### Example Configuration File Structure
Source: https://mysecureshell.readthedocs.io/en/latest/configuration_overview.html
This is a basic example of how configuration files should be structured using parent and child tags. It demonstrates the general syntax for defining settings.
```plaintext
ChildTag value
```
--------------------------------
### Install MySecureShell
Source: https://mysecureshell.readthedocs.io/en/latest/installation_source.html
Install the compiled MySecureShell application. This command typically requires root privileges.
```bash
> make install
```
--------------------------------
### Launch Vagrant VM
Source: https://mysecureshell.readthedocs.io/en/latest/contribute.html
Command to start and provision the Vagrant virtual machine defined in the Vagrantfile.
```bash
$ vagrant up
```
--------------------------------
### Download Vagrantfile
Source: https://mysecureshell.readthedocs.io/en/latest/quick_try_vagrant.html
Commands to create a directory and download the Vagrantfile for MySecureShell setup.
```bash
$ mkdir mysecureshell
$ cd mysecureshell
$ wget --no-check-certificate https://github.com/deimosfr/mysecureshell/master/deployment-tools/vagrant/Vagrantfile
```
--------------------------------
### ForceUser Configuration Example
Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/forceuser.html
This example demonstrates how to force the username 'sftp_user' for the authenticated user 'username'. This setting ensures that any files or folders created by 'username' will be associated with 'sftp_user'.
```configuration
Home /home
ForceUser sftp_user
```
--------------------------------
### Configure MySecureShell Build
Source: https://mysecureshell.readthedocs.io/en/latest/installation_source.html
Prepare the sources for compilation using the configure script. This example enables log color output.
```bash
$ ./configure --with-logcolor=yes
```
--------------------------------
### Boot the Virtual Machine with Vagrant
Source: https://mysecureshell.readthedocs.io/en/latest/quick_try_vagrant.html
Use this command to start the virtual machine defined in your Vagrantfile. It handles importing the base box and setting up networking.
```bash
$ vagrant up
==> default: Forcing shutdown of VM...
==> default: Destroying VM and associated drives...
==> default: Running cleanup tasks for 'shell' provisioner...
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Importing base box 'deimosfr/debian-wheezy'...
==> default: Matching MAC address for NAT networking...
...
==> default: Server is now online.
==> default: Starting SFTP Server:
==> default: MySecureShell is now online
```
--------------------------------
### Install MySecureShell on Ubuntu 12.04
Source: https://mysecureshell.readthedocs.io/en/latest/installation_os_ubuntu.html
Update the package list and install MySecureShell on Ubuntu 12.04 after adding the repository.
```bash
> apt-get update
> apt-get install mysecureshell
```
--------------------------------
### Install MySecureShell using Homebrew
Source: https://mysecureshell.readthedocs.io/en/latest/installation_os_macosx.html
Installs the MySecureShell package using the Homebrew package manager after Homebrew has been successfully installed.
```shell
> brew install mysecureshell
```
--------------------------------
### Connect with SFTP Command Line
Source: https://mysecureshell.readthedocs.io/en/latest/usages_user.html
Use the `sftp` command to connect to a remote host. Ensure you have the `sftp` client installed on your system.
```bash
> sftp user@host
Connected to user@host.
sftp>
```
--------------------------------
### Nagios User Check Script - Percentage Example
Source: https://mysecureshell.readthedocs.io/en/latest/tp_others_nagios.html
Example of running the `check_mss_users` script using percentage-based thresholds. This configuration will trigger a warning at 80% and a critical alert at 90% of the maximum allowed users.
```bash
$ check_mss_users -w 80 -c 90 -p 1
USERS OK - currently connected 0 / 10 |users=0;80;90
```
--------------------------------
### Install MySecureShell on Fedora 19
Source: https://mysecureshell.readthedocs.io/en/latest/installation_os_fedora.html
After adding the repository, this command installs the MySecureShell package using yum on Fedora 19.
```bash
> yum install mysecureshell
```
--------------------------------
### Configure User-Specific Home Directory
Source: https://mysecureshell.readthedocs.io/en/latest/tags/parents/user.html
This example demonstrates how to set a default home directory for all users and a specific home directory for the 'admin' user. Use this to override default user settings.
```configuration
Home /home/$USER
Home /home/
```
--------------------------------
### Nagios User Check Script - Absolute Count Example
Source: https://mysecureshell.readthedocs.io/en/latest/tp_others_nagios.html
Example of running the `check_mss_users` script with absolute user count thresholds. Sets a warning at 80 users and a critical alert at 100 users.
