Difference between revisions of "Remoteuseraccess"
Unnilennium (talk | contribs) |
|||
Line 18: | Line 18: | ||
===Individual Configuration=== | ===Individual Configuration=== | ||
+ | [[File:Remoteuseraccess.png|none|thumb]] | ||
+ | you can then navigate to the the server-manager to the item menu "Security/User Remote Access" and chose the user you want to edit, then as shown in the attached snapshot choose: | ||
+ | |||
+ | # shell access (empty is /bin/false) | ||
+ | # sudo access yes/no | ||
+ | # RSSH+ VPN access | ||
+ | # choose a chroot path for ftp (either by using the dropdown selection or entering your own) * | ||
+ | # insert a ssh public key to connect to your account using ssh /sftp or scp | ||
+ | |||
+ | |||
+ | <nowiki>*</nowiki>if "select Chroot Path" is not empty it will overide the content of "Chroot Path" | ||
===Userpanel=== | ===Userpanel=== | ||
A user can upload his own ssh keys using the [[:UserManager]] | A user can upload his own ssh keys using the [[:UserManager]] |
Latest revision as of 02:33, 18 October 2022
Version
Installing to SME 7.x 8.x 9.x 10.x
yum --enablerepo=smecontribs install smeserver-remoteuseraccess
Then open server manager:
server-manager > Remote Access > Remote User Access
Configure users as required
Overview
Individuals can be changed with the modify link next to their name.
Individual Configuration
you can then navigate to the the server-manager to the item menu "Security/User Remote Access" and chose the user you want to edit, then as shown in the attached snapshot choose:
- shell access (empty is /bin/false)
- sudo access yes/no
- RSSH+ VPN access
- choose a chroot path for ftp (either by using the dropdown selection or entering your own) *
- insert a ssh public key to connect to your account using ssh /sftp or scp
*if "select Chroot Path" is not empty it will overide the content of "Chroot Path"
Userpanel
A user can upload his own ssh keys using the UserManager
Help
Enable Services
- To use SSH, SSH access must be enabled with the /server-manager > Remote Access panel.
Users can then use a ssh client such as putty or a sftp client sush as winscp or filezilla
- To use FTP, FTP access must be enabled with the /server-manager > Remote Access panel.
When users FTP into the sme server they are allowed to view ibays, primary and some system information. By chrooting the user you restrict the user to below that directory. This isn't a security problem, files are protected with normal permissions, chrooting saves users time traversing to their regular uploading area.
Global Settings
You can globally set FTP chroot with the following
You can chroot all users to their home directory with the command.
config setprop ftp ChrootDir home
or an ibay (where the ibay name is mission)
config setprop ftp ChrootDir mission
or anywhere on the filesystem ibay
config setprop ftp ChrootDir /opt
to return to default settings of /home/e-smith/files/
config delprop ftp ChrootDir
then enable
expand-template /etc/proftpd.conf
Bugs
Please raise bugs under the SME-Contribs section in bugzilla and select the smeserver-remoteuseraccess component or use this link .
ID | Product | Version | Status | Summary (3 tasks) ⇒ |
---|---|---|---|---|
12508 | SME Contribs | 10.0 | CONFIRMED | drop rssh support smeserver-remoteuseraccess |
12213 | SME Contribs | 10.0 | CONFIRMED | create a shell /ssh jail root for user |
3178 | SME Contribs | 10.0 | CONFIRMED | option to chroot when connecting as user with sftp |
Changelog
Only released version in smecontrib are listed here.
- apply locale 2021-08-23 patch
- fix encoding issue in table display [SME: 11396]
- add empty -update event [SME: 11056]
- Initial import to SME10 tree [SME: 11056]
- apply locale 2016-03-09 patch