Facebook
Twitter
C
cgraham149
Guest
Adding Secure Shell Access for web_users under 1 domain
+++ I do not know if this is SECURE / SAFE - but it worked for my purposes +++
Step 1:
Login as: root (I use WinSCP).
Navigate to: /usr/libexec/
Download: /usr/libexec/openssh/ (whole directory - containing sftp-server & ssh-keysign)
Step 2:
Navigate to: /home/httpd/vhosts/chroot/usr/libexec
Upload openssh dir (containing sftp-server & ssh-keysign) - make sure permission are set to 0755 on sftp-server and 0711 on ssh-keysign
Step 3:
Use Plesk to create new web_user: user1
Step 4:
Shell Login as: root (I use PuTTy)
Issue the following comand (modify domain as needed):
/usr/local/psa/admin/bin/chrootmng --create --source=/home/httpd/vhosts/chroot --target=/home/httpd/vhosts/domain.com/web_users/user1
Step 5:
Still using WinSCP as root...
Navigate to: /etc
Right click on passwd file and choose edit
New web_user entry should be last on the list and looks like this:
user1:x:10004:10001::/home/httpd/vhosts/domain.com/web_users/user1:/bin/false
Change /bin/false to /usr/local/psa/bin/chrootsh so it looks like this:
user1:x:10004:10001::/home/httpd/vhosts/domain.com/web_users/user1:/usr/local/psa/bin/chrootsh
Save file
Copy 1st part of above like this:
user1:x:10004:10001::
Step 6:
Navigate to: /home/httpd/vhosts/domain.com/web_users/user1/etc
Right click on passwd file and choose edit
Paste user1:x:10004:10001:: and add this /:/bin/bash - it should look like this:
user1:x:10004:10001::/:/bin/bash
Save file
Web_user now has secure shell access to his own directory. He can also SFTP or FTP to that directory but is locked down and can not move up into higher directories!!
Step 4 will copy all files and folders in chroot to the web_user directory, including:
bin, lib, tmp, var
I think it is ok to remove those directories and probably should as they may pose a security risk.
+++ I do not know if this is SECURE / SAFE - but it worked for my purposes +++
Step 1:
Login as: root (I use WinSCP).
Navigate to: /usr/libexec/
Download: /usr/libexec/openssh/ (whole directory - containing sftp-server & ssh-keysign)
Step 2:
Navigate to: /home/httpd/vhosts/chroot/usr/libexec
Upload openssh dir (containing sftp-server & ssh-keysign) - make sure permission are set to 0755 on sftp-server and 0711 on ssh-keysign
Step 3:
Use Plesk to create new web_user: user1
Step 4:
Shell Login as: root (I use PuTTy)
Issue the following comand (modify domain as needed):
/usr/local/psa/admin/bin/chrootmng --create --source=/home/httpd/vhosts/chroot --target=/home/httpd/vhosts/domain.com/web_users/user1
Step 5:
Still using WinSCP as root...
Navigate to: /etc
Right click on passwd file and choose edit
New web_user entry should be last on the list and looks like this:
user1:x:10004:10001::/home/httpd/vhosts/domain.com/web_users/user1:/bin/false
Change /bin/false to /usr/local/psa/bin/chrootsh so it looks like this:
user1:x:10004:10001::/home/httpd/vhosts/domain.com/web_users/user1:/usr/local/psa/bin/chrootsh
Save file
Copy 1st part of above like this:
user1:x:10004:10001::
Step 6:
Navigate to: /home/httpd/vhosts/domain.com/web_users/user1/etc
Right click on passwd file and choose edit
Paste user1:x:10004:10001:: and add this /:/bin/bash - it should look like this:
user1:x:10004:10001::/:/bin/bash
Save file
Web_user now has secure shell access to his own directory. He can also SFTP or FTP to that directory but is locked down and can not move up into higher directories!!
Step 4 will copy all files and folders in chroot to the web_user directory, including:
bin, lib, tmp, var
I think it is ok to remove those directories and probably should as they may pose a security risk.