```bash
$ check_mss_users -w 80 -c 100
USERS OK - currently connected 0 / 10 |users=0;80;100
```
--------------------------------
### Allowing Admins to Remove Files
Source: https://mysecureshell.readthedocs.io/en/latest/tags/deprecated/canremovefile.html
This example demonstrates how to enable file removal for the 'admins' group. Ensure the group exists and users within it have the necessary permissions.
```configuration
CanRemoveFile false
CanRemoveFile true
```
--------------------------------
### MySecureShell Installation Verification
Source: https://mysecureshell.readthedocs.io/en/latest/usages_admin.html
Run the 'sftp-verif' tool to check for the presence and correct rights of MySecureShell binaries, and to verify configuration and server status.
```bash
> sftp-verif
################################################################################
MySecureShell Verification Tool
################################################################################
### Verifing file existance ###
/usr/bin/mysecureshell [ OK ]
/bin/sftp-who [ OK ]
/bin/sftp-kill [ OK ]
/bin/sftp-state [ OK ]
/bin/sftp-admin [ OK ]
/bin/sftp-verif [ OK ]
/bin/sftp-user [ OK ]
### Verifing /etc/shells ###
/etc/shells contains /usr/bin/mysecureshell [ OK ]
### Verifing rights ###
Verifing file rights of /etc/ssh/sftp_config [ OK ]
Verifing file rights of /bin/sftp-who [ OK ]
Verifing file rights of /bin/sftp-verif [ OK ]
Verifing file rights of /bin/sftp-user [ OK ]
Verifing file rights of /bin/sftp-kill [ OK ]
Verifing file rights of /bin/sftp-state [ OK ]
Verifing file rights of /bin/sftp-admin [ OK ]
Verifing file rights of /usr/bin/mysecureshell [ OK ]
### Verifing rotation logs ###
Rotation logs have been found [ OK ]
### Verifing server status ###
Verifing server status (ONLINE) [ OK ]
### Verifing server dependencies ###
Show only error(s) :
### Verifing server configuration ###
Show only error(s) :
Trying user: root
Checking user : mssuser
### All tests dones ###
```
--------------------------------
### Enable Development Dependencies in Vagrantfile
Source: https://mysecureshell.readthedocs.io/en/latest/contribute.html
Commented-out line in the Vagrantfile that, when uncommented, enables the installation of all development dependencies for contributing to MySecureShell.
```ruby
#config.vm.provision "shell", inline: $install_mss_dev
```
--------------------------------
### VirtualHost Specific Home Directory Configuration
Source: https://mysecureshell.readthedocs.io/en/latest/tags/parents/virtualhost.html
This example demonstrates how to set a default home directory and then override it for specific virtual hosts. Use this to manage user environments based on the domain they connect to.
```config
home /home
home /home/en.mysite.com
home /home/fr.mysite.com
```
--------------------------------
### Install Homebrew Package Manager
Source: https://mysecureshell.readthedocs.io/en/latest/installation_os_macosx.html
Installs the Homebrew package manager on your Mac OS X system. This is a prerequisite for installing MySecureShell via brew.
```shell
> ruby -e "$(curl -fsSL https://raw.github.com/Homebrew/homebrew/go/install)"
```
--------------------------------
### Install MySecureShell on CentOS 6
Source: https://mysecureshell.readthedocs.io/en/latest/installation_os_centos_redhat.html
Installs the MySecureShell package using yum after the repository has been added for CentOS 6.
```bash
yum install mysecureshell
```
--------------------------------
### Set Upload Bandwidth Limits
Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/upload.html
This example demonstrates how to configure upload bandwidth limits for all users and specific admin users. The 'Upload' tag sets the maximum bandwidth in kilobytes per second (k).
```configuration
Home /home
Upload 100k
Home /home
Upload 900k
```
--------------------------------
### MySecureShell Dockerfile
Source: https://mysecureshell.readthedocs.io/en/latest/quick_try_docker.html
This is the content of the Dockerfile used to build the MySecureShell image. It sets up the necessary repositories, installs packages, creates a user, and configures SSHd.
```dockerfile
FROM debian:stable
MAINTAINER Pierre Mavro
##################
# User Quick Try #
##################
RUN echo 'deb http://mysecureshell.free.fr/repository/index.php/debian/7.1 testing main' \
> /etc/apt/sources.list.d/mysecureshell.list
RUN echo 'deb-src http://mysecureshell.free.fr/repository/index.php/debian/7.1 testing main' \
>> /etc/apt/sources.list.d/mysecureshell.list
RUN gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys E328F22B
RUN gpg --export E328F22B | apt-key add -
RUN apt-get update
RUN DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::="--force-confdef" \
-o Dpkg::Options::="--force-confold" install mysecureshell whois procps openssh-server
RUN apt-get clean
RUN mkdir /var/run/sshd
RUN pass=$(mkpasswd -m sha-512 -s mssuser) && useradd -m -s /usr/bin/mysecureshell -p $pass mssuser
RUN echo 'root:root' | chpasswd
RUN chmod 4755 /usr/bin/mysecureshell
# Start SSHd
EXPOSE 22
CMD ["/usr/sbin/sshd", "-D"]
```
--------------------------------
### Group Configuration Example
Source: https://mysecureshell.readthedocs.io/en/latest/tags/parents/group.html
This snippet demonstrates how to configure download speed limits for a group of users. It sets a global download limit, a default limit for all parent tags, and a higher limit for users in the 'admins' group.
```config
home /home
# max download speed for the server
GlobalDownload 200M
# max download speed for all parent tags
Download 5M
Download 10M
```
--------------------------------
### Build MySecureShell Docker Image
Source: https://mysecureshell.readthedocs.io/en/latest/quick_try_docker.html
Builds the MySecureShell Docker image from a remote Dockerfile. Ensure Docker is installed on your Linux host.
```bash
$ docker build -t mysecureshell \
https://raw.githubusercontent.com/mysecureshell/mysecureshell/master/deployment-tools/docker/Dockerfile
```
--------------------------------
### MySecureShell Vagrantfile Configuration
Source: https://mysecureshell.readthedocs.io/en/latest/quick_try_vagrant.html
The Vagrantfile defines the virtual machine's box, network settings, and provisioning scripts for installing MySecureShell.
```ruby
# -*- mode: ruby -*-
# vi: set ft=ruby :
# MySecureShell Team
# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
VAGRANTFILE_API_VERSION = "2"
$install_mss = < /etc/apt/sources.list.d/mysecureshell.list
gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys E328F22B
gpg --export E328F22B | apt-key add -
apt-get update
apt-get -y install mysecureshell
pass=$(mkpasswd -m sha-512 -s mssuser)
useradd -m -s /usr/bin/mysecureshell -p $pass mssuser
chmod 4755 /usr/bin/mysecureshell
INSTALL
$install_mss_dev = <
Home /home
DisableRemoveFile true
```
--------------------------------
### Hiding Files and Directories with HideFiles
Source: https://mysecureshell.readthedocs.io/en/latest/tags/deprecated/hidefiles.html
This example demonstrates how to use the HideFiles tag to hide specific files and directories like 'lost+found' or 'public_html' using regular expressions within the Default context.
```config
Home /home
HideFiles "^(lost+found|public_html)$"
```
--------------------------------
### Separate Log Files with LogFile Tag
Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/logfile.html
Use the LogFile tag to specify distinct log file paths for different configurations. This example shows how to set a default log file and a separate log file for a virtual host.
```config
LogFile /var/log/sftp_server.log
LogFile /var/log/sftp/www.example.com.log
```
--------------------------------
### Add MySecureShell Repository for Debian 7 (Wheezy)
Source: https://mysecureshell.readthedocs.io/en/latest/installation_os_debian.html
Adds the MySecureShell dedicated repository to the sources list for Debian 7. This allows installation of the latest version.
```bash
> echo "deb http://mysecureshell.free.fr/repository/index.php/debian/7.1 testing main
deb-src http://mysecureshell.free.fr/repository/index.php/debian/7.1 testing main" > /etc/apt/sources.list.d/mysecureshell.list
```
--------------------------------
### Set Charset to UTF8
Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/charset.html
This example demonstrates how to set the Charset to UTF8, which is commonly used for supporting a wide range of characters including special characters and non-Latin alphabets. This configuration is part of the Default settings.
```config
Charset "UTF8"
```
--------------------------------
### Setting Default File and Folder Rights
Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/defaultrights.html
Configure default permissions for new files and folders. The first value (XXXX) sets file rights, and the second (YYYY) sets folder rights using UNIX numeric notation. This example sets full rights (0777) for all new items.
```configuration
Home /home
DefaultRights 0777 0777
Home /home/secret
DefaultRights 0700 0700
```
--------------------------------
### Add MySecureShell Repository for Debian 6 (Squeeze)
Source: https://mysecureshell.readthedocs.io/en/latest/installation_os_debian.html
Adds the MySecureShell dedicated repository to the sources list for Debian 6. This allows installation of the latest version.
```bash
> echo "deb http://mysecureshell.free.fr/repository/index.php/debian/6.0 testing main
deb-src http://mysecureshell.free.fr/repository/index.php/debian/6.0 testing main" > /etc/apt/sources.list.d/mysecureshell.list
```
--------------------------------
### Limit Connections Per IP Address
Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/limitconnectionbyip.html
This example demonstrates how to limit the total maximum connections to 8 while restricting each IP address to a single connection. This configuration is applied within the Default context.
