Remoteuseraccess

From SME Server
Revision as of 02:33, 18 October 2022 by Unnilennium (talk | contribs) (→‎Individual Configuration)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Version

Contrib 10:
Contrib 9:
smeserver-remoteuseraccess
The latest version of smeserver-remoteuseraccess is available in the SME repository, click on the version number(s) for more information.


Installing to SME 7.x 8.x 9.x 10.x

yum --enablerepo=smecontribs install smeserver-remoteuseraccess

Then open server manager:

server-manager > Remote Access > Remote User Access

Configure users as required

Overview

Individuals can be changed with the modify link next to their name.


Individual Configuration


you can then navigate to the the server-manager to the item menu "Security/User Remote Access" and chose the user you want to edit, then as shown in the attached snapshot choose:

  1. shell access (empty is /bin/false)
  2. sudo access yes/no
  3. RSSH+ VPN access
  4. choose a chroot path for ftp (either by using the dropdown selection or entering your own) *
  5. insert a ssh public key to connect to your account using ssh /sftp or scp


*if "select Chroot Path" is not empty it will overide the content of "Chroot Path"

Userpanel

A user can upload his own ssh keys using the UserManager


Help

Enable Services

  • To use SSH, SSH access must be enabled with the /server-manager > Remote Access panel.

Users can then use a ssh client such as putty or a sftp client sush as winscp or filezilla

  • To use FTP, FTP access must be enabled with the /server-manager > Remote Access panel.

When users FTP into the sme server they are allowed to view ibays, primary and some system information. By chrooting the user you restrict the user to below that directory. This isn't a security problem, files are protected with normal permissions, chrooting saves users time traversing to their regular uploading area.

Global Settings

You can globally set FTP chroot with the following

You can chroot all users to their home directory with the command.

config setprop ftp ChrootDir home

or an ibay (where the ibay name is mission)

config setprop ftp ChrootDir mission

or anywhere on the filesystem ibay

config setprop ftp ChrootDir /opt

to return to default settings of /home/e-smith/files/

config delprop ftp ChrootDir

then enable

expand-template /etc/proftpd.conf

Bugs

Please raise bugs under the SME-Contribs section in bugzilla and select the smeserver-remoteuseraccess component or use this link .


IDProductVersionStatusSummary (3 tasks)
12508SME Contribs10.0CONFIRMEDdrop rssh support smeserver-remoteuseraccess
12213SME Contribs10.0CONFIRMEDcreate a shell /ssh jail root for user
3178SME Contribs10.0CONFIRMEDoption to chroot when connecting as user with sftp

Changelog

Only released version in smecontrib are listed here.

smeserver-remoteuseraccess Changelog: SME 10 (smecontribs)
2021/08/23 Terry Fage 1.3-6.sme
- apply locale 2021-08-23 patch
2021/02/24 Jean-Philipe Pialasse 1.3-5.sme
- fix encoding issue in table display [SME: 11396]
2021/02/24 Jean-Philipe Pialasse 1.3-4.sme
- add empty -update event [SME: 11056]
2020/10/26 Brian Read 1.3-3.sme
- Initial import to SME10 tree [SME: 11056]
2016/03/09 JP Pialasse 1.3-2.sme
- apply locale 2016-03-09 patch