### Example Configuration File Structure Source: https://mysecureshell.readthedocs.io/en/latest/configuration_overview.html This is a basic example of how configuration files should be structured using parent and child tags. It demonstrates the general syntax for defining settings. ```plaintext ChildTag value ``` -------------------------------- ### Install MySecureShell Source: https://mysecureshell.readthedocs.io/en/latest/installation_source.html Install the compiled MySecureShell application. This command typically requires root privileges. ```bash > make install ``` -------------------------------- ### Launch Vagrant VM Source: https://mysecureshell.readthedocs.io/en/latest/contribute.html Command to start and provision the Vagrant virtual machine defined in the Vagrantfile. ```bash $ vagrant up ``` -------------------------------- ### Download Vagrantfile Source: https://mysecureshell.readthedocs.io/en/latest/quick_try_vagrant.html Commands to create a directory and download the Vagrantfile for MySecureShell setup. ```bash $ mkdir mysecureshell $ cd mysecureshell $ wget --no-check-certificate https://github.com/deimosfr/mysecureshell/master/deployment-tools/vagrant/Vagrantfile ``` -------------------------------- ### ForceUser Configuration Example Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/forceuser.html This example demonstrates how to force the username 'sftp_user' for the authenticated user 'username'. This setting ensures that any files or folders created by 'username' will be associated with 'sftp_user'. ```configuration Home /home ForceUser sftp_user ``` -------------------------------- ### Configure MySecureShell Build Source: https://mysecureshell.readthedocs.io/en/latest/installation_source.html Prepare the sources for compilation using the configure script. This example enables log color output. ```bash $ ./configure --with-logcolor=yes ``` -------------------------------- ### Boot the Virtual Machine with Vagrant Source: https://mysecureshell.readthedocs.io/en/latest/quick_try_vagrant.html Use this command to start the virtual machine defined in your Vagrantfile. It handles importing the base box and setting up networking. ```bash $ vagrant up ==> default: Forcing shutdown of VM... ==> default: Destroying VM and associated drives... ==> default: Running cleanup tasks for 'shell' provisioner... Bringing machine 'default' up with 'virtualbox' provider... ==> default: Importing base box 'deimosfr/debian-wheezy'... ==> default: Matching MAC address for NAT networking... ... ==> default: Server is now online. ==> default: Starting SFTP Server: ==> default: MySecureShell is now online ``` -------------------------------- ### Install MySecureShell on Ubuntu 12.04 Source: https://mysecureshell.readthedocs.io/en/latest/installation_os_ubuntu.html Update the package list and install MySecureShell on Ubuntu 12.04 after adding the repository. ```bash > apt-get update > apt-get install mysecureshell ``` -------------------------------- ### Install MySecureShell using Homebrew Source: https://mysecureshell.readthedocs.io/en/latest/installation_os_macosx.html Installs the MySecureShell package using the Homebrew package manager after Homebrew has been successfully installed. ```shell > brew install mysecureshell ``` -------------------------------- ### Connect with SFTP Command Line Source: https://mysecureshell.readthedocs.io/en/latest/usages_user.html Use the `sftp` command to connect to a remote host. Ensure you have the `sftp` client installed on your system. ```bash > sftp user@host Connected to user@host. sftp> ``` -------------------------------- ### Nagios User Check Script - Percentage Example Source: https://mysecureshell.readthedocs.io/en/latest/tp_others_nagios.html Example of running the `check_mss_users` script using percentage-based thresholds. This configuration will trigger a warning at 80% and a critical alert at 90% of the maximum allowed users. ```bash $ check_mss_users -w 80 -c 90 -p 1 USERS OK - currently connected 0 / 10 |users=0;80;90 ``` -------------------------------- ### Install MySecureShell on Fedora 19 Source: https://mysecureshell.readthedocs.io/en/latest/installation_os_fedora.html After adding the repository, this command installs the MySecureShell package using yum on Fedora 19. ```bash > yum install mysecureshell ``` -------------------------------- ### Configure User-Specific Home Directory Source: https://mysecureshell.readthedocs.io/en/latest/tags/parents/user.html This example demonstrates how to set a default home directory for all users and a specific home directory for the 'admin' user. Use this to override default user settings. ```configuration Home /home/$USER Home /home/ ``` -------------------------------- ### Nagios User Check Script - Absolute Count Example Source: https://mysecureshell.readthedocs.io/en/latest/tp_others_nagios.html Example of running the `check_mss_users` script with absolute user count thresholds. Sets a warning at 80 users and a critical alert at 100 users. ```bash $ check_mss_users -w 80 -c 100 USERS OK - currently connected 0 / 10 |users=0;80;100 ``` -------------------------------- ### Allowing Admins to Remove Files Source: https://mysecureshell.readthedocs.io/en/latest/tags/deprecated/canremovefile.html This example demonstrates how to enable file removal for the 'admins' group. Ensure the group exists and users within it have the necessary permissions. ```configuration CanRemoveFile false CanRemoveFile true ``` -------------------------------- ### MySecureShell Installation Verification Source: https://mysecureshell.readthedocs.io/en/latest/usages_admin.html Run the 'sftp-verif' tool to check for the presence and correct rights of MySecureShell binaries, and to verify configuration and server status. ```bash > sftp-verif ################################################################################ MySecureShell Verification Tool ################################################################################ ### Verifing file existance ### /usr/bin/mysecureshell [ OK ] /bin/sftp-who [ OK ] /bin/sftp-kill [ OK ] /bin/sftp-state [ OK ] /bin/sftp-admin [ OK ] /bin/sftp-verif [ OK ] /bin/sftp-user [ OK ] ### Verifing /etc/shells ### /etc/shells contains /usr/bin/mysecureshell [ OK ] ### Verifing rights ### Verifing file rights of /etc/ssh/sftp_config [ OK ] Verifing file rights of /bin/sftp-who [ OK ] Verifing file rights of /bin/sftp-verif [ OK ] Verifing file rights of /bin/sftp-user [ OK ] Verifing file rights of /bin/sftp-kill [ OK ] Verifing file rights of /bin/sftp-state [ OK ] Verifing file rights of /bin/sftp-admin [ OK ] Verifing file rights of /usr/bin/mysecureshell [ OK ] ### Verifing rotation logs ### Rotation logs have been found [ OK ] ### Verifing server status ### Verifing server status (ONLINE) [ OK ] ### Verifing server dependencies ### Show only error(s) : ### Verifing server configuration ### Show only error(s) : Trying user: root Checking user : mssuser ### All tests dones ### ``` -------------------------------- ### Enable Development Dependencies in Vagrantfile Source: https://mysecureshell.readthedocs.io/en/latest/contribute.html Commented-out line in the Vagrantfile that, when uncommented, enables the installation of all development dependencies for contributing to MySecureShell. ```ruby #config.vm.provision "shell", inline: $install_mss_dev ``` -------------------------------- ### VirtualHost Specific Home Directory Configuration Source: https://mysecureshell.readthedocs.io/en/latest/tags/parents/virtualhost.html This example demonstrates how to set a default home directory and then override it for specific virtual hosts. Use this to manage user environments based on the domain they connect to. ```config home /home home /home/en.mysite.com home /home/fr.mysite.com ``` -------------------------------- ### Install Homebrew Package Manager Source: https://mysecureshell.readthedocs.io/en/latest/installation_os_macosx.html Installs the Homebrew package manager on your Mac OS X system. This is a prerequisite for installing MySecureShell via brew. ```shell > ruby -e "$(curl -fsSL https://raw.github.com/Homebrew/homebrew/go/install)" ``` -------------------------------- ### Install MySecureShell on CentOS 6 Source: https://mysecureshell.readthedocs.io/en/latest/installation_os_centos_redhat.html Installs the MySecureShell package using yum after the repository has been added for CentOS 6. ```bash yum install mysecureshell ``` -------------------------------- ### Set Upload Bandwidth Limits Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/upload.html This example demonstrates how to configure upload bandwidth limits for all users and specific admin users. The 'Upload' tag sets the maximum bandwidth in kilobytes per second (k). ```configuration Home /home Upload 100k Home /home Upload 900k ``` -------------------------------- ### MySecureShell Dockerfile Source: https://mysecureshell.readthedocs.io/en/latest/quick_try_docker.html This is the content of the Dockerfile used to build the MySecureShell image. It sets up the necessary repositories, installs packages, creates a user, and configures SSHd. ```dockerfile FROM debian:stable MAINTAINER Pierre Mavro ################## # User Quick Try # ################## RUN echo 'deb http://mysecureshell.free.fr/repository/index.php/debian/7.1 testing main' \ > /etc/apt/sources.list.d/mysecureshell.list RUN echo 'deb-src http://mysecureshell.free.fr/repository/index.php/debian/7.1 testing main' \ >> /etc/apt/sources.list.d/mysecureshell.list RUN gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys E328F22B RUN gpg --export E328F22B | apt-key add - RUN apt-get update RUN DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::="--force-confdef" \ -o Dpkg::Options::="--force-confold" install mysecureshell whois procps openssh-server RUN apt-get clean RUN mkdir /var/run/sshd RUN pass=$(mkpasswd -m sha-512 -s mssuser) && useradd -m -s /usr/bin/mysecureshell -p $pass mssuser RUN echo 'root:root' | chpasswd RUN chmod 4755 /usr/bin/mysecureshell # Start SSHd EXPOSE 22 CMD ["/usr/sbin/sshd", "-D"] ``` -------------------------------- ### Group Configuration Example Source: https://mysecureshell.readthedocs.io/en/latest/tags/parents/group.html This