Unable to SSH into Server

techlists at phpcoderusa.com techlists at phpcoderusa.com
Tue Oct 22 15:34:59 MST 2024 

What is the learning curve for that?


On 2024-10-22 15:09, Snyder, Alexander J wrote:
> I think a lot of this could be made a lot easier with Ansible and
> Jinja templates.
> 
> --
> Thanks,
> Alexander
> 
> Sent from my Google Pixel 7 Pro
> 
> On Tue, Oct 22, 2024, 13:39 Keith Smith via PLUG-discuss
> <plug-discuss at lists.phxlinux.org> wrote:
> 
>> Thank You Everyone!!
>> 
>> Seems the problem was I needed to uncomment "PasswordAuthentication
>> yes". When creating a user with SSH ability.
>> 
>> Keith
>> 
>> On 2024-10-22 10:46, Rusty Carruth via PLUG-discuss wrote:
>>> ChatGPT gave a more complete answer than I do below (the question
>> was:
>>> This person is using vhost, and thinks he wants to chroot to the
>>> docroot of the vhost when the user logs in. What do you think of
>> that?)
>>> 
>>> (I never thought I'd be pointing people to an AI for answers! ;-)
>>> 
>>> 
>>> On 10/22/24 10:42, Rusty Carruth via PLUG-discuss wrote:
>>>> One thing I don't understand, below.
>>>> 
>>>> On 10/22/24 10:25, Keith Smith via PLUG-discuss wrote:
>>>>> Hi,
>>>>> 
>>>>> I appreciate all the feedback.  There is more to the story.
>>>>> 
>>>>> ....
>>>>> 
>>>>> The 3 things I think I need to accomplish:
>>>>> 
>>>>> 1) Add a user and configure it to use SSH.
>>>>> 2) Configure each vhost to use PHP-FPM.
>>>>> 3) Limit the User to the docroot of it's virtual host.
>>>>> (ChrootDirectory)
>>>>> 
>>>> I don't understand # 3.  Let me say what I think you said:  you
>> have
>>>> (some number of) virtual machines.  Or do you mean that thing
>> that
>>>> allows you to run more than one web address from the same IP
>> address?
>>>> In either case, why do you need to chroot to docroot? You do
>> realize
>>>> that docroot must then have EVERYTHING the user needs - all
>> programs,
>>>> all devices, everything.  So you're going to need /dev, /bin,
>>>> /usr/bin, and so forth or the user will be dead in the water with
>> no
>>>> commands - shoot, not even bash will be there to try to type
>> commands!
>>>> 
>>>> If you're doing the chroot already, and its failing, then that's
>>>> probably because bash isn't there, nor is anything else you
>> need...
>>>> 
>>>>> I am using a clone of the LAMP server so I am going to remove it
>> and
>>>>> create another close and start by trying to create a use that
>> has SSH
>>>>> access and a home directory.
>>>>> 
>>>> If you are using virtual machines, just clone it in the virtual
>>>> machine - but then, I'm thinking you don't mean virtual machine,
>> you
>>>> mean that other thing :-)
>>>>> Then I think I should work on limiting that user to the vhost
>> that is
>>>>> designated to work with.
>>>>> 
>>>>> 
>>>> So, if you mean not virtual machine but that other thing, then
>> you're
>>>> either going to have to copy all the stuff I talk about above in
>> to
>>>> the docroot tree (which I still think will cause more problems
>> than it
>>>> will fix), or mount the stuff above inside the docroot, or figure
>> out
>>>> how to change permissions and ownership so that the user can only
>> 
>>>> change the stuff in their docroot.  Perhaps group ownership can
>> save
>>>> the day here, assuming you want ALL files in ALL web servers to
>> be
>>>> owned by whoever is running Apache, then create 2 or more groups,
>> 
>>>> change all group ownership to the NON-User group, then
>>>> 
>>>> change group ownership of all files in your docroot to the group
>> of
>>>> the user (obviously you're going to have to change the user to
>> have
>>>> that group too), then change permissions to something like 770
>> for all
>>>> directories everywhere (or 775, or whatever) and 660 for all
>> files.
>>>> Done, supposedly ;-)
>>>> 
>>>>> 
>>>>> Then finish up by installing configuring the vhost to use
>> PHP-FPM.
>>>>> 
>>>>> Any thought are much appreciated!!
>>>>> 
>>>>> Keith
>>>>> 
>>>>> 
>>>> ---------------------------------------------------
>>>> PLUG-discuss mailing list: PLUG-discuss at lists.phxlinux.org
>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list: PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>> ---------------------------------------------------
>> PLUG-discuss mailing list: PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss

More information about the PLUG-discuss mailing list