#StackBounty: #linux #command-line #ssh #centos-7 #scp How to setup scp with custom parameters?

Bounty: 50

I want to setup a centos server from where users can copy files using their user id, password and a key. Based on the unique key I want to give the user access to multiple files. Have figured out a way to setup the user authentication part with MySQL.

So the command should look something like this:

scp your_username@remotehost.edu:foobar.txt someKey 

But cannot figure out how to serve multiple files based on a somekey/ String.

Is there a way to setup this?


Get this bounty!!!

#StackBounty: #ssh #apache-httpd #sshd #sftp #chroot Give a SFTP access + a Apache hosting to someone else

Bounty: 100

I would like to:

  • give a SFTP access to a friend to his directory /home/friend on my server
  • give him a web hosting with Apache in /home/friend/www/
  • not allow him to visit /etc/ and similar directories (solved now), and not allow him to visit my own user’s home /home/me (not solved for now)

To do this:

  • I created adduser friend

  • I added an Apache VirtualHost for him:
    <VirtualHost *:80>
        ServerName hiswebsite.com
        DocumentRoot /home/friend/www
        ...
    </VirtualHost>
    

    and service apache2 restart.

  • I “jailed” the SFTP/SSH access:

    PermitRootLogin yes
    ChallengeResponseAuthentication no
    UsePAM yes
    X11Forwarding yes
    PrintMotd no
    AcceptEnv LANG LC_*
    PasswordAuthentication yes
    GatewayPorts yes
    Subsystem sftp internal-sftp
    Match User friend
    ChrootDirectory /home/
    ForceCommand internal-sftp
    

    and service sshd restart.

Problems:

  1. friend now cannot go out of /home/ (this is good), but he can still go to /home/me/ and read the files inside! How to only give him access to /home/friend/ and nothing else? This does not seem possible because:

    ChrootDirectory
    Specifies the pathname of a directory to chroot(2) to after authentication.
    All components of the pathname must be root-owned directories that are not writable by any other user or group.

  2. Should I
    • add user friend to group www-data?
    • or add user www-data to group friend?
    • or another user/group setting?

      to allow Apache to serve the files, and PHP to have write access to /home/friend/www/? Let’s say there is a file uploader on his website: PHP needs to write in this directory. Which permissions to give to /home/friend and /home/me?


Linked topics:

https://serverfault.com/questions/6895/whats-the-best-way-of-handling-permissions-for-apache-2s-user-www-data-in-var

What permissions should my website files/folders have on a Linux webserver?


Get this bounty!!!

#StackBounty: #ubuntu #ssh #networking ssh packet_write_wait immediately after login

Bounty: 50

I enter ssh username@xxx.xxx.xxx.xxx and click enter, then enter password and got packet_write_wait: Connection to xxx.xxx.xxx.xxx port 22: Broken pipe

Sometimes I can login, but it then writes same thing after some time (also random time).
I thought that it is something with my network, but I can login to another server without any issues.

What is the problem with the server and how to fix it?
I also don’t exclude the possibility that something is wrong with my network.

I’m on Ubuntu 18.

When ssh .... fails, I sometimes can login with ssh -o IPQoS=throughput ...


Get this bounty!!!

#StackBounty: #github #ssh #deployment #docker-compose #vps How to deploy docker-compose solution automatically from github to vps over…

Bounty: 50

What I want to do:
Deploy docker-compose solution from Github to my virtual private server which has docker and docker-compose installed.

I saw that there are Github Actions that allow me to copy files over SSH after push to master, but I don’t know how to run docker-compose up on my server after source has been copied.

On my VPS I have Ubuntu 18.4 installed.


Get this bounty!!!

#StackBounty: #symfony #ssh #deployment #symfony4 Deploying a symfony 4 project to digital ocean

Bounty: 100

I’m new to deploying frameworks and I’ve been reading on Symfony’s site to understand how to deploy a project to my production server. I found that it gives information but not for someone who’s new to the process (I feel like these documents are written for people who know, but not for people who are learning).