snippet demonstrates how to configure download speed limits for a group of users. It sets a global download limit, a default limit for all parent tags, and a higher limit for users in the 'admins' group. ```config home /home # max download speed for the server GlobalDownload 200M # max download speed for all parent tags Download 5M Download 10M ``` -------------------------------- ### Build MySecureShell Docker Image Source: https://mysecureshell.readthedocs.io/en/latest/quick_try_docker.html Builds the MySecureShell Docker image from a remote Dockerfile. Ensure Docker is installed on your Linux host. ```bash $ docker build -t mysecureshell \ https://raw.githubusercontent.com/mysecureshell/mysecureshell/master/deployment-tools/docker/Dockerfile ``` -------------------------------- ### MySecureShell Vagrantfile Configuration Source: https://mysecureshell.readthedocs.io/en/latest/quick_try_vagrant.html The Vagrantfile defines the virtual machine's box, network settings, and provisioning scripts for installing MySecureShell. ```ruby # -*- mode: ruby -*- # vi: set ft=ruby : # MySecureShell Team # Vagrantfile API/syntax version. Don't touch unless you know what you're doing! VAGRANTFILE_API_VERSION = "2" $install_mss = < /etc/apt/sources.list.d/mysecureshell.list gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys E328F22B gpg --export E328F22B | apt-key add - apt-get update apt-get -y install mysecureshell pass=$(mkpasswd -m sha-512 -s mssuser) useradd -m -s /usr/bin/mysecureshell -p $pass mssuser chmod 4755 /usr/bin/mysecureshell INSTALL $install_mss_dev = < Home /home DisableRemoveFile true ``` -------------------------------- ### Hiding Files and Directories with HideFiles Source: https://mysecureshell.readthedocs.io/en/latest/tags/deprecated/hidefiles.html This example demonstrates how to use the HideFiles tag to hide specific files and directories like 'lost+found' or 'public_html' using regular expressions within the Default context. ```config Home /home HideFiles "^(lost+found|public_html)$" ``` -------------------------------- ### Separate Log Files with LogFile Tag Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/logfile.html Use the LogFile tag to specify distinct log file paths for different configurations. This example shows how to set a default log file and a separate log file for a virtual host. ```config LogFile /var/log/sftp_server.log LogFile /var/log/sftp/www.example.com.log ``` -------------------------------- ### Add MySecureShell Repository for Debian 7 (Wheezy) Source: https://mysecureshell.readthedocs.io/en/latest/installation_os_debian.html Adds the MySecureShell dedicated repository to the sources list for Debian 7. This allows installation of the latest version. ```bash > echo "deb http://mysecureshell.free.fr/repository/index.php/debian/7.1 testing main deb-src http://mysecureshell.free.fr/repository/index.php/debian/7.1 testing main" > /etc/apt/sources.list.d/mysecureshell.list ``` -------------------------------- ### Set Charset to UTF8 Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/charset.html This example demonstrates how to set the Charset to UTF8, which is commonly used for supporting a wide range of characters including special characters and non-Latin alphabets. This configuration is part of the Default settings. ```config Charset "UTF8" ``` -------------------------------- ### Setting Default File and Folder Rights Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/defaultrights.html Configure default permissions for new files and folders. The first value (XXXX) sets file rights, and the second (YYYY) sets folder rights using UNIX numeric notation. This example sets full rights (0777) for all new items. ```configuration Home /home DefaultRights 0777 0777 Home /home/secret DefaultRights 0700 0700 ``` -------------------------------- ### Add MySecureShell Repository for Debian 6 (Squeeze) Source: https://mysecureshell.readthedocs.io/en/latest/installation_os_debian.html Adds the MySecureShell dedicated repository to the sources list for Debian 6. This allows installation of the latest version. ```bash > echo "deb http://mysecureshell.free.fr/repository/index.php/debian/6.0 testing main deb-src http://mysecureshell.free.fr/repository/index.php/debian/6.0 testing main" > /etc/apt/sources.list.d/mysecureshell.list ``` -------------------------------- ### Limit Connections Per IP Address Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/limitconnectionbyip.html This example demonstrates how to limit the total maximum connections to 8 while restricting each IP address to a single connection. This configuration is applied within the Default context. ```nginx Home /home LimitConnection 8 LimitConnectionByIp 1 ``` -------------------------------- ### Vagrantfile for MySecureShell Development Environment Source: https://mysecureshell.readthedocs.io/en/latest/contribute.html This Vagrantfile configures a Debian Wheezy virtual machine with MySecureShell installed and sets up port forwarding and networking. It includes inline shell scripts for provisioning. ```ruby # -*- mode: ruby -*- # vi: set ft=ruby : # MySecureShell