Unable to SSH into Server
techlists at phpcoderusa.com
techlists at phpcoderusa.com
Tue Oct 22 17:19:44 MST 2024
I've seen YAML maybe two times and have never used it.
On 2024-10-22 15:44, Snyder, Alexander J wrote:
> Ansible is YAML, so it's dead simple from the perspective of a PHP
> Dev.
>
> --
> Thanks,
> Alexander
>
> Sent from my Google Pixel 7 Pro
>
> On Tue, Oct 22, 2024, 15:35 <techlists at phpcoderusa.com> wrote:
>
>> What is the learning curve for that?
>>
>> On 2024-10-22 15:09, Snyder, Alexander J wrote:
>>> I think a lot of this could be made a lot easier with Ansible and
>>> Jinja templates.
>>>
>>> --
>>> Thanks,
>>> Alexander
>>>
>>> Sent from my Google Pixel 7 Pro
>>>
>>> On Tue, Oct 22, 2024, 13:39 Keith Smith via PLUG-discuss
>>> <plug-discuss at lists.phxlinux.org> wrote:
>>>
>>>> Thank You Everyone!!
>>>>
>>>> Seems the problem was I needed to uncomment
>> "PasswordAuthentication
>>>> yes". When creating a user with SSH ability.
>>>>
>>>> Keith
>>>>
>>>> On 2024-10-22 10:46, Rusty Carruth via PLUG-discuss wrote:
>>>>> ChatGPT gave a more complete answer than I do below (the
>> question
>>>> was:
>>>>> This person is using vhost, and thinks he wants to chroot to the
>>>>> docroot of the vhost when the user logs in. What do you think of
>>>> that?)
>>>>>
>>>>> (I never thought I'd be pointing people to an AI for answers!
>> ;-)
>>>>>
>>>>>
>>>>> On 10/22/24 10:42, Rusty Carruth via PLUG-discuss wrote:
>>>>>> One thing I don't understand, below.
>>>>>>
>>>>>> On 10/22/24 10:25, Keith Smith via PLUG-discuss wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>> I appreciate all the feedback. There is more to the story.
>>>>>>>
>>>>>>> ....
>>>>>>>
>>>>>>> The 3 things I think I need to accomplish:
>>>>>>>
>>>>>>> 1) Add a user and configure it to use SSH.
>>>>>>> 2) Configure each vhost to use PHP-FPM.
>>>>>>> 3) Limit the User to the docroot of it's virtual host.
>>>>>>> (ChrootDirectory)
>>>>>>>
>>>>>> I don't understand # 3. Let me say what I think you said: you
>>>> have
>>>>>> (some number of) virtual machines. Or do you mean that thing
>>>> that
>>>>>> allows you to run more than one web address from the same IP
>>>> address?
>>>>>> In either case, why do you need to chroot to docroot? You do
>>>> realize
>>>>>> that docroot must then have EVERYTHING the user needs - all
>>>> programs,
>>>>>> all devices, everything. So you're going to need /dev, /bin,
>>>>>> /usr/bin, and so forth or the user will be dead in the water
>> with
>>>> no
>>>>>> commands - shoot, not even bash will be there to try to type
>>>> commands!
>>>>>>
>>>>>> If you're doing the chroot already, and its failing, then
>> that's
>>>>>> probably because bash isn't there, nor is anything else you
>>>> need...
>>>>>>
>>>>>>> I am using a clone of the LAMP server so I am going to remove
>> it
>>>> and
>>>>>>> create another close and start by trying to create a use that
>>>> has SSH
>>>>>>> access and a home directory.
>>>>>>>
>>>>>> If you are using virtual machines, just clone it in the virtual
>>>>>> machine - but then, I'm thinking you don't mean virtual
>> machine,
>>>> you
>>>>>> mean that other thing :-)
>>>>>>> Then I think I should work on limiting that user to the vhost
>>>> that is
>>>>>>> designated to work with.
>>>>>>>
>>>>>>>
>>>>>> So, if you mean not virtual machine but that other thing, then
>>>> you're
>>>>>> either going to have to copy all the stuff I talk about above
>> in
>>>> to
>>>>>> the docroot tree (which I still think will cause more problems
>>>> than it
>>>>>> will fix), or mount the stuff above inside the docroot, or
>> figure
>>>> out
>>>>>> how to change permissions and ownership so that the user can
>> only
>>>>
>>>>>> change the stuff in their docroot. Perhaps group ownership can
>>>> save
>>>>>> the day here, assuming you want ALL files in ALL web servers to
>>>> be
>>>>>> owned by whoever is running Apache, then create 2 or more
>> groups,
>>>>
>>>>>> change all group ownership to the NON-User group, then
>>>>>>
>>>>>> change group ownership of all files in your docroot to the
>> group
>>>> of
>>>>>> the user (obviously you're going to have to change the user to
>>>> have
>>>>>> that group too), then change permissions to something like 770
>>>> for all
>>>>>> directories everywhere (or 775, or whatever) and 660 for all
>>>> files.
>>>>>> Done, supposedly ;-)
>>>>>>
>>>>>>>
>>>>>>> Then finish up by installing configuring the vhost to use
>>>> PHP-FPM.
>>>>>>>
>>>>>>> Any thought are much appreciated!!
>>>>>>>
>>>>>>> Keith
>>>>>>>
>>>>>>>
>>>>>> ---------------------------------------------------
>>>>>> PLUG-discuss mailing list: PLUG-discuss at lists.phxlinux.org
>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>> ---------------------------------------------------
>>>>> PLUG-discuss mailing list: PLUG-discuss at lists.phxlinux.org
>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>> ---------------------------------------------------
>>>> PLUG-discuss mailing list: PLUG-discuss at lists.phxlinux.org
>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
More information about the PLUG-discuss
mailing list