Home Explore Help
Register Sign In
EPuters_Mirrors
/
almanack_mirror
Watch 2
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: main
Branches Tags
almanack_mir...
/
wiki.d
/
Openbsd.Sftp

Openbsd.Sftp 8.6 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051 
  1. version=pmwiki-2.2.130 ordered=1 urlencoded=1
    2. 

  2. agent=Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
    3. 

  3. author=gry
    4. 

  4. charset=UTF-8
    5. 

  5. csum=+
    6. 

  6. ctime=1598328415
    7. 

  7. host=203.129.25.247
    8. 

  8. name=Openbsd.Sftp
    9. 

  9. rev=10
    10. 

  10. targets=
    11. 

  11. text=!! Users with sftp access without ssh access (for file hosting)%0a%0a1. Do one time setup%0a%0a[@%0a$ doas mkdir /var/www/OrangeShare/%0a$ doas groupadd sftponly%0a@]%0a%0aEdit your httpd config to set "/OrangeShare" as the root location.%0a%0aAdd this into sshd_config%0a%0a[@%0aSubsystem       sftp    internal-sftp%0aMatch Group sftponly%0a  PasswordAuthentication yes%0a  ForceCommand internal-sftp%0a  ChrootDirectory /var/www/OrangeShare/%25u%0a  AllowTcpForwarding no%0a  AllowAgentForwarding    no%0a  PermitTunnel    no%0a  PermitTTY       no%0a  X11Forwarding   no%0a@]%0a%0aSave script for adding new user%0a%0a[@%0a#!/bin/ksh%0a# add user%0adoas adduser%0a# add user to sftponly group, otherwise they will have full ssh access%0adoas usermod -g sftponly $1%0a# make user's directory%0adoas mkdir /var/www/OrangeShare/$1%0adoas mkdir /var/www/OrangeShare/$1/pub%0adoas chown $1:$1 /var/www/OrangeShare/$1/pub%0a# set the user's password%0adoas passwd $1%0a@]%0a%0a2. For each new user %0a%0a $ ksh newuser.sh usernameHere%0a Then email to the user their credentials, from either your personal email or from your team email if it has one.%0a%0a----%0a%0aSources:%0a[@%0ahttp://undeadly.org/cgi?action=article&sid=20080220110039%0ahttps://man.openbsd.org/sftp-server%0ahttps://unix.stackexchange.com/questions/503312/is-it-possible-to-grant-users-sftp-access-without-shell-access-if-yes-how-is-i%0a@]%0a%0a!! To change sftp accessed directory from /home/USER to /var/www/htdocs/USER%0a
    12. 

  12. time=1598591960
    13. 

  13. author:1598591960=gry
    14. 

  14. csum:1598591960=+
    15. 

  15. diff:1598591960:1598585367:=34c34%0a%3c doas usermod -g sftponly $1%0a---%0a> usermod -G sftponly $1%0a
    16. 

  16. host:1598591960=203.129.25.247
    17. 

  17. author:1598585367=gry
    18. 

  18. csum:1598585367=+
    19. 

  19. diff:1598585367:1598524246:=6c6,7%0a%3c $ doas mkdir /var/www/OrangeShare/%0a---%0a> $ doas chown root:daemon /var/www/htdocs/%0a> $ doas mkdir /var/www/htdocs/orange-chat%0a10,11d10%0a%3c Edit your httpd config to set "/OrangeShare" as the root location.%0a%3c %0a19c18%0a%3c   ChrootDirectory /var/www/OrangeShare/%25u%0a---%0a>   ChrootDirectory /var/www/htdocs/orange-chat/%25u%0a31,34d29%0a%3c # add user%0a%3c doas adduser%0a%3c # add user to sftponly group, otherwise they will have full ssh access%0a%3c usermod -G sftponly $1%0a36,39c31,37%0a%3c doas mkdir /var/www/OrangeShare/$1%0a%3c doas mkdir /var/www/OrangeShare/$1/pub%0a%3c doas chown $1:$1 /var/www/OrangeShare/$1/pub%0a%3c # set the user's password%0a---%0a> doas mkdir /var/www/htdocs/orange-chat/$1%0a> doas chown root:sftponly /var/www/htdocs/orange-chat/$1%0a> doas chmod 775 /var/www/htdocs/orange-chat/$1%0a> # add user%0a> doas adduser%0a> # add user to sftponly group, otherwise they will have full ssh access%0a> usermod -G sftponly $1%0a
    20. 

  20. host:1598585367=203.129.25.247
    21. 

  21. author:1598524246=gry
    22. 

  22. csum:1598524246=+
    23. 

  23. diff:1598524246:1598522823:=33d32%0a%3c doas chmod 775 /var/www/htdocs/orange-chat/$1%0a
    24. 

  24. host:1598524246=203.129.25.247
    25. 

  25. author:1598522823=gry
    26. 

  26. csum:1598522823=+
    27. 

  27. diff:1598522823:1598522802:=8c8%0a%3c $ doas groupadd sftponly%0a---%0a> $ doas addgroup sftponly%0a
    28. 

  28. host:1598522823=203.129.25.247
    29. 

  29. author:1598522802=gry
    30. 

  30. csum:1598522802=+
    31. 

  31. diff:1598522802:1598520430:=18c18%0a%3c   ChrootDirectory /var/www/htdocs/orange-chat/%25u%0a---%0a>   ChrootDirectory %25h%0a37d36%0a%3c doas passwd $1%0a42,43c41,42%0a%3c  $ ksh newuser.sh usernameHere%0a%3c  Then email to the user their credentials, from either your personal email or from your team email if it has one.%0a---%0a>  * run this script and then %0a>  * email to the user their credentials, from either your personal email or from your team email if it has one.%0a
    32. 

  32. host:1598522802=203.129.25.247
    33. 

  33. author:1598520430=gry
    34. 

  34. csum:1598520430=+
    35. 

  35. diff:1598520430:1598520396:=3,4c3,4%0a%3c 1. Do one time setup%0a%3c %0a---%0a> 1. Add this into sshd_config%0a> %0a6,13d5%0a%3c $ doas chown root:daemon /var/www/htdocs/%0a%3c $ doas mkdir /var/www/htdocs/orange-chat%0a%3c $ doas addgroup sftponly%0a%3c @]%0a%3c %0a%3c Add this into sshd_config%0a%3c %0a%3c [@%0a26,27c18,19%0a%3c Save script for adding new user%0a%3c %0a---%0a> 2. Do one time setup%0a> %0a28a21,28%0a> $ doas chown root:daemon /var/www/htdocs/%0a> $ doas mkdir /var/www/htdocs/orange-chat%0a> $ doas addgroup sftponly%0a> @]%0a> %0a> 3. Save script for adding new user%0a> %0a> [@%0a39c39%0a%3c 2. For each new user %0a---%0a> 4. For each new user %0a
    36. 

  36. host:1598520430=203.129.25.247
    37. 

  37. author:1598520396=gry
    38. 

  38. csum:1598520396=expanded
    39. 

  39. diff:1598520396:1598329723:=1,4c1,4%0a%3c !! Users with sftp access without ssh access (for file hosting)%0a%3c %0a%3c 1. Add this into sshd_config%0a%3c %0a---%0a> !! To add users with sftp access without ssh access%0a> %0a> 1. Toss that into sshd_config%0a> %0a18,44c18,23%0a%3c 2. Do one time setup%0a%3c %0a%3c [@%0a%3c $ doas chown root:daemon /var/www/htdocs/%0a%3c $ doas mkdir /var/www/htdocs/orange-chat%0a%3c $ doas addgroup sftponly%0a%3c @]%0a%3c %0a%3c 3. Save script for adding new user%0a%3c %0a%3c [@%0a%3c #!/bin/ksh%0a%3c # make user's directory%0a%3c doas mkdir /var/www/htdocs/orange-chat/$1%0a%3c doas chown root:sftponly /var/www/htdocs/orange-chat/$1%0a%3c # add user%0a%3c doas adduser%0a%3c # add user to sftponly group, otherwise they will have full ssh access%0a%3c usermod -G sftponly $1%0a%3c @]%0a%3c %0a%3c 4. For each new user %0a%3c %0a%3c  * run this script and then %0a%3c  * email to the user their credentials, from either your personal email or from your team email if it has one.%0a%3c %0a%3c ----%0a---%0a> %0a> 2. The user's home folder /home/username must be owned by root:wheel%0a> %0a> 3. The new users must be in the 'sftponly' group.%0a> %0a> Sources:%0a
    40. 

  40. host:1598520396=203.129.25.247
    41. 

