Unable to SSH into Server

techlists at phpcoderusa.com techlists at phpcoderusa.com
Tue Oct 22 13:39:01 MST 2024


Thank You Everyone!!

Seems the problem was I needed to uncomment "PasswordAuthentication 
yes". When creating a user with SSH ability.

Keith



On 2024-10-22 10:46, Rusty Carruth via PLUG-discuss wrote:
> ChatGPT gave a more complete answer than I do below (the question was: 
> This person is using vhost, and thinks he wants to chroot to the 
> docroot of the vhost when the user logs in. What do you think of that?)
> 
> (I never thought I'd be pointing people to an AI for answers! ;-)
> 
> 
> On 10/22/24 10:42, Rusty Carruth via PLUG-discuss wrote:
>> One thing I don't understand, below.
>> 
>> On 10/22/24 10:25, Keith Smith via PLUG-discuss wrote:
>>> Hi,
>>> 
>>> I appreciate all the feedback.  There is more to the story.
>>> 
>>> ....
>>> 
>>> The 3 things I think I need to accomplish:
>>> 
>>> 1) Add a user and configure it to use SSH.
>>> 2) Configure each vhost to use PHP-FPM.
>>> 3) Limit the User to the docroot of it's virtual host. 
>>> (ChrootDirectory)
>>> 
>> I don't understand # 3.  Let me say what I think you said:  you have 
>> (some number of) virtual machines.  Or do you mean that thing that 
>> allows you to run more than one web address from the same IP address?  
>> In either case, why do you need to chroot to docroot? You do realize 
>> that docroot must then have EVERYTHING the user needs - all programs, 
>> all devices, everything.  So you're going to need /dev, /bin, 
>> /usr/bin, and so forth or the user will be dead in the water with no 
>> commands - shoot, not even bash will be there to try to type commands!
>> 
>> If you're doing the chroot already, and its failing, then that's 
>> probably because bash isn't there, nor is anything else you need...
>> 
>>> I am using a clone of the LAMP server so I am going to remove it and 
>>> create another close and start by trying to create a use that has SSH 
>>> access and a home directory.
>>> 
>> If you are using virtual machines, just clone it in the virtual 
>> machine - but then, I'm thinking you don't mean virtual machine, you 
>> mean that other thing :-)
>>> Then I think I should work on limiting that user to the vhost that is 
>>> designated to work with.
>>> 
>>> 
>> So, if you mean not virtual machine but that other thing, then you're 
>> either going to have to copy all the stuff I talk about above in to 
>> the docroot tree (which I still think will cause more problems than it 
>> will fix), or mount the stuff above inside the docroot, or figure out 
>> how to change permissions and ownership so that the user can only 
>> change the stuff in their docroot.  Perhaps group ownership can save 
>> the day here, assuming you want ALL files in ALL web servers to be 
>> owned by whoever is running Apache, then create 2 or more groups, 
>> change all group ownership to the NON-User group, then
>> 
>> change group ownership of all files in your docroot to the group of 
>> the user (obviously you're going to have to change the user to have 
>> that group too), then change permissions to something like 770 for all 
>> directories everywhere (or 775, or whatever) and 660 for all files.  
>> Done, supposedly ;-)
>> 
>>> 
>>> Then finish up by installing configuring the vhost to use PHP-FPM.
>>> 
>>> Any thought are much appreciated!!
>>> 
>>> Keith
>>> 
>>> 
>> ---------------------------------------------------
>> PLUG-discuss mailing list: PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
> ---------------------------------------------------
> PLUG-discuss mailing list: PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://lists.phxlinux.org/mailman/listinfo/plug-discuss


More information about the PLUG-discuss mailing list