Team # Vagrantfile API/syntax version. Don't touch unless you know what you're doing! VAGRANTFILE_API_VERSION = "2" $install_mss = < /etc/apt/sources.list.d/mysecureshell.list gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys E328F22B gpg --export E328F22B | apt-key add - apt-get update apt-get -y install mysecureshell pass=$(mkpasswd -m sha-512 -s mssuser) useradd -m -s /usr/bin/mysecureshell -p $pass mssuser chmod 4755 /usr/bin/mysecureshell INSTALL $install_mss_dev = < CanRemoveDir false CanRemoveDir true ``` -------------------------------- ### Disable Rename for Users Group Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/disablerename.html This example demonstrates how to deny users within the 'users' group the ability to rename files and folders by setting the DisableRename option to true. ```configuration Home /home DisableRename true ``` -------------------------------- ### Hide Public User Permissions Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/dirfakemode.html This example demonstrates how to hide the real permissions of files and folders from public users by setting DirFakeMode to 0777 for the 'public' group. ```configuration Home /home DirFakeMode 0777 ``` -------------------------------- ### Setting Group Expiration Date Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/expiredate.html Example of setting an expiration date for a group of users. Users belonging to this group will not be allowed to connect after the specified date and time. ```ini Home /home ExpireDate "2015-12-25 00:00:00" ``` -------------------------------- ### Hide Dot Files and Folders Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/ignorehidden.html Use this snippet to hide all files and folders that start with a dot (e.g., .DsStore). This configuration is applied within the Default context. ```INI Home /home IgnoreHidden true ``` -------------------------------- ### Set ConnectionMaxLife to 24 Hours Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/connectionmaxlife.html This example demonstrates setting the default maximum connection time to 24 hours. The 'admins' group is explicitly set to unlimited connections (0), and 'managers' group inherits the default settings. ```configuration Home /home ConnectionMaxLife 24h ConnectionMaxLife 0 Home /home/managers ``` -------------------------------- ### Force SFTP Protocol Version 3 for a Group Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/sftpprotocol.html This example demonstrates how to configure MySecureShell to use SFTP protocol version 3 for users in the 'oldclients' group, while all other users default to version 4. Ensure the group is defined in your configuration. ```configuration Home /home SftpProtocol 4 SftpProtocol 3 ``` -------------------------------- ### Example of GMTTime Configuration Source: https://mysecureshell.readthedocs.io/en/latest/tags/deprecated/gmttime.html This snippet shows how to configure the GMTTime tag within a Default block to set a GMT offset of +1 hour. This tag is no longer valid in versions 1.25 and later. ```config Home /home GMTTime +1 ``` -------------------------------- ### Limit Simultaneous Opened Files for a User Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/maxopenfilesforuser.html Use this snippet to set a limit on the number of simultaneous opened files for a specific user. The example limits the user to 5 opened files. ```config Home /home MaxOpenFilesForUser 5 ``` -------------------------------- ### Disable Group Accounts Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/disableaccount.html This example demonstrates how to disable accounts for a group of users by setting DisableAccount to false within the group configuration. This setting prevents new connections for users in this group. ```configuration Home /home DisableAccount false ``` -------------------------------- ### Restrict Bash Shell to Admins Group Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/shell.html This example demonstrates how to restrict shell access to only the '/bin/bash' shell for users belonging to the 'admins' group. It also sets the default home directory for all users. ```shell Home /home Shell /bin/bash ``` -------------------------------- ### Display sftp-user command help Source: https://mysecureshell.readthedocs.io/en/latest/usages_admin.html View the available options and usage instructions for the `sftp-user` command by running `sftp-user --help`. ```bash > sftp-user --help Usage 1: sftp-user create [user] [hide user] Usage 2: sftp-user delete [user] Usage 3: sftp-user list Usage 4: sftp-user hide [user] [hide] (Mac OS X Only) Options Choices Descriptions user Username User Name hide user 1/0 hide user from login panel and user managements (Max OS X Only) delete home 1/0 Remove user Home directory hide 1/0 Hide/Unhide (Mac OS X Only) ``` -------------------------------- ### Enable Home Directory Creation Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/create_home.html Use this snippet to ensure that a user's home directory is created if it does not already exist. This is useful for environments where home directories are not pre-provisioned. ```config Home /home CreateHome true ``` -------------------------------- ### Build Documentation Locally Source: https://mysecureshell.readthedocs.io/en/latest/contribute.html Use this command within the _doc_ folder to generate HTML documentation after making modifications. This command invokes Sphinx to build the documentation. ```bash $ make html sphinx-build -b html -d build/doctrees source build/html Running Sphinx v1.2.2 loading pickled environment... done loading intersphinx inventory from http://docs.python.org/objects.inv... building [html]: targets for 1 source files that are out of date updating environment: 0 added, 1 changed, 0 removed reading sources... [100%] contribute looking for now-outdated files... 