Logging in to zeroshell’s ssh as a user (not admin)

Home Page Forums Network Management ZeroShell Logging in to zeroshell’s ssh as a user (not admin)

This topic contains 5 replies, has 0 voices, and was last updated by  bender02 9 years, 4 months ago.

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #41653

    bender02
    Member

    I found out that in order to login to zeroshell’s ssh as any user different from admin (ie as users added to kerberos’ database via the web interface), I need to do 2 more things that I didn’t figure out how to do via the web interface, I had to do them via ssh:
    1) add that user to /etc/passwd
    2) add that user to AllowUsers in /etc/ssh/sshd_config
    otherwise ssh complains that it’s an invalid user and doesn’t authenticate.

    The positive outcome of this is that now I can use sftp and scp to copy files to/from zeroshell (which wouldn’t work with the ‘admin’ user, since its ‘login shell’ script sends some text automatically on each login, which throws off all the s{cp,ftp} clients).

    1st question: is there an easier way to enable sftp-server subsystem on zeroshell to actually function (btw, it runs by default, but it’s unusable).

    2nd question (I guess to fulvio) is: is this so by design, or would I have a chance requesting a feature to add the possiblity to do these 2 changes via the web gui interface? Thanks. [btw, fulvio, thanks for this otherwise excellenty running system! I really love it.]

    #48044

    imported_fulvio
    Participant

    At the moment the easiest way to enable scp and sftp is what you describe.

    Regards
    Fulvio

    #48045

    zerone
    Member

    @bender02 wrote:

    I found out that in order to login to zeroshell’s ssh as any user different from admin (ie as users added to kerberos’ database via the web interface), I need to do 2 more things that I didn’t figure out how to do via the web interface, I had to do them via ssh:
    1) add that user to /etc/passwd
    2) add that user to AllowUsers in /etc/ssh/sshd_config
    otherwise ssh complains that it’s an invalid user and doesn’t authenticate.

    The positive outcome of this is that now I can use sftp and scp to copy files to/from zeroshell (which wouldn’t work with the ‘admin’ user, since its ‘login shell’ script sends some text automatically on each login, which throws off all the s{cp,ftp} clients).

    1st question: is there an easier way to enable sftp-server subsystem on zeroshell to actually function (btw, it runs by default, but it’s unusable).

    2nd question (I guess to fulvio) is: is this so by design, or would I have a chance requesting a feature to add the possiblity to do these 2 changes via the web gui interface? Thanks. [btw, fulvio, thanks for this otherwise excellenty running system! I really love it.]

    i need your help.. pls give me step by step how you do 2 things. cause i’m not good in unix system command…

    i’ve created new user but i cant login ssh with it..

    and i need guide to do sftp too..

    thanks

    #48046

    bender02
    Member

    editing the files in zeroshell needs to be done via ssh, so
    – run ‘ssh admin@’
    – it asks for a passwd, so go ahead with it
    – then press ‘s’ (for ‘s’hell), after a password it should drop you into a shell
    – edit /etc/passwd; the only editor I found installed by default on zeroshell is vi/vim, so ‘vim /etc/passwd’ (read something about editing in vim beforehand, if you haven’t done it before)
    – copy the first line (begins with root:x: ), so that you have it twice and edit one of them. you need to change the first thing before ‘:’ to the actual username you want to use, and then you might want to change the default directory (with root it’s “/root”) to something else (like “/home/”) [then you need to create this directory, run ‘mkdir /home/’ in shell]; save the file, exit the editor
    – edit /etc/ssh/sshd_config, so ‘vim /etc/ssh/sshd_config’. Find the line that with “AllowUsers admin” and change it to “AllowUsers admin “. Save the file, exit the editor. It is important that you don’t mess up this file, since if it’s faulty then sshd won’t restart properly and you won’t be able to ssh to your machine.
    – restart the ssh daemon. This is best done from gui, so finish the ssh session (‘exit’ on the shell prompt exits to the menu, and then ‘ctrl+c’ exits the session). Go to your zeroshell gui, click on ‘SSH’, uncheck “Enabled”, click “Save”, check “Enabled”, click “Save”. This restarts the ssh daemon.
    – now if you’ve added the user properly to kerberos’ database (in gui, click on “Users”, etc…), you should be able to ‘ssh @’ and after entering the password, you should be in (a shell prompt).
    – if it doesn’t work, check your ssh logs (in gui, click “Logs”, then select “sshd”)

    – WARNING: these changes are not persistent, so after rebooting the zeroshell, you need to do them again (I haven’t looked into this, so I don’t know now how to make them persistent).

