home · contact · privacy
projects / config / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 83b0141)
Fix.
authorChristian Heller <c.heller@plomlompom.de>
Wed, 23 Apr 2025 22:58:21 +0000 (00:58 +0200)
committerChristian Heller <c.heller@plomlompom.de>
Wed, 23 Apr 2025 22:58:21 +0000 (00:58 +0200)
bookworm/copy/seedbox/etc/ssh/sshd_config.d/upload.conf [new file with mode: 0644] patch | blob
bookworm/copy/server/etc/ssh/sshd_config patch | blob | history
bookworm/scripts/setup_seedbox.sh patch | blob | history
bookworm/scripts/setup_server.sh patch | blob | history

diff --git a/bookworm/copy/seedbox/etc/ssh/sshd_config.d/upload.conf b/bookworm/copy/seedbox/etc/ssh/sshd_config.d/upload.conf
new file mode 100644 (file)
index 0000000..fe0ec78
--- /dev/null
+++ b/bookworm/copy/seedbox/etc/ssh/sshd_config.d/upload.conf
@@ -0,0 +1,12 @@
+# will allow uploads to /home/upload _if_ user has password
+# (set with 'passwd upload', unset with 'password -d upload')
+Match User upload
+    PasswordAuthentication yes
+    ForceCommand internal-sftp
+
+    # some sane restrictions
+    AllowAgentForwarding no
+    AllowTcpForwarding no
+    PermitTunnel no
+    PermitTTY no
+    PubkeyAuthentication no
diff --git a/bookworm/copy/server/etc/ssh/sshd_config b/bookworm/copy/server/etc/ssh/sshd_config
index cbc223de9c78f43dcdd45e8e288c8061b728cc78..30574f7ff34228e8f6babac9a3494fa9aa071ada 100644 (file)
--- a/bookworm/copy/server/etc/ssh/sshd_config
+++ b/bookworm/copy/server/etc/ssh/sshd_config
@@ -2,6 +2,7 @@
 Include /etc/ssh/sshd_config.d/*.conf
 PermitRootLogin no
 PasswordAuthentication no
+KbdInteractiveAuthentication no
 UsePAM yes
 ClientAliveInterval 15
 Subsystem      sftp    /usr/lib/openssh/sftp-server
diff --git a/bookworm/scripts/setup_seedbox.sh b/bookworm/scripts/setup_seedbox.sh
index 513a72c15be365e3781f0b740c5f8e29d3b8c121..48fcd63e7b72b765e592e41dcd40abd5e9e292fb 100755 (executable)
--- a/bookworm/scripts/setup_seedbox.sh
+++ b/bookworm/scripts/setup_seedbox.sh
@@ -10,5 +10,8 @@ expect_n_args 0 0 '' $@
 check_finished_marker 'setup_server'
 install_tags seedbox 
 
-echo "\nActivating rtorrent tmux session service."
+echo 'Setting up upload user/directory.'
+adduser --quiet --system --home /home/upload
+
+echo 'Activating rtorrent tmux session service.'
 systemctl enable --now rtorrent
diff --git a/bookworm/scripts/setup_server.sh b/bookworm/scripts/setup_server.sh
index 6597c649c7c02849b2fc45e6acd16d5e0baca13b..a27dd87a7ff8597b4a74fab2e79f54f290d5c1eb 100755 (executable)
--- a/bookworm/scripts/setup_server.sh
+++ b/bookworm/scripts/setup_server.sh
@@ -11,7 +11,7 @@ cd $(dirname "$0")
 . lib/setup_user
 . lib/set_hostname_and_hosts
 
-INSTALL_TAGS='all server'
+INSTALL_TAGS='all server user'
 
 expect_n_args 2 3 'CADDY_PASSWORD, HOSTNAME, [FQDN]' $@
 CADDY_PASSWORD="$1"
Unnamed repository; edit this file 'description' to name the repository.