ssh and access
passwordless ssh access¶
Create a new key. Choose the default file location when prompted. Press Enter when prompted for a passphrase.
The command will create two files.
Copy the public key (id_ed25519.pub) to the remote server.
tail -f on a remote server¶
Reference: ianneubert.com
block ssh for a user or a group¶
block a user:
block a group:
save the file, and restart the daemon
sftp jail¶
if you have already configured an ftp server to allow users to access only their home directory, know that you can do the same with sftp. and even prevent the user from accessing the server via ssh.
configure openssh server¶
add or edit this item on /etc/ssh/sshd_config
add this to the end of the same file
Match group filetransfer
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
restart openssh
modify user accounts¶
create a system group, which will be used by all users that can access the server only via SFTP.
modify the user accounts to restrict their access to sftp only. these commands need to be done for each user account that is created.
user accounts that can access the server via ssh should not be changed, nor should they be added to the filetransfer group.
once this is done, it is necessary to create a directory within each user's home. this directory will be the place where the user can place his files normally.
with these settings, users will be able to access the server via sftp and add/remove files in the public_html directory, but they will not be able to add files elsewhere, nor access the server via ssh.
reference: Limiting Access with SFTP Jails on Debian and Ubuntu