    – you don’t need any extra things for sftp, it’s set up on by default. So if your ssh login as a user works, just use any sftp client to connect to zeroshell. You can use ‘sftp @’, or ‘scp @:’

    #48047

    zerone
    Member

    @bender02 wrote:

    editing the files in zeroshell needs to be done via ssh, so
    – run ‘ssh admin@’
    – it asks for a passwd, so go ahead with it
    – then press ‘s’ (for ‘s’hell), after a password it should drop you into a shell
    – edit /etc/passwd; the only editor I found installed by default on zeroshell is vi/vim, so ‘vim /etc/passwd’ (read something about editing in vim beforehand, if you haven’t done it before)
    – copy the first line (begins with root:x: ), so that you have it twice and edit one of them. you need to change the first thing before ‘:’ to the actual username you want to use, and then you might want to change the default directory (with root it’s “/root”) to something else (like “/home/”) [then you need to create this directory, run ‘mkdir /home/’ in shell]; save the file, exit the editor
    – edit /etc/ssh/sshd_config, so ‘vim /etc/ssh/sshd_config’. Find the line that with “AllowUsers admin” and change it to “AllowUsers admin “. Save the file, exit the editor. It is important that you don’t mess up this file, since if it’s faulty then sshd won’t restart properly and you won’t be able to ssh to your machine.
    – restart the ssh daemon. This is best done from gui, so finish the ssh session (‘exit’ on the shell prompt exits to the menu, and then ‘ctrl+c’ exits the session). Go to your zeroshell gui, click on ‘SSH’, uncheck “Enabled”, click “Save”, check “Enabled”, click “Save”. This restarts the ssh daemon.
    – now if you’ve added the user properly to kerberos’ database (in gui, click on “Users”, etc…), you should be able to ‘ssh @’ and after entering the password, you should be in (a shell prompt).
    – if it doesn’t work, check your ssh logs (in gui, click “Logs”, then select “sshd”)

    – WARNING: these changes are not persistent, so after rebooting the zeroshell, you need to do them again (I haven’t looked into this, so I don’t know now how to make them persistent).

    – you don’t need any extra things for sftp, it’s set up on by default. So if your ssh login as a user works, just use any sftp client to connect to zeroshell. You can use ‘sftp @’, or ‘scp @:’

    thanks for your reply but i’ve found out to do this myself (after searching in google)

    1. i make user via gui… (exp: zerone)
    2. i run to shell with this command:
    useradd zerone -p (anyword)
    3. vi /etc/ssh/sshd_config
    AllowUsers admin zerone
    4. restart ssh service via web
    5. viola now i can login with my user…

    Now i want to search the way how to put this configuration to startup script…
    Maybe mr Fulvio can help me?

    Thanks all
    Thanks mr fulvio for your good work of Zeroshell

    #48048

    bdsnyder
    Member

    @bender02 wrote:

    – WARNING: these changes are not persistent, so after rebooting the zeroshell, you need to do them again (I haven’t looked into this, so I don’t know now how to make them persistent).

    In my post boot script I added:

    echo “backup:x:50003:100::/backup:” >> /etc/passwd
    echo “AllowUsers admin backup” >> /etc/ssh/sshd_config
    /etc/init.d/sshd stop
    /etc/init.d/sshd start

    #48049

    jt
    Member

    @bdsnyder wrote:

    In my post boot script I added:

    echo “backup:x:50003:100::/backup:” >> /etc/passwd
    echo “AllowUsers admin backup” >> /etc/ssh/sshd_config
    /etc/init.d/sshd stop
    /etc/init.d/sshd start

    That will help, thanks! I can use this same method for a lot of other settings changes.

    for instance,
    iptraf wants to save it’s settings in a file, but the directory doesn’t exist, so this will create the directory it needs:

    mkdir /var/local/iptraf

    (of course, the iptraf.cfg file itself doesn’t carry over, but that’s ok for now)

    For copying files, here’s how I temporarily mount a usb flash drive as another filesystem. My zeroshell boots from a IDE hard drive. I used this to export some tcpdump files that I collected.

    I plug in the USB drive.
    then, from the ssh admin login, or the Shell prompt on the console,
    dmesg | more

    I get this information at the end of the dmesg entries:

    Initializing USB Mass Storage driver...
    scsi2 : SCSI emulation for USB Mass Storage devices
    usb-storage: device found at 2
    usb-storage: waiting for device to settle before scanning
    usbcore: registered new interface driver usb-storage
    USB Mass Storage support registered.
    usbcore: registered new interface driver ub
    scsi 2:0:0:0: Direct-Access USB 2.0 USB Flash Drive 0.00 PQ: 0 ANSI: 2
    sd 2:0:0:0: [sda] 7897088 512-byte hardware sectors (4043 MB)
    sd 2:0:0:0: [sda] Write Protect is off
    sd 2:0:0:0: [sda] Mode Sense: 00 00 00 00
    ...
    sd 2:0:0:0: [sda] Assuming drive cache: write through
    sda: sda1
    sd 2:0:0:0: [sda] Attached SCSI removable disk

    So, it is /dev/sda1 in this case. ( “sda: sda1”)

    mkdir /usbtmp
    mount /dev/sda1 /usbtmp
    copy files to or from the usb drive at /usbtmp.
    cd /
    umount /usbtmp
Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.