```nginx
Home /home
LimitConnection 8
LimitConnectionByIp 1
```
--------------------------------
### Vagrantfile for MySecureShell Development Environment
Source: https://mysecureshell.readthedocs.io/en/latest/contribute.html
This Vagrantfile configures a Debian Wheezy virtual machine with MySecureShell installed and sets up port forwarding and networking. It includes inline shell scripts for provisioning.
```ruby
# -*- mode: ruby -*-
# vi: set ft=ruby :
# MySecureShell Team
# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
VAGRANTFILE_API_VERSION = "2"
$install_mss = < /etc/apt/sources.list.d/mysecureshell.list
gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys E328F22B
gpg --export E328F22B | apt-key add -
apt-get update
apt-get -y install mysecureshell
pass=$(mkpasswd -m sha-512 -s mssuser)
useradd -m -s /usr/bin/mysecureshell -p $pass mssuser
chmod 4755 /usr/bin/mysecureshell
INSTALL
$install_mss_dev = <
CanRemoveDir false
CanRemoveDir true
```
--------------------------------
### Disable Rename for Users Group
Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/disablerename.html
This example demonstrates how to deny users within the 'users' group the ability to rename files and folders by setting the DisableRename option to true.
```configuration
Home /home
DisableRename true
```
--------------------------------
### Hide Public User Permissions
Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/dirfakemode.html
This example demonstrates how to hide the real permissions of files and folders from public users by setting DirFakeMode to 0777 for the 'public' group.
```configuration
Home /home
DirFakeMode 0777
```
--------------------------------
### Setting Group Expiration Date
Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/expiredate.html
Example of setting an expiration date for a group of users. Users belonging to this group will not be allowed to connect after the specified date and time.
```ini
Home /home
ExpireDate "2015-12-25 00:00:00"
```
--------------------------------
### Hide Dot Files and Folders
Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/ignorehidden.html
Use this snippet to hide all files and folders that start with a dot (e.g., .DsStore). This configuration is applied within the Default context.
```INI
Home /home
IgnoreHidden true
```
--------------------------------
### Set ConnectionMaxLife to 24 Hours
Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/connectionmaxlife.html
This example demonstrates setting the default maximum connection time to 24 hours. The 'admins' group is explicitly set to unlimited connections (0), and 'managers' group inherits the default settings.
```configuration
Home /home
ConnectionMaxLife 24h
ConnectionMaxLife 0
Home /home/managers
```
--------------------------------
### Force SFTP Protocol Version 3 for a Group
Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/sftpprotocol.html
This example demonstrates how to configure MySecureShell to use SFTP protocol version 3 for users in the 'oldclients' group, while all other users default to version 4. Ensure the group is defined in your configuration.
```configuration
Home /home
SftpProtocol 4
SftpProtocol 3
```
--------------------------------
### Example of GMTTime Configuration
Source: https://mysecureshell.readthedocs.io/en/latest/tags/deprecated/gmttime.html
This snippet shows how to configure the GMTTime tag within a Default block to set a GMT offset of +1 hour. This tag is no longer valid in versions 1.25 and later.
```config
Home /home
GMTTime +1
```
--------------------------------
### Limit Simultaneous Opened Files for a User
Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/maxopenfilesforuser.html
Use this snippet to set a limit on the number of simultaneous opened files for a specific user. The example limits the user to 5 opened files.
```config
Home /home
MaxOpenFilesForUser 5
```
--------------------------------
### Disable Group Accounts
Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/disableaccount.html
This example demonstrates how to disable accounts for a group of users by setting DisableAccount to false within the group configuration. This setting prevents new connections for users in this group.
```configuration
Home /home
DisableAccount false
```
--------------------------------
### Restrict Bash Shell to Admins Group
Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/shell.html
This example demonstrates how to restrict shell access to only the '/bin/bash' shell for users belonging to the 'admins' group. It also sets the default home directory for all users.
```shell
Home /home
Shell /bin/bash
```
--------------------------------
### Display sftp-user command help
Source: https://mysecureshell.readthedocs.io/en/latest/usages_admin.html
View the available options and usage instructions for the `sftp-user` command by running `sftp-user --help`.
```bash
> sftp-user --help
Usage 1: sftp-user create [user] [hide user]
Usage 2: sftp-user delete [user]
Usage 3: sftp-user list
Usage 4: sftp-user hide [user] [hide] (Mac OS X Only)
Options Choices Descriptions
user Username User Name
hide user 1/0 hide user from login panel and user managements (Max OS X Only)
delete home 1/0 Remove user Home directory
hide 1/0 Hide/Unhide (Mac OS X Only)
```
--------------------------------
### Enable Home Directory Creation
Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/create_home.html
Use this snippet to ensure that a user's home directory is created if it does not already exist. This is useful for environments where home directories are not pre-provisioned.