77 found pickling environment... done checking consistency... done preparing documents... done writing output... [100%] usages_user writing additional files... genindex search copying images... [100%] images/logo_ubuntu.png copying static files... done copying extra files... done dumping search index... done dumping object inventory... done build succeeded, 1 warning. Build finished. The HTML pages are in build/html. ``` -------------------------------- ### Include Configuration File in Default Context Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/include.html Demonstrates how to include an additional configuration file within the default MySecureShell configuration. Ensure the specified include file exists and contains valid MySecureShell directives. ```config Home /home Include /etc/ssh/mysecureshell/my_sftp_config_file ``` -------------------------------- ### Basic User Configuration Source: https://mysecureshell.readthedocs.io/en/latest/configuration_usecases.html Configure default user settings, admin privileges, and group restrictions for home directory access, download, and upload speeds. ```ini # For all users, they will have access to their own home directory Home /home/$USER # This user can have advanced rights to manage MySecureShell from the CLI IsAdmin true # Force users to stay in their home directory StayAtHome true # Limit their download speed to 128k Download 128k # Limit their upload speed to 16k Upload 16k ``` -------------------------------- ### Multi-Website Administration Configuration Source: https://mysecureshell.readthedocs.io/en/latest/configuration_usecases.html Set up global and user-specific bandwidth limits, connection restrictions, idle timeouts, and file/directory permissions for managing multiple websites. ```ini # For all users, they will have access to their own home directory Home /home/$USER # Force users to stay in their home directory VirtualChroot true # Set global download for the server to 100m GlobalDownload 100m # Set global upload for the server to 100m GlobalUpload 100m # Limit user download speed to 1m Download 1m # Limit user upload speed to 1m Upload 1m # Limit 6 users per IP LimitConnectionByIP 6 # We limit a user up to 2 simultaneous connections LimitConnectionByUser 2 # We do not want users to keep forever their idle connection IdleTimeOut 10m # Force user and group to apache daemon username # to avoid rights issues ForceUser www-data ForceGroup www-data # We do not want users to be able to set execution files MaximumRights 0640 0750 # We do not want users to be able to change file attributes DisableSetAttribute true # Set home directory for this virtualhost Home /var/www/sites/www.example.com # Set dedicated log file LogFile /var/log/sftp/www.example.com # Set home directory for this virtualhost Home /var/www/sites/www.exemple.fr # Set dedicated log file LogFile /var/log/sftp/www.example.com # Override the maximum number of connection per user LimitConnectionByUser 4 ``` -------------------------------- ### Configure Default and Group Home Directories Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/home.html Define the default home directory for all users and specific home directories for members of a group. The 'Home' directive specifies the path. ```configuration Home /home/$USER Home /mnt/nfs/secret/$USER Home / ``` -------------------------------- ### Add MySecureShell Repository for CentOS 5 Source: https://mysecureshell.readthedocs.io/en/latest/installation_os_centos_redhat.html Adds the MySecureShell repository configuration to yum for CentOS 5. This allows installation of the latest MySecureShell version. ```bash echo "[mysecureshell] name=MySecureShell baseurl=http://mysecureshell.free.fr/repository/index.php/centos/5.5/ enabled=1 gpgcheck=0" > /etc/yum.repos.d/mysecureshell.repo ``` -------------------------------- ### Import GPG Repository Key Source: https://mysecureshell.readthedocs.io/en/latest/installation_os_ubuntu.html Import the GPG key for the MySecureShell repository. This is a prerequisite for adding the repository. ```bash > apt-key adv --keyserver pool.sks-keyservers.net --recv-keys E328F22B ``` -------------------------------- ### Add MySecureShell Repository for CentOS 6 Source: https://mysecureshell.readthedocs.io/en/latest/installation_os_centos_redhat.html Adds the MySecureShell repository configuration to yum for CentOS 