  41. author:1598329723=gry
    42. 

  42. csum:1598329723=clarified
    43. 

  43. diff:1598329723:1598328430:=1,4d0%0a%3c !! To add users with sftp access without ssh access%0a%3c %0a%3c 1. Toss that into sshd_config%0a%3c %0a6,24c2,17%0a%3c Subsystem       sftp    internal-sftp%0a%3c Match Group sftponly%0a%3c   PasswordAuthentication yes%0a%3c   ForceCommand internal-sftp%0a%3c   ChrootDirectory %25h%0a%3c   AllowTcpForwarding no%0a%3c   AllowAgentForwarding    no%0a%3c   PermitTunnel    no%0a%3c   PermitTTY       no%0a%3c   X11Forwarding   no%0a%3c @]%0a%3c %0a%3c %0a%3c 2. The user's home folder /home/username must be owned by root:wheel%0a%3c %0a%3c 3. The new users must be in the 'sftponly' group.%0a%3c %0a%3c Sources:%0a%3c [@%0a---%0a> 12:02 %3c jrmu> let me see if I've got it somewhere%0a> 12:02 %3c jrmu> Subsystem       sftp    internal-sftp%0a> 12:02 %3c jrmu> Match User username%0a> 12:02 %3c jrmu>   PasswordAuthentication yes%0a> 12:02 %3c jrmu>   ForceCommand internal-sftp%0a> 12:02 %3c jrmu>   ChrootDirectory %25h%0a> 12:02 %3c jrmu>   AllowTcpForwarding no%0a> 12:02 %3c jrmu>   AllowAgentForwarding    no%0a> 12:02 %3c jrmu>   PermitTunnel    no%0a> 12:02 %3c jrmu>   PermitTTY       no%0a> 12:02 %3c jrmu>   X11Forwarding   no%0a> 12:02 %3c jrmu> toss that into sshd_config%0a> 12:03 %3c jrmu> then the user's home folder /home/username%0a> 12:03 %3c jrmu> must be owned by root:wheel%0a> %0a> %0a27,30c20%0a%3c https://unix.stackexchange.com/questions/503312/is-it-possible-to-grant-users-sftp-access-without-shell-access-if-yes-how-is-i%0a%3c @]%0a%3c %0a%3c !! To change sftp accessed directory from /home/USER to /var/www/htdocs/USER%0a---%0a> @]%0a\ No newline at end of file%0a
    44. 

  44. host:1598329723=203.129.25.247
    45. 

  45. author:1598328430=jrmu
    46. 

  46. diff:1598328430:1598328415:=1d0%0a%3c [@%0a19,20c18%0a%3c https://man.openbsd.org/sftp-server%0a%3c @]%0a\ No newline at end of file%0a---%0a> https://man.openbsd.org/sftp-server%0a\ No newline at end of file%0a
    47. 

  47. host:1598328430=38.81.163.143
    48. 

  48. author:1598328415=jrmu
    49. 

  49. diff:1598328415:1598328415:=1,18d0%0a%3c 12:02 %3c jrmu> let me see if I've got it somewhere%0a%3c 12:02 %3c jrmu> Subsystem       sftp    internal-sftp%0a%3c 12:02 %3c jrmu> Match User username%0a%3c 12:02 %3c jrmu>   PasswordAuthentication yes%0a%3c 12:02 %3c jrmu>   ForceCommand internal-sftp%0a%3c 12:02 %3c jrmu>   ChrootDirectory %25h%0a%3c 12:02 %3c jrmu>   AllowTcpForwarding no%0a%3c 12:02 %3c jrmu>   AllowAgentForwarding    no%0a%3c 12:02 %3c jrmu>   PermitTunnel    no%0a%3c 12:02 %3c jrmu>   PermitTTY       no%0a%3c 12:02 %3c jrmu>   X11Forwarding   no%0a%3c 12:02 %3c jrmu> toss that into sshd_config%0a%3c 12:03 %3c jrmu> then the user's home folder /home/username%0a%3c 12:03 %3c jrmu> must be owned by root:wheel%0a%3c %0a%3c %0a%3c http://undeadly.org/cgi?action=article&sid=20080220110039%0a%3c https://man.openbsd.org/sftp-server%0a\ No newline at end of file%0a
    50. 

  50. host:1598328415=38.81.163.143
    51. 

  51.