The process I’ve created was once a github repo is updated, it will push the files to the server (using deployhq.com) and immediately I change the .env file to ensure APP_ENV=prod APP_DEBUG=false are placed.

Then after pushing all of the files to the server, I then run the SSH command of

cd /var/www/projectfolder/ <-- move to the directory of the project
bin/console make:migration <--- set up migrations
bin/console doctrine:migrations:migrate <-- run migration
bin/console cache:clear <-- clear cache

Although after this, I know I still need to build the application. Currently I leave the /public/build folder intact, but I know that’s not the right way of doing it. How do I enable the build after all of the SSH commands go through? Also is that all it takes for the process to take hold? What am I missing, or what can I do to make things more efficient?

— EDIT —

SSH command after everything is uploaded:

cd /var/www/upr/
bin/console make:migration
bin/console doctrine:migrations:migrate
bin/console cache:clear

composer install
composer update
yarn encore production

Error returned:

Executing Migrate DB + clear cache [cd /var/www/upr/ bin/console make:migration bin/console doctrine:migrations:migrate bin/console cache:clear composer install composer update yarn encore production]


[33mIn ComposerAutoloaderFinder.php line 30:[39m
[37;41m                                                                               [39;49m
[37;41m  Too few arguments to function SymfonyBundleMakerBundleUtilComposerAutol  [39;49m
[37;41m  oaderFinder::__construct(), 0 passed in /var/www/upr/var/cache/dev/Containe  [39;49m
[37;41m  rR3GslC4/getMaker_FileManagerService.php on line 14 and exactly 1 expected   [39;49m
[37;41m                                                                               [39;49m


[33mIn AbstractMySQLDriver.php line 93:[39m
[37;41m                                                                              [39;49m
[37;41m  An exception occurred in driver: SQLSTATE[HY000] [2002] Connection refused  [39;49m
[37;41m                                                                              [39;49m

[33mIn PDOConnection.php line 31:[39m
[37;41m                                             [39;49m
[37;41m  SQLSTATE[HY000] [2002] Connection refused  [39;49m
[37;41m                                             [39;49m

[33mIn PDOConnection.php line 27:[39m
[37;41m                                             [39;49m
[37;41m  SQLSTATE[HY000] [2002] Connection refused  [39;49m
[37;41m                                             [39;49m

[32mdoctrine:migrations:migrate [--write-sql [WRITE-SQL]] [--dry-run] [--query-time] [--allow-no-migration] [--all-or-nothing [ALL-OR-NOTHING]] [--configuration [CONFIGURATION]] [--db-configuration [DB-CONFIGURATION]] [--db DB] [--em EM] [--shard SHARD] [-h|--help] [-q|--quiet] [-v|vv|vvv|--verbose] [-V|--version] [--ansi] [--no-ansi] [-n|--no-interaction] [-e|--env ENV] [--no-debug] [--] [39m[32m<command>[39m[32m [[39m[32m<version>[39m[32m][39m


[39;49m // [39;49mClearing the cache for the [32mdev[39m environment with debug                       
[39;49m // [39;49m[32mfalse[39m                                                                       

[30;42m                                                                                [39;49m
[30;42m [OK] Cache for the "dev" environment (debug=false) was successfully cleared.   [39;49m
[30;42m                                                                                [39;49m

