Unable to SSH into Server
Snyder, Alexander J
alexander at snyderfamily.co
Tue Oct 22 15:44:53 MST 2024
Ansible is YAML, so it's dead simple from the perspective of a PHP Dev.
--
Thanks,
Alexander
Sent from my Google Pixel 7 Pro
On Tue, Oct 22, 2024, 15:35 <techlists at phpcoderusa.com> wrote:
>
> What is the learning curve for that?
>
>
> On 2024-10-22 15:09, Snyder, Alexander J wrote:
> > I think a lot of this could be made a lot easier with Ansible and
> > Jinja templates.
> >
> > --
> > Thanks,
> > Alexander
> >
> > Sent from my Google Pixel 7 Pro
> >
> > On Tue, Oct 22, 2024, 13:39 Keith Smith via PLUG-discuss
> > <plug-discuss at lists.phxlinux.org> wrote:
> >
> >> Thank You Everyone!!
> >>
> >> Seems the problem was I needed to uncomment "PasswordAuthentication
> >> yes". When creating a user with SSH ability.
> >>
> >> Keith
> >>
> >> On 2024-10-22 10:46, Rusty Carruth via PLUG-discuss wrote:
> >>> ChatGPT gave a more complete answer than I do below (the question
> >> was:
> >>> This person is using vhost, and thinks he wants to chroot to the
> >>> docroot of the vhost when the user logs in. What do you think of
> >> that?)
> >>>
> >>> (I never thought I'd be pointing people to an AI for answers! ;-)
> >>>
> >>>
> >>> On 10/22/24 10:42, Rusty Carruth via PLUG-discuss wrote:
> >>>> One thing I don't understand, below.
> >>>>
> >>>> On 10/22/24 10:25, Keith Smith via PLUG-discuss wrote:
> >>>>> Hi,
> >>>>>
> >>>>> I appreciate all the feedback. There is more to the story.
> >>>>>
> >>>>> ....
> >>>>>
> >>>>> The 3 things I think I need to accomplish:
> >>>>>
> >>>>> 1) Add a user and configure it to use SSH.
> >>>>> 2) Configure each vhost to use PHP-FPM.
> >>>>> 3) Limit the User to the docroot of it's virtual host.
> >>>>> (ChrootDirectory)
> >>>>>
> >>>> I don't understand # 3. Let me say what I think you said: you
> >> have
> >>>> (some number of) virtual machines. Or do you mean that thing
> >> that
> >>>> allows you to run more than one web address from the same IP
> >> address?
> >>>> In either case, why do you need to chroot to docroot? You do
> >> realize
> >>>> that docroot must then have EVERYTHING the user needs - all
> >> programs,
> >>>> all devices, everything. So you're going to need /dev, /bin,
> >>>> /usr/bin, and so forth or the user will be dead in the water with
> >> no
> >>>> commands - shoot, not even bash will be there to try to type
> >> commands!
> >>>>
> >>>> If you're doing the chroot already, and its failing, then that's
> >>>> probably because bash isn't there, nor is anything else you
> >> need...
> >>>>
> >>>>> I am using a clone of the LAMP server so I am going to remove it
> >> and
> >>>>> create another close and start by trying to create a use that
> >> has SSH
> >>>>> access and a home directory.
> >>>>>
> >>>> If you are using virtual machines, just clone it in the virtual
> >>>> machine - but then, I'm thinking you don't mean virtual machine,
> >> you
> >>>> mean that other thing :-)
> >>>>> Then I think I should work on limiting that user to the vhost
> >> that is
> >>>>> designated to work with.
> >>>>>
> >>>>>
> >>>> So, if you mean not virtual machine but that other thing, then
> >> you're
> >>>> either going to have to copy all the stuff I talk about above in
> >> to
> >>>> the docroot tree (which I still think will cause more problems
> >> than it
> >>>> will fix), or mount the stuff above inside the docroot, or figure
> >> out
> >>>> how to change permissions and ownership so that the user can only
> >>
> >>>> change the stuff in their docroot. Perhaps group ownership can
> >> save
> >>>> the day here, assuming you want ALL files in ALL web servers to
> >> be
> >>>> owned by whoever is running Apache, then create 2 or more groups,
> >>
> >>>> change all group ownership to the NON-User group, then
> >>>>
> >>>> change group ownership of all files in your docroot to the group
> >> of
> >>>> the user (obviously you're going to have to change the user to
> >> have
> >>>> that group too), then change permissions to something like 770
> >> for all
> >>>> directories everywhere (or 775, or whatever) and 660 for all
> >> files.
> >>>> Done, supposedly ;-)
> >>>>
> >>>>>
> >>>>> Then finish up by installing configuring the vhost to use
> >> PHP-FPM.
> >>>>>
> >>>>> Any thought are much appreciated!!
> >>>>>
> >>>>> Keith
> >>>>>
> >>>>>
> >>>> ---------------------------------------------------
> >>>> PLUG-discuss mailing list: PLUG-discuss at lists.phxlinux.org
> >>>> To subscribe, unsubscribe, or to change your mail settings:
> >>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
> >>> ---------------------------------------------------
> >>> PLUG-discuss mailing list: PLUG-discuss at lists.phxlinux.org
> >>> To subscribe, unsubscribe, or to change your mail settings:
> >>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
> >> ---------------------------------------------------
> >> PLUG-discuss mailing list: PLUG-discuss at lists.phxlinux.org
> >> To subscribe, unsubscribe, or to change your mail settings:
> >> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20241022/88fe0925/attachment.htm>
More information about the PLUG-discuss
mailing list