```config
Home /home
CreateHome true
```
--------------------------------
### Build Documentation Locally
Source: https://mysecureshell.readthedocs.io/en/latest/contribute.html
Use this command within the _doc_ folder to generate HTML documentation after making modifications. This command invokes Sphinx to build the documentation.
```bash
$ make html
sphinx-build -b html -d build/doctrees source build/html
Running Sphinx v1.2.2
loading pickled environment... done
loading intersphinx inventory from http://docs.python.org/objects.inv...
building [html]: targets for 1 source files that are out of date
updating environment: 0 added, 1 changed, 0 removed
reading sources... [100%] contribute
looking for now-outdated files... 77 found
pickling environment... done
checking consistency... done
preparing documents... done
writing output... [100%] usages_user
writing additional files... genindex search
copying images... [100%] images/logo_ubuntu.png
copying static files... done
copying extra files... done
dumping search index... done
dumping object inventory... done
build succeeded, 1 warning.
Build finished. The HTML pages are in build/html.
```
--------------------------------
### Include Configuration File in Default Context
Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/include.html
Demonstrates how to include an additional configuration file within the default MySecureShell configuration. Ensure the specified include file exists and contains valid MySecureShell directives.
```config
Home /home
Include /etc/ssh/mysecureshell/my_sftp_config_file
```
--------------------------------
### Basic User Configuration
Source: https://mysecureshell.readthedocs.io/en/latest/configuration_usecases.html
Configure default user settings, admin privileges, and group restrictions for home directory access, download, and upload speeds.
```ini
# For all users, they will have access to their own home directory
Home /home/$USER
# This user can have advanced rights to manage MySecureShell from the CLI
IsAdmin true
# Force users to stay in their home directory
StayAtHome true
# Limit their download speed to 128k
Download 128k
# Limit their upload speed to 16k
Upload 16k
```
--------------------------------
### Multi-Website Administration Configuration
Source: https://mysecureshell.readthedocs.io/en/latest/configuration_usecases.html
Set up global and user-specific bandwidth limits, connection restrictions, idle timeouts, and file/directory permissions for managing multiple websites.
```ini
# For all users, they will have access to their own home directory
Home /home/$USER
# Force users to stay in their home directory
VirtualChroot true
# Set global download for the server to 100m
GlobalDownload 100m
# Set global upload for the server to 100m
GlobalUpload 100m
# Limit user download speed to 1m
Download 1m
# Limit user upload speed to 1m
Upload 1m
# Limit 6 users per IP
LimitConnectionByIP 6
# We limit a user up to 2 simultaneous connections
LimitConnectionByUser 2
# We do not want users to keep forever their idle connection
IdleTimeOut 10m
# Force user and group to apache daemon username
# to avoid rights issues
ForceUser www-data
ForceGroup www-data
# We do not want users to be able to set execution files
MaximumRights 0640 0750
# We do not want users to be able to change file attributes
DisableSetAttribute true
# Set home directory for this virtualhost
Home /var/www/sites/www.example.com
# Set dedicated log file
LogFile /var/log/sftp/www.example.com
# Set home directory for this virtualhost
Home /var/www/sites/www.exemple.fr
# Set dedicated log file
LogFile /var/log/sftp/www.example.com
# Override the maximum number of connection per user
LimitConnectionByUser 4
```
--------------------------------
### Configure Default and Group Home Directories
Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/home.html
Define the default home directory for all users and specific home directories for members of a group. The 'Home' directive specifies the path.
```configuration
Home /home/$USER
Home /mnt/nfs/secret/$USER
Home /
```
--------------------------------
### Add MySecureShell Repository for CentOS 5
Source: https://mysecureshell.readthedocs.io/en/latest/installation_os_centos_redhat.html
Adds the MySecureShell repository configuration to yum for CentOS 5. This allows installation of the latest MySecureShell version.
```bash
echo "[mysecureshell]
name=MySecureShell
baseurl=http://mysecureshell.free.fr/repository/index.php/centos/5.5/
enabled=1
gpgcheck=0" > /etc/yum.repos.d/mysecureshell.repo
```
--------------------------------
### Import GPG Repository Key
Source: https://mysecureshell.readthedocs.io/en/latest/installation_os_ubuntu.html
Import the GPG key for the MySecureShell repository. This is a prerequisite for adding the repository.
```bash
> apt-key adv --keyserver pool.sks-keyservers.net --recv-keys E328F22B
```
--------------------------------
### Add MySecureShell Repository for CentOS 6
Source: https://mysecureshell.readthedocs.io/en/latest/installation_os_centos_redhat.html
Adds the MySecureShell repository configuration to yum for CentOS 6. This allows installation of the latest MySecureShell version.
```bash
echo "[mysecureshell]
name=MySecureShell
baseurl=http://mysecureshell.free.fr/repository/index.php/centos/6.4/
enabled=1
gpgcheck=0" > /etc/yum.repos.d/mysecureshell.repo
```
--------------------------------
### Compile MySecureShell
Source: https://mysecureshell.readthedocs.io/en/latest/installation_source.html
Launch the compilation process for MySecureShell using the make all command.
```bash
$ make all
```
--------------------------------
### Limit Simultaneous Unauthenticated Connections
Source: https://mysecureshell.readthedocs.io/en/latest/faq.html
Control the number of concurrent unauthenticated connections by setting the MaxStartups value in the sshd_config file. This example limits connections to 5.
```bash
MaxStartups 5
```
--------------------------------
### Create a new user
Source: https://mysecureshell.readthedocs.io/en/latest/usages_admin.html
Use the `sftp-user create` command to add a new user and set their password. This command also associates the MySecureShell shell with the new user.
```bash
> sftp-user create mssuser /home/mssuser
Enter password:
```
--------------------------------
### Disable Directory Reading for a Group
Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/disablereaddir.html
This example denies users in the 'users' group the ability to read directory contents. Ensure the 'users' group is defined in your configuration.
```configuration
Home /home
DisableReadDir true
```
--------------------------------
### Allowing Image Files with PathAllowFilter
Source: https://mysecureshell.readthedocs.io/en/latest/tags/deprecated/pathallowfilter.html
Use PathAllowFilter to restrict access to specific file extensions, such as images. This example shows how to allow only JPG, PNG, and GIF files.
```config
Home /home
PathAllowFilter "^*.(jpg|png|gif)$"
```
--------------------------------
### Disable Set Attribute for Group
Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/disablesetattribute.html
This example denies users in the 'users' group the ability to modify file and folder attributes. Ensure the group is correctly defined in your configuration.
```configuration
Home /home
DisableSetAttribute true
```
--------------------------------
### Testing Date Format with date command
Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/expiredate.html
Demonstrates how to test date format using the 'date' command in a shell environment. This is useful for verifying the strftime format required by the ExpireDate tag.
```bash
$ echo $(date '+%Y-%m-%d %H:%M:%S')
2014-08-15 15:21:19
```
--------------------------------
### Deny Directory Removal for Users Group
Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/disableremovedir.html
This example configures MySecureShell to prevent users belonging to the 'users' group from removing directories. Ensure the group is correctly defined in your configuration.
```configuration
Home /home
DisableRemoveDir true
```
--------------------------------
### Execute 'env' command on file download
Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/callbackdownload.html
Use this snippet to log environment variables when a file is downloaded. The 'env' command is executed by the server.
```shell
CallbackDownload "env"
```
--------------------------------
### Run MySecureShell Docker Container
Source: https://mysecureshell.readthedocs.io/en/latest/quick_try_docker.html
Launches the MySecureShell Docker container in detached mode, mapping host port 22222 to container port 22. This command starts the service.
```bash
$ docker run -d -p 22222:22 mysecureshell
```
--------------------------------
### Configure Global and User Upload Limits
Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/globalupload.html
This snippet demonstrates setting a global maximum upload bandwidth for the server to 1M and a user-specific upload limit to 100k. Use this configuration to manage overall server upload capacity and individual user constraints.
```configuration
Home /home
GlobalUpload 1M
Upload 100k
```
--------------------------------
### Dockerfile for MySecureShell Development Environment
Source: https://mysecureshell.readthedocs.io/en/latest/contribute.html
This Dockerfile sets up a Debian-based environment with all necessary packages, sources, and dependencies for developing MySecureShell. It includes system packages, development tools, and Python packages for documentation.
```docker
FROM debian:unstable
MAINTAINER Pierre Mavro
##################
# User Quick Try #
##################
RUN apt-get update
RUN DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::="--force-confdef" \
-o Dpkg::Options::="--force-confold" install whois procps openssh-server
RUN mkdir /var/run/sshd
RUN echo 'root:root' | chpasswd
#######
# DEV #
#######
RUN apt-get update
RUN apt-get -y install git
RUN git clone https://github.com/mysecureshell/mysecureshell.git
RUN apt-get -y install libacl1-dev libgnutls28-dev gcc make
RUN apt-get -y install build-essential fakeroot lintian devscripts debhelper ubuntu-dev-tools \
cowbuilder autotools-dev
RUN apt-get -y install sphinx-doc sphinx-common python3-sphinx libjs-sphinxdoc \
python-pip texlive-latex-base texlive-latex-recommended texlive-latex-extra texlive-fonts-recommended
RUN apt-get clean
RUN pip install sphinx_rtd_theme
# Start SSHd
EXPOSE 22
CMD ["/usr/sbin/sshd", "-D"]
```
--------------------------------
### Set Global and User Download Limits
Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/globaldownload.html
Configure the maximum download bandwidth for the entire server and for individual users. The GlobalDownload value sets the server-wide limit, while the Download tag sets the limit for the current context (e.g., a specific user).
