rigacci.org

User Tools

Site Tools

Trace:
doc:appunti:linux:sa:ssh

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
doc:appunti:linux:sa:ssh [2022/02/11 11:22] – [rush] niccolodoc:appunti:linux:sa:ssh [2025/11/28 12:04] (current) – [rush] niccolo
Line 27: Line 27:
 <code> <code>
 apt install rush apt install rush
-adduser --uid 1004 --gecos "Special SFTP account" --shell "/usr/sbin/rush" sftp-user+adduser --uid 1004 --gecos "Special SFTP account"
 +    --shell "/usr/sbin/rush" --disabled-password sftp-user 
 +echo 'sftp-user:MyPassword' | chpasswd
 mkdir -p /srv/rush/ mkdir -p /srv/rush/
 debootstrap buster /srv/rush/ debootstrap buster /srv/rush/
Line 40: Line 42:
 dpkg-reconfigure locales dpkg-reconfigure locales
 apt install openssh-sftp-server apt install openssh-sftp-server
-adduser --uid 1004 --gecos "Special SFTP account" --shell "/bin/false" sftp-user+adduser --uid 1004 --gecos "Special SFTP account" 
 +    --shell "/bin/false" --disabled-password sftp-user
 </code> </code>
  
Line 46: Line 49:
  
 <file> <file>
-# Sftp-server requests: chroot to the virtual server, change to the user's 
-#                       home directory, set umask to 002 and execute only 
-#                       /usr/lib/sftp-server. 
-# 
-# Setting for a chroot directory created using 'debootstrap'. 
-# 
-# Remark: The location '/usr/lib/' is inherited. 
- 
 rule sftp-rush rule sftp-rush
   command ^.*/sftp-server   command ^.*/sftp-server
Line 62: Line 57:
   chdir ~   chdir ~
 </file> </file>
 +
 +:!: **ATTENZIONE**: Con la versione 2 di rush il file di confgurazione è leggermente diverso:
 +
 +<file>
 +rush 2.0
 +
 +global
 +  debug 2
 +
 +rule sftp-rush
 +  match $command ~ "^.*/sftp-server" && $uid >= 1000
 +  set program = "/usr/lib/sftp-server"
 +  umask 002
 +  chroot "/srv/rush"
 +  chdir "/home/$user"
 +</file>
 +
 +
 +Si dovrebbe quindi poter accedere via **sftp**, ma fallire via **ssh**:
 +
 +<code>
 +sftp -P 22 sftp-user@remote.host.com
 +sftp-user@remote.host.com's password: 
 +Connected to sftp-user@remote.host.com.
 +sftp>
 +</code>
 +
 +<code>
 +ssh -p 22 sftp-user@remote.host.com
 +sftp-user@remote.host.com's password: 
 +You do not have interactive login access to this machine.
 +Contact the systems administrator for further assistance.
 +Connection to remote.host.com closed.
 +</code>
  
 ===== SSH su Windows ===== ===== SSH su Windows =====
doc/appunti/linux/sa/ssh.1644574974.txt.gz · Last modified: by niccolo