From 78748888359a5322ee7e0e319187723ab24abdb4 Mon Sep 17 00:00:00 2001 From: Christian Heller Date: Thu, 24 Apr 2025 00:58:21 +0200 Subject: [PATCH] Fix. --- .../copy/seedbox/etc/ssh/sshd_config.d/upload.conf | 12 ++++++++++++ bookworm/copy/server/etc/ssh/sshd_config | 1 + bookworm/scripts/setup_seedbox.sh | 5 ++++- bookworm/scripts/setup_server.sh | 2 +- 4 files changed, 18 insertions(+), 2 deletions(-) create mode 100644 bookworm/copy/seedbox/etc/ssh/sshd_config.d/upload.conf diff --git a/bookworm/copy/seedbox/etc/ssh/sshd_config.d/upload.conf b/bookworm/copy/seedbox/etc/ssh/sshd_config.d/upload.conf new file mode 100644 index 0000000..fe0ec78 --- /dev/null +++ b/bookworm/copy/seedbox/etc/ssh/sshd_config.d/upload.conf @@ -0,0 +1,12 @@ +# will allow uploads to /home/upload _if_ user has password +# (set with 'passwd upload', unset with 'password -d upload') +Match User upload + PasswordAuthentication yes + ForceCommand internal-sftp + + # some sane restrictions + AllowAgentForwarding no + AllowTcpForwarding no + PermitTunnel no + PermitTTY no + PubkeyAuthentication no diff --git a/bookworm/copy/server/etc/ssh/sshd_config b/bookworm/copy/server/etc/ssh/sshd_config index cbc223d..30574f7 100644 --- a/bookworm/copy/server/etc/ssh/sshd_config +++ b/bookworm/copy/server/etc/ssh/sshd_config @@ -2,6 +2,7 @@ Include /etc/ssh/sshd_config.d/*.conf PermitRootLogin no PasswordAuthentication no +KbdInteractiveAuthentication no UsePAM yes ClientAliveInterval 15 Subsystem sftp /usr/lib/openssh/sftp-server diff --git a/bookworm/scripts/setup_seedbox.sh b/bookworm/scripts/setup_seedbox.sh index 513a72c..48fcd63 100755 --- a/bookworm/scripts/setup_seedbox.sh +++ b/bookworm/scripts/setup_seedbox.sh @@ -10,5 +10,8 @@ expect_n_args 0 0 '' $@ check_finished_marker 'setup_server' install_tags seedbox -echo "\nActivating rtorrent tmux session service." +echo 'Setting up upload user/directory.' +adduser --quiet --system --home /home/upload + +echo 'Activating rtorrent tmux session service.' systemctl enable --now rtorrent diff --git a/bookworm/scripts/setup_server.sh b/bookworm/scripts/setup_server.sh index 6597c64..a27dd87 100755 --- a/bookworm/scripts/setup_server.sh +++ b/bookworm/scripts/setup_server.sh @@ -11,7 +11,7 @@ cd $(dirname "$0") . lib/setup_user . lib/set_hostname_and_hosts -INSTALL_TAGS='all server' +INSTALL_TAGS='all server user' expect_n_args 2 3 'CADDY_PASSWORD, HOSTNAME, [FQDN]' $@ CADDY_PASSWORD="$1" -- 2.30.2