ssh and access
passwordless ssh access
Create a new key. Choose the default file location when prompted. Press ++enter++ when prompted for a passphrase.
ssh-keygen -t ed25519The command will create two files.
.ssh/id_ed25519
.ssh/id_ed25519.pubCopy the public key (id_ed25519.pub) to the remote server.
ssh-copy-id -i .ssh/id_ed25519.pub -p 22 login@remoteservertail -f on a remote server
ssh user@host "tail -f /var/log/messages"block ssh for a user or a group
# block a user
DenyUsers user1 user2 user3
# block a group:
DenyGroups group1 group2 group3save the file, and restart the daemon
sudo service ssh restartsftp jail
if you have already configured an ftp server to allow users to access only their home directory, know that you can do the same with sftp. and even prevent the user from accessing the server via ssh.
configure openssh server
Subsystem sftp internal-sftp
[...]
Match group filetransfer
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftprestart openssh
service ssh restartmodify user accounts
create a system group, which will be used by all users that can access the server only via SFTP.
addgroup --system filetransfermodify the user accounts to restrict their access to sftp only. these commands need to be done for each user account that is created.
usermod -G filetransfer the_user
chown root:root /home/the_user
chmod 755 /home/the_useruser accounts that can access the server via ssh should not be changed, nor should they be added to the filetransfer group.
once this is done, it is necessary to create a directory within each user's home. this directory will be the place where the user can place his files normally.
cd /home/the_user
mkdir public_html
chown the_user:filetransfer *with these settings, users will be able to access the server via sftp and add/remove files in the public_html directory, but they will not be able to add files elsewhere, nor access the server via ssh.
reference: Limiting Access with SFTP Jails on Debian and Ubuntu