6. This allows installation of the latest MySecureShell version. ```bash echo "[mysecureshell] name=MySecureShell baseurl=http://mysecureshell.free.fr/repository/index.php/centos/6.4/ enabled=1 gpgcheck=0" > /etc/yum.repos.d/mysecureshell.repo ``` -------------------------------- ### Compile MySecureShell Source: https://mysecureshell.readthedocs.io/en/latest/installation_source.html Launch the compilation process for MySecureShell using the make all command. ```bash $ make all ``` -------------------------------- ### Limit Simultaneous Unauthenticated Connections Source: https://mysecureshell.readthedocs.io/en/latest/faq.html Control the number of concurrent unauthenticated connections by setting the MaxStartups value in the sshd_config file. This example limits connections to 5. ```bash MaxStartups 5 ``` -------------------------------- ### Create a new user Source: https://mysecureshell.readthedocs.io/en/latest/usages_admin.html Use the `sftp-user create` command to add a new user and set their password. This command also associates the MySecureShell shell with the new user. ```bash > sftp-user create mssuser /home/mssuser Enter password: ``` -------------------------------- ### Disable Directory Reading for a Group Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/disablereaddir.html This example denies users in the 'users' group the ability to read directory contents. Ensure the 'users' group is defined in your configuration. ```configuration Home /home DisableReadDir true ``` -------------------------------- ### Allowing Image Files with PathAllowFilter Source: https://mysecureshell.readthedocs.io/en/latest/tags/deprecated/pathallowfilter.html Use PathAllowFilter to restrict access to specific file extensions, such as images. This example shows how to allow only JPG, PNG, and GIF files. ```config Home /home PathAllowFilter "^*.(jpg|png|gif)$" ``` -------------------------------- ### Disable Set Attribute for Group Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/disablesetattribute.html This example denies users in the 'users' group the ability to modify file and folder attributes. Ensure the group is correctly defined in your configuration. ```configuration Home /home DisableSetAttribute true ``` -------------------------------- ### Testing Date Format with date command Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/expiredate.html Demonstrates how to test date format using the 'date' command in a shell environment. This is useful for verifying the strftime format required by the ExpireDate tag. ```bash $ echo $(date '+%Y-%m-%d %H:%M:%S') 2014-08-15 15:21:19 ``` -------------------------------- ### Deny Directory Removal for Users Group Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/disableremovedir.html This example configures MySecureShell to prevent users belonging to the 'users' group from removing directories. Ensure the group is correctly defined in your configuration. ```configuration Home /home DisableRemoveDir true ``` -------------------------------- ### Execute 'env' command on file download Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/callbackdownload.html Use this snippet to log environment variables when a file is downloaded. The 'env' command is executed by the server. ```shell CallbackDownload "env" ``` -------------------------------- ### Run MySecureShell Docker Container Source: https://mysecureshell.readthedocs.io/en/latest/quick_try_docker.html Launches the MySecureShell Docker container in detached mode, mapping host port 22222 to container port 22. This command starts the service. ```bash $ docker run -d -p 22222:22 mysecureshell ``` -------------------------------- ### Configure Global and User Upload Limits Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/globalupload.html This snippet demonstrates setting a global maximum upload bandwidth for the server to 1M and a user-specific upload limit to 100k. Use this configuration to manage overall server upload capacity and individual user constraints. ```configuration Home /home GlobalUpload 1M Upload 100k ``` -------------------------------- ### Dockerfile for MySecureShell Development Environment Source: https://mysecureshell.readthedocs.io/en/latest/contribute.html This Dockerfile sets up a Debian-based environment with all necessary packages, sources, and dependencies for developing MySecureShell. It includes system packages, development tools, and Python packages for documentation. ```docker FROM debian:unstable MAINTAINER Pierre Mavro ################## # User Quick Try # ################## RUN apt-get update RUN DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::="--force-confdef" \ -o Dpkg::Options::="--force-confold" install whois procps openssh-server RUN mkdir /var/run/sshd RUN echo 'root:root' | chpasswd ####### # DEV # ####### RUN apt-get update RUN apt-get -y install git RUN git clone https://github.com/mysecureshell/mysecureshell.git RUN apt-get -y install libacl1-dev libgnutls28-dev gcc make RUN apt-get -y install build-essential fakeroot lintian devscripts debhelper ubuntu-dev-tools \ cowbuilder autotools-dev RUN apt-get -y install sphinx-doc sphinx-common python3-sphinx libjs-sphinxdoc \ python-pip texlive-latex-base texlive-latex-recommended texlive-latex-extra texlive-fonts-recommended RUN apt-get clean RUN pip install sphinx_rtd_theme # Start SSHd EXPOSE 22 CMD ["/usr/sbin/sshd", "-D"] ``` -------------------------------- ### Set Global and User Download Limits Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/globaldownload.html Configure the maximum download bandwidth for the entire server and for individual users. The GlobalDownload value sets the server-wide limit, while the Download tag sets the limit for the current context (e.g., a specific user). ```configuration Home /home GlobalDownload 1M Download 100k ``` -------------------------------- ### Applying FileSpecs in Default Configuration Source: https://mysecureshell.readthedocs.io/en/latest/tags/parents/filespec.html This snippet shows how to apply multiple FileSpec filters, OnlyDataAndHome and AllowedExtensions, to the default configuration. Filters are applied in the order specified, separated by commas. ```config ApplyFileSpec OnlyDataAndHome,AllowedExtensions ``` -------------------------------- ### Enable ShowLinksAsLinks Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/showlinksaslinks.html This snippet demonstrates how to enable the ShowLinksAsLinks option within the Default configuration context. Set ShowLinksAsLinks to true to prevent users from seeing if folders and files are symbolic links. ```config Home /home ShowLinksAsLinks true ``` -------------------------------- ### Connect to MySecureShell via SFTP Source: https://mysecureshell.readthedocs.io/en/latest/quick_try_vagrant.html Connect to the MySecureShell instance running on the virtual machine using SFTP. Use 'mssuser' for both username and password. ```bash $ sftp mssuser@192.168.33.10 ``` ```bash mssuser@192.168.33.10's password: Connected to 192.168.33.10. sftp> ls sftp> pwd Remote working directory: / ``` -------------------------------- ### List available users Source: https://mysecureshell.readthedocs.io/en/latest/usages_admin.html The `sftp-user list` command displays all users currently managed by MySecureShell. ```bash > sftp-user list mssuser ``` -------------------------------- ### Enable VirtualChroot for All Users Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/virtualchroot.html This snippet enables the VirtualChroot feature for all users by setting the VirtualChroot option to true within the Default context. Ensure the Home directory is correctly specified. ```configuration Home /home VirtualChroot true ``` -------------------------------- ### FileSpec to Allow Specific Directories Source: https://mysecureshell.readthedocs.io/en/latest/tags/parents/filespec.html This FileSpec, named OnlyDataAndHome, enforces access only to directories starting with /data or /home. It evaluates the full absolute path and processes Allow rules before Deny rules. ```config # Here, we check against the full absolute path # instead of just the filename or foldername UseFullPath true # We define the order in which paths are evaluated Order AllowDeny # Allow any full path that starts with /data or /home Allow "^/(data|home)" Deny all ``` -------------------------------- ### Enable HideNoAccess in Default Context Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/hidenoaccess.html This snippet demonstrates how to enable the HideNoAccess functionality within the Default configuration context. It ensures that unauthorized files and folders are hidden from users. ```apache home /home HideNoAccess true ``` -------------------------------- ### DirFakeUser Configuration Example Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/dirfakeuser.html This configuration hides file and folder owner names from all users except the admin. The DirFakeUser option is set to true by default for all users and then explicitly set to false for the 'admin' user. ```INI Home /home DirFakeUser true DirFakeUser false ``` -------------------------------- ### Import MySecureShell GPG Key for Debian 7 (Wheezy) Source: https://mysecureshell.readthedocs.io/en/latest/installation_os_debian.html Imports the GPG repository key for MySecureShell on Debian 7. This is necessary to verify the authenticity of packages from the added repository. ```bash > gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys E328F22B > gpg --export E328F22B | apt-key add - ``` -------------------------------- ### Disable Overwriting for a User Group Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/disableoverwrite.html This example demonstrates how to prevent users within the 'users' group from overwriting existing files. The DisableOverwrite tag is set to true within the group's configuration block. ```configuration Home /home DisableOverwrite true ``` -------------------------------- ### Verify User Entry with getent Source: https://mysecureshell.readthedocs.io/en/latest/faq.html Use the `getent passwd` command to verify if a user entry exists and retrieve its details. This is a crucial step before modifying user shells for alternative authentication. ```bash $ getent passwd