From: Christian Heller Date: Wed, 23 Apr 2025 22:58:21 +0000 (+0200) Subject: Fix. X-Git-Url: https://plomlompom.com/repos/%7B%7Bprefix%7D%7D/%22https:/validator.w3.org/task?a=commitdiff_plain;h=78748888359a5322ee7e0e319187723ab24abdb4;p=config Fix. --- diff --git a/bookworm/copy/seedbox/etc/ssh/sshd_config.d/upload.conf b/bookworm/copy/seedbox/etc/ssh/sshd_config.d/upload.conf new file mode 100644 index 0000000..fe0ec78 --- /dev/null +++ b/bookworm/copy/seedbox/etc/ssh/sshd_config.d/upload.conf @@ -0,0 +1,12 @@ +# will allow uploads to /home/upload _if_ user has password +# (set with 'passwd upload', unset with 'password -d upload') +Match User upload + PasswordAuthentication yes + ForceCommand internal-sftp + + # some sane restrictions + AllowAgentForwarding no + AllowTcpForwarding no + PermitTunnel no + PermitTTY no + PubkeyAuthentication no diff --git a/bookworm/copy/server/etc/ssh/sshd_config b/bookworm/copy/server/etc/ssh/sshd_config index cbc223d..30574f7 100644 --- a/bookworm/copy/server/etc/ssh/sshd_config +++ b/bookworm/copy/server/etc/ssh/sshd_config @@ -2,6 +2,7 @@ Include /etc/ssh/sshd_config.d/*.conf PermitRootLogin no PasswordAuthentication no +KbdInteractiveAuthentication no UsePAM yes ClientAliveInterval 15 Subsystem sftp /usr/lib/openssh/sftp-server diff --git a/bookworm/scripts/setup_seedbox.sh b/bookworm/scripts/setup_seedbox.sh index 513a72c..48fcd63 100755 --- a/bookworm/scripts/setup_seedbox.sh +++ b/bookworm/scripts/setup_seedbox.sh @@ -10,5 +10,8 @@ expect_n_args 0 0 '' $@ check_finished_marker 'setup_server' install_tags seedbox -echo "\nActivating rtorrent tmux session service." +echo 'Setting up upload user/directory.' +adduser --quiet --system --home /home/upload + +echo 'Activating rtorrent tmux session service.' systemctl enable --now rtorrent diff --git a/bookworm/scripts/setup_server.sh b/bookworm/scripts/setup_server.sh index 6597c64..a27dd87 100755 --- a/bookworm/scripts/setup_server.sh +++ b/bookworm/scripts/setup_server.sh @@ -11,7 +11,7 @@ cd $(dirname "$0") . lib/setup_user . lib/set_hostname_and_hosts -INSTALL_TAGS='all server' +INSTALL_TAGS='all server user' expect_n_args 2 3 'CADDY_PASSWORD, HOSTNAME, [FQDN]' $@ CADDY_PASSWORD="$1"