Donat
Re: Jailed ssh in vesta
I'm interested for something like that too. Giving chrooted access to users is really useful!
Re: Jailed ssh in vesta
There is manual -> https://www.howtoforge.com/how-to-creat ... ian-wheezy
Who want to test? ;-)
Who want to test? ;-)
Re: Jailed ssh in vesta
I just installed and tested it for the ftp user access. It seems to work, but it changes all paths of the user to the jailkit path.
So vesta has to change all paths for this. It would be worthy, but it is part of the vestacp team, I guess.Next we will jail the created user. Create a directory /jail for Jail environment