username username:x:1000:1000:username,,,:/home/username:/usr/bin/zsh ``` -------------------------------- ### Set Download Bandwidth Limits Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/download.html Configure default download bandwidth for all users and a higher limit for specific users (e.g., 'admin'). This snippet shows how to apply different download limits based on user context. ```config Home /home Download 100k Home /home Download 900k ``` -------------------------------- ### Build Docker Image for MySecureShell Development Source: https://mysecureshell.readthedocs.io/en/latest/contribute.html Command to build the Docker image named 'mysecureshelldev' from the Dockerfile located at the specified URL. ```bash $ docker build -t mysecureshelldev \ https://raw.githubusercontent.com/mysecureshell/mysecureshell/master/deployment-tools/docker/dev/Dockerfile ``` -------------------------------- ### Connect to Vagrant VM via SSH Source: https://mysecureshell.readthedocs.io/en/latest/quick_try_vagrant.html Use this command to establish an SSH connection to your Vagrant virtual machine. Ensure you are in the directory containing your Vagrantfile. ```bash $ vagrant ssh ``` -------------------------------- ### Enable Syslog Logging Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/logsyslog.html Use this snippet to enable syslog logging by setting the LogSyslog option to true within the relevant configuration block. ```configuration Home /home LogSyslog true ``` -------------------------------- ### Check SSH Port Connectivity Source: https://mysecureshell.readthedocs.io/en/latest/faq.html Use `nc` (netcat) to verify if the SSH port on your SFTP server is open and reachable. Replace `your_sftp_server` with the actual server address and `22` with your SSH port if it's non-standard. ```bash > nc -v your_sftp_server 22 Connection to localhost 22 port [tcp/ssh] succeeded! ``` -------------------------------- ### SSH into the Virtual Machine and Check Connected Users Source: https://mysecureshell.readthedocs.io/en/latest/quick_try_vagrant.html Access the virtual machine via SSH to run commands. Use 'sudo sftp-who' to view currently connected SFTP users and their details. ```bash $ vagrant ssh $ sudo sftp-who ``` ```bash --- 1 / 10 clients --- Global used bandwith : 0 bytes/s / 0 bytes/s PID: 3389 Name: mssuser IP: Home: /home/mssuser Status: idle Path: / File: Connected: 2014/08/19 15:38:27 [since 10s] Speed: Download: 0 bytes/s [5.00 kbytes/s] Upload: 0 bytes/s [unlimited] Total: Download: 1398 bytes Upload: 141 bytes ``` -------------------------------- ### Set Minimum File and Folder Rights Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/maximumrights.html Sets the minimum permissions for files to 0644 and for folders to 0770. This restricts file executability and limits folder access to owner and group. ```configuration Home /home MinimumRights 0644 0770 ``` -------------------------------- ### Execute custom script on file download Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/callbackdownload.html This snippet demonstrates calling a custom script upon successful file download. The script receives the path of the downloaded file as an argument. ```shell CallbackDownload "/bin/my-script.sh $LAST_FILE_PATH" ``` -------------------------------- ### Add MySecureShell Repository for Ubuntu 10.10 Source: https://mysecureshell.readthedocs.io/en/latest/installation_os_ubuntu.html Add the MySecureShell repository line for Ubuntu 10.10 to your system's sources. This allows apt to find the MySecureShell package. ```bash > add-apt-repository 'deb http://mysecureshell.free.fr/repository/index.php/ubuntu/10.10 testing main' ``` -------------------------------- ### Granting Simple Admin Rights to a Group Source: https://mysecureshell.readthedocs.io/en/latest/tags/childs/issimpleadmin.html This snippet demonstrates how to grant IsSimpleAdmin privileges to a group named 'simpleadmins'. It requires the Default and Group configurations to be set up. ```configuration Home /home IsSimpleAdmin true ``` -------------------------------- ### Add MySecureShell Repository for Fedora 17 Source: https://mysecureshell.readthedocs.io/en/latest/installation_os_fedora.html This command adds the MySecureShell repository configuration for Fedora 17 to the system. It creates or overwrites the /etc/yum.repos.d/mysecureshell.repo file. ```bash > echo "[mysecureshell] name=MySecureShell baseurl=http://mysecureshell.free.fr/repository/index.php/fedora/17/ enabled=1 gpgcheck=0" > /etc/yum.repos.d/mysecureshell.repo ``` -------------------------------- ### MySecureShell Admin Commands Source: https://mysecureshell.readthedocs.io/en/latest/usages_admin.html Connect to MySecureShell as an administrator via SSH to access remote control features. Use the 'help' command to see available actions. ```bash > sftp-admin admin@sftp.example.com admin@sftp.example.com's password: > help Usage: kill [0 or PID] : kill user with PID or 0 to kill all users list : list online users log [x bytes] : show last x bytes of log quit : quit program server [start or stop] : start or stop server ```