```configuration
Home /home
GlobalDownload 1M
Download 100k
```
--------------------------------
### Applying FileSpecs in Default Configuration
Source: https://mysecureshell.readthedocs.io/en/latest/tags/parents/filespec.html
This snippet shows how to apply multiple FileSpec filters, OnlyDataAndHome and AllowedExtensions, to the default configuration. Filters are applied in the order specified, separated by commas.
```config
ApplyFileSpec OnlyDataAndHome,AllowedExtensions
```
--------------------------------
### Enable ShowLinksAsLinks
Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/showlinksaslinks.html
This snippet demonstrates how to enable the ShowLinksAsLinks option within the Default configuration context. Set ShowLinksAsLinks to true to prevent users from seeing if folders and files are symbolic links.
```config
Home /home
ShowLinksAsLinks true
```
--------------------------------
### Connect to MySecureShell via SFTP
Source: https://mysecureshell.readthedocs.io/en/latest/quick_try_vagrant.html
Connect to the MySecureShell instance running on the virtual machine using SFTP. Use 'mssuser' for both username and password.
```bash
$ sftp mssuser@192.168.33.10
```
```bash
mssuser@192.168.33.10's password:
Connected to 192.168.33.10.
sftp> ls
sftp> pwd
Remote working directory: /
```
--------------------------------
### List available users
Source: https://mysecureshell.readthedocs.io/en/latest/usages_admin.html
The `sftp-user list` command displays all users currently managed by MySecureShell.
```bash
> sftp-user list
mssuser
```
--------------------------------
### Enable VirtualChroot for All Users
Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/virtualchroot.html
This snippet enables the VirtualChroot feature for all users by setting the VirtualChroot option to true within the Default context. Ensure the Home directory is correctly specified.
```configuration
Home /home
VirtualChroot true
```
--------------------------------
### FileSpec to Allow Specific Directories
Source: https://mysecureshell.readthedocs.io/en/latest/tags/parents/filespec.html
This FileSpec, named OnlyDataAndHome, enforces access only to directories starting with /data or /home. It evaluates the full absolute path and processes Allow rules before Deny rules.
```config
# Here, we check against the full absolute path
# instead of just the filename or foldername
UseFullPath true
# We define the order in which paths are evaluated
Order AllowDeny
# Allow any full path that starts with /data or /home
Allow "^/(data|home)"
Deny all
```
--------------------------------
### Enable HideNoAccess in Default Context
Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/hidenoaccess.html
This snippet demonstrates how to enable the HideNoAccess functionality within the Default configuration context. It ensures that unauthorized files and folders are hidden from users.
```apache
home /home
HideNoAccess true
```
--------------------------------
### DirFakeUser Configuration Example
Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/dirfakeuser.html
This configuration hides file and folder owner names from all users except the admin. The DirFakeUser option is set to true by default for all users and then explicitly set to false for the 'admin' user.
```INI
Home /home
DirFakeUser true
DirFakeUser false
```
--------------------------------
### Import MySecureShell GPG Key for Debian 7 (Wheezy)
Source: https://mysecureshell.readthedocs.io/en/latest/installation_os_debian.html
Imports the GPG repository key for MySecureShell on Debian 7. This is necessary to verify the authenticity of packages from the added repository.
```bash
> gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys E328F22B
> gpg --export E328F22B | apt-key add -
```
--------------------------------
### Disable Overwriting for a User Group
Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/disableoverwrite.html
This example demonstrates how to prevent users within the 'users' group from overwriting existing files. The DisableOverwrite tag is set to true within the group's configuration block.
```configuration
Home /home
DisableOverwrite true
```
--------------------------------
### Verify User Entry with getent
Source: https://mysecureshell.readthedocs.io/en/latest/faq.html
Use the `getent passwd` command to verify if a user entry exists and retrieve its details. This is a crucial step before modifying user shells for alternative authentication.
```bash
$ getent passwd username
username:x:1000:1000:username,,,:/home/username:/usr/bin/zsh
```
--------------------------------
### Set Download Bandwidth Limits
Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/download.html
Configure default download bandwidth for all users and a higher limit for specific users (e.g., 'admin'). This snippet shows how to apply different download limits based on user context.
