Created
January 16, 2019 11:26
-
-
Save PragmaticEd/3e9c5027e8917a3ab6c07d3bc66cfa56 to your computer and use it in GitHub Desktop.
Add sFTP user, limit home, and disable ssh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| USER="example" | |
| PASS="example" | |
| USER_ROOT="/var/www/example.lv" | |
| # fix "Authentication token manipulation error" error: | |
| # https://www.codevoila.com/post/26/fix-authentication-token-manipulation-error-when-changing-user-password-in-ubuntu | |
| sudo mount -rw -o remount / | |
| # delete user & group, if exists | |
| sudo userdel "$USER" | |
| sudo groupdel "$USER" | |
| # create user home dir, if not exists | |
| sudo mkdir -p "$USER_ROOT" | |
| # add user & grup, and add user to group | |
| #sudo useradd "$USER" --shell /bin/static-sh --home-dir "$USER_ROOT" | |
| sudo useradd "$USER" --home-dir "$USER_ROOT" --shell /bin/sh | |
| sudo groupadd "$USER" | |
| sudo usermod -a -G "$USER" "$USER" | |
| # make sure user shell permissions are correct | |
| # set user pw | |
| #sudo passwd "$USER" | |
| echo "$USER:$PASS" | sudo chpasswd | |
| # set user permissions | |
| sudo chown -R root:root "$USER_ROOT" | |
| sudo chown -R "$USER:$USER" "$USER_ROOT/public_html" | |
| sudo chmod 755 -R "$USER_ROOT" | |
| # Limit user root directory | |
| sudo sh -c "echo '' >> /etc/ssh/sshd_config" | |
| sudo sh -c "echo 'Match user $USER' >> /etc/ssh/sshd_config" | |
| sudo sh -c "echo ' PasswordAuthentication yes' >> /etc/ssh/sshd_config" | |
| sudo sh -c "echo ' ChrootDirectory $USER_ROOT' >> /etc/ssh/sshd_config" | |
| sudo sh -c "echo ' X11Forwarding no' >> /etc/ssh/sshd_config" | |
| sudo sh -c "echo ' AllowTcpForwarding no' >> /etc/ssh/sshd_config" | |
| sudo sh -c "echo ' ForceCommand internal-sftp' >> /etc/ssh/sshd_config" | |
| sudo sh -c "echo '' >> /etc/ssh/sshd_config" | |
| sudo service ssh restart | |
| sudo /etc/init.d/vsftpd restart | |
| echo "-------------------------------" | |
| echo "" | |
| echo "make sure u edit /etc/ssh/sshd_config to have:" | |
| echo "" | |
| echo " #Subsystem sftp /usr/lib/openssh/sftp-server" | |
| echo " Subsystem sftp internal-sftp" | |
| echo "" | |
| echo "-------------------------------" | |
| echo "" | |
| echo " ssh disabled" | |
| echo "" | |
| echo "sFTP:" | |
| echo "-------------------------------" | |
| echo "" | |
| echo " sftp $USER@92.240.80.77" | |
| echo "" | |
| echo "host: 92.240.80.77" | |
| echo "user: $USER" | |
| echo "pass: $PASS" | |
| echo "port: 22" | |
| echo "-------------------------------" | |
| echo "" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment