thats strange. you cannot incorporate a sudo -u apache into the mix? how does vs-code work with its ssh protocols?
Hi,
I appreciate all the feedback. There is more to the story.
I am running a 10 year old Dell that is my daily driver. It has Kubuntu
installed on it.
I have a MSW10 laptop on my private network that I have installed
VirtualBox on.
I am a PHP developer so I use LAMP to further my goals of PHP dev.
Ultimately I want to have a LAMP config that allows me to use Visual
Studio Code to edit remotely. That requires the SSH user needs to be
the owner of the Apache virtual host docroot directories and file.
That way there is no ownership issues while uploading and downloading
files or adding, modifying, or removing directories.
I've got to the point of building out the default vhost and used that to
create a second vhost and modifying it to became a full fledged Apache
vhost.
It is my understand that i still need to complete 3 more steps and i
will have a vhost where the owner of the directories and file will also
be configured as SSH.
The 3 things I think I need to accomplish:
1) Add a user and configure it to use SSH.
2) Configure each vhost to use PHP-FPM.
3) Limit the User to the docroot of it's virtual host. (ChrootDirectory)
I am using a clone of the LAMP server so I am going to remove it and
create another close and start by trying to create a use that has SSH
access and a home directory.
Then I think I should work on limiting that user to the vhost that is
designated to work with.
Then finish up by installing configuring the vhost to use PHP-FPM.
Any thought are much appreciated!!
Keith
On 2024-10-22 07:21, Stephen Partington via PLUG-discuss wrote:
> The sshd pam setting is the one you want to make sure works because
> that appears to link sshd access to valid system users for ssh access.
>
> This is a link to my bog stock login. and any user I create (as a
> system user) can access via SSH. except for root. but root cannot even
> log in at this point.
>
> Ubuntu Stock sshdconfig [1]
>
> On Tue, Oct 22, 2024 at 2:32 AM Rusty Carruth via PLUG-discuss
> <plug-discuss@lists.phxlinux.org> wrote:
>
>> 'for fun' I pasted the text of your email in to chatgpt, it had some
>> interesting advice:
>>
>> Verify User Exists: - probably not your problem.
>>
>> Check User's Shell: Ensure that the user "default" has a valid
>> shell. You can check the user's entry in /etc/passwd
>> Good suggestion, imho, but you did imply you'd logged in as the
>> user, so this is also (probably) a red herring.
>>
>> Home Directory: Ensure the user "default" has a home directory.
>>
>> SSH Key/Password: If you're trying to log in using SSH keys, ensure
>> that the public key is correctly placed in
>> /home/default/.ssh/authorized_keys and that the permissions are set
>> correctly
>> - since you've not logged in via SSH, this is probably also a
>> herring.
>>
>> However, the suggestion: If you’re using password authentication,
>> make sure the user has a password set Might be helpful.
>> I'm skipping firewall suggestion.
>> Log Files: Since /var/log/faillog is empty, also check
>> /var/log/auth.log for any messages related to SSH login attempts
>> - very good idea.
>>
>> Three's more, but I'm guessing the log files are the most likely
>> place to start, after the suggestions everyone else gave.
>>
>> On 10/21/24 23:22, Rusty Carruth via PLUG-discuss wrote:
>> The other questions are all great, but can you ssh from the server
>> to itself as the desired user? That is, ssh theSSHdude@localhost ,
>> which should hopefully rule out network issues ;-)
>>
>> I'll also mention that I had a weird issue with SSH where I could
>> ssh from machine A to machine B, but not from B to A! THAT turned
>> out to be a netmask issue! And ChatGPT ALMOST got the answer. You
>> could try your favorite AI to see if it can help, but be sure to
>> give it more info than you think you should - I should have given it
>> the output of ifconfig on both computers and it probably would have
>> caught it....
>>
>> On 10/21/24 18:46, Keith Smith via PLUG-discuss wrote:
>> Hi,
>>
>> I am a little stuck.
>>
>> I am trying to configure a user that will allow me to log into an
>> Ubuntu 24.04lts server via SSH.
>>
>> I created a line : "AllowUsers default" in /etc/ssh/sshd_config
>>
>> Then sudo systemctl restart ssh
>>
>> Try to login and get "client_loop: send disconnect: Broken pipe"
>>
>> sudo tail /var/log/faillog returns nothing.
>>
>> I can SSH into the server from my Kubuntu desktop under the default
>> user created during server o/s install
>>
>> A search says it is probably a network issue. Does not make sense
>> given I can SSH in using another user.
>>
>> Any thoughts are much appreciated.
>>
>> Keith
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>> ---------------------------------------------------
>> PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
> ---------------------------------------------------
> PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
> --
> A mouse trap, placed on top of your alarm clock, will prevent you from
> rolling over and going back to sleep after you hit the snooze button.
>
> Stephen
>
>
>
> Links:
> ------
> [1]
> https://drive.google.com/open?id=1VadPv7RzeJZQca89aTi5yIJ5F76V49_gkJ_vGgZCt9U
> ---------------------------------------------------
> PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
--
A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button.
Stephen