```config
Home /home
Download 100k
Home /home
Download 900k
```
--------------------------------
### Build Docker Image for MySecureShell Development
Source: https://mysecureshell.readthedocs.io/en/latest/contribute.html
Command to build the Docker image named 'mysecureshelldev' from the Dockerfile located at the specified URL.
```bash
$ docker build -t mysecureshelldev \
https://raw.githubusercontent.com/mysecureshell/mysecureshell/master/deployment-tools/docker/dev/Dockerfile
```
--------------------------------
### Connect to Vagrant VM via SSH
Source: https://mysecureshell.readthedocs.io/en/latest/quick_try_vagrant.html
Use this command to establish an SSH connection to your Vagrant virtual machine. Ensure you are in the directory containing your Vagrantfile.
```bash
$ vagrant ssh
```
--------------------------------
### Enable Syslog Logging
Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/logsyslog.html
Use this snippet to enable syslog logging by setting the LogSyslog option to true within the relevant configuration block.
```configuration
Home /home
LogSyslog true
```
--------------------------------
### Check SSH Port Connectivity
Source: https://mysecureshell.readthedocs.io/en/latest/faq.html
Use `nc` (netcat) to verify if the SSH port on your SFTP server is open and reachable. Replace `your_sftp_server` with the actual server address and `22` with your SSH port if it's non-standard.
```bash
> nc -v your_sftp_server 22
Connection to localhost 22 port [tcp/ssh] succeeded!
```
--------------------------------
### SSH into the Virtual Machine and Check Connected Users
Source: https://mysecureshell.readthedocs.io/en/latest/quick_try_vagrant.html
Access the virtual machine via SSH to run commands. Use 'sudo sftp-who' to view currently connected SFTP users and their details.
```bash
$ vagrant ssh
$ sudo sftp-who
```
```bash
---
1 / 10 clients ---
Global used bandwith : 0 bytes/s / 0 bytes/s
PID: 3389 Name: mssuser IP:
Home: /home/mssuser
Status: idle Path: /
File:
Connected: 2014/08/19 15:38:27 [since 10s]
Speed: Download: 0 bytes/s [5.00 kbytes/s] Upload: 0 bytes/s [unlimited]
Total: Download: 1398 bytes Upload: 141 bytes
```
--------------------------------
### Set Minimum File and Folder Rights
Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/maximumrights.html
Sets the minimum permissions for files to 0644 and for folders to 0770. This restricts file executability and limits folder access to owner and group.
```configuration
Home /home
MinimumRights 0644 0770
```
--------------------------------
### Execute custom script on file download
Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/callbackdownload.html
This snippet demonstrates calling a custom script upon successful file download. The script receives the path of the downloaded file as an argument.
```shell
CallbackDownload "/bin/my-script.sh $LAST_FILE_PATH"
```
--------------------------------
### Add MySecureShell Repository for Ubuntu 10.10
Source: https://mysecureshell.readthedocs.io/en/latest/installation_os_ubuntu.html
Add the MySecureShell repository line for Ubuntu 10.10 to your system's sources. This allows apt to find the MySecureShell package.
```bash
> add-apt-repository 'deb http://mysecureshell.free.fr/repository/index.php/ubuntu/10.10 testing main'
```
--------------------------------
### Granting Simple Admin Rights to a Group
Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/issimpleadmin.html
This snippet demonstrates how to grant IsSimpleAdmin privileges to a group named 'simpleadmins'. It requires the Default and Group configurations to be set up.
```configuration
Home /home
IsSimpleAdmin true
```
--------------------------------
### Add MySecureShell Repository for Fedora 17
Source: https://mysecureshell.readthedocs.io/en/latest/installation_os_fedora.html
This command adds the MySecureShell repository configuration for Fedora 17 to the system. It creates or overwrites the /etc/yum.repos.d/mysecureshell.repo file.
```bash
> echo "[mysecureshell]
name=MySecureShell
baseurl=http://mysecureshell.free.fr/repository/index.php/fedora/17/
enabled=1
gpgcheck=0" > /etc/yum.repos.d/mysecureshell.repo
```
--------------------------------
### MySecureShell Admin Commands
Source: https://mysecureshell.readthedocs.io/en/latest/usages_admin.html
Connect to MySecureShell as an administrator via SSH to access remote control features. Use the 'help' command to see available actions.
```bash
> sftp-admin admin@sftp.example.com
admin@sftp.example.com's password:
> help
Usage:
kill [0 or PID] : kill user with PID or 0 to kill all users
list : list online users
log [x bytes] : show last x bytes of log
quit : quit program
server [start or stop] : start or stop server
```