[32mRestricting packages listed in "symfony/symfony" to "4.3.*"[39m
[32mLoading composer repositories with package information[39m
[32mInstalling dependencies (including require-dev) from lock file[39m
Nothing to install or update
[32mGenerating autoload files[39m
[32mocramius/package-versions:[39m  Generating version class...
[32mocramius/package-versions:[39m ...done generating version class
Executing script cache:clear [37;41m[KO][39;49m
 [37;41m[KO][39;49m
[37;41mScript cache:clear returned with error code 1[39;49m
!!  
!!  [33mIn Filesystem.php line 184:[39m
!!  [37;41m                                                                               [39;49m
!!  [37;41m  Failed to remove file "/var/www/upr/var/cache/de~/pools/tk0FFT-9np/Z/W/+B7X  [39;49m
!!  [37;41m  EZBKB53ED8EueQlA": unlink(/var/www/upr/var/cache/de~/pools/tk0FFT-9np/Z/W/+  [39;49m
!!  [37;41m  B7XEZBKB53ED8EueQlA): Permission denied.                                     [39;49m
!!  [37;41m                                                                               [39;49m
!!  
!!  [32mcache:clear [--no-warmup] [--no-optional-warmers] [-h|--help] [-q|--quiet] [-v|vv|vvv|--verbose] [-V|--version] [--ansi] [--no-ansi] [-n|--no-interaction] [-e|--env ENV] [--no-debug] [--] [39m[32m<command>[39m
!!  
!!  
[37;41mScript @auto-scripts was called via post-install-cmd[39;49m
[32mRestricting packages listed in "symfony/symfony" to "4.3.*"[39m
[32mLoading composer repositories with package information[39m
[32mUpdating dependencies (including require-dev)[39m
[30;43mEnable the "cURL" PHP extension for faster downloads[39;49m

[32mPrefetching 90 packages[39m 🎶
  - Downloading ([33m0%[39m) ([33m5%[39m) ([33m10%[39m) ([33m15%[39m) ([33m17%[39m) ([33m22%[39m) ([33m28%[39m) ([33m33%[39m) ([33m38%[39m) ([33m43%[39m) ([33m48%[39m) ([33m54%[39m) ([33m59%[39m) ([33m64%[39m) ([33m69%[39m) ([33m70%[39m) ([33m75%[39m) ([33m80%[39m) ([33m85%[39m) ([33m100%[39m)

[32mPackage operations: 0 installs, 93 updates, 2 removals[39m
  - Removing [32msymfony/contracts[39m ([33mv1.1.0[39m)
[37;41mThe following exception is caused by a lack of memory or swap, or not having swap configured[39;49m
[37;41mCheck https://getcomposer.org/doc/articles/troubleshooting.md#proc-open-fork-failed-errors for details[39;49m

PHP Warning:  proc_open(): fork failed - Cannot allocate memory in phar:///usr/local/bin/composer/vendor/symfony/console/Application.php on line 952

Warning: proc_open(): fork failed - Cannot allocate memory in phar:///usr/local/bin/composer/vendor/symfony/console/Application.php on line 952
[37;41m                                                     [39;49m
[37;41m  [ErrorException]                                   [39;49m
[37;41m  proc_open(): fork failed - Cannot allocate memory  [39;49m
[37;41m                                                     [39;49m

[32mupdate [--prefer-source] [--prefer-dist] [--dry-run] [--dev] [--no-dev] [--lock] [--no-custom-installers] [--no-autoloader] [--no-scripts] [--no-progress] [--no-suggest] [--with-dependencies] [--with-all-dependencies] [-v|vv|vvv|--verbose] [-o|--optimize-autoloader] [-a|--classmap-authoritative] [--apcu-autoloader] [--ignore-platform-reqs] [--prefer-stable] [--prefer-lowest] [-i|--interactive] [--root-reqs] [--] [[39m[32m<packages>[39m[32m]...[39m

bash: line 7: yarn: command not found
An error occurred executing Migrate DB + clear cache [Exit code: 127]


Get this bounty!!!

#StackBounty: #ssh #kerberos #mitkerberos How to set Openssh and Mit kerberos (from windows to linux server)?

Bounty: 50

I need to connect through openssh from windows to a linux server using a kerberos ticket.
I got the bin file from:
https://github.com/NoMoreFood/openssh-portable/releases/tag/v7.9-sspi

Through my company login UI, I obtain the ticket using MIT Kerberos. If I Run

klist

this is the output

Ticket cache: FILE:C:UsersTest....host.domain.subdomain.local
Default principal: USER@REALM

Valid starting     Expires            Service principal
09/23/19 16:18:53  09/23/19 19:18:53  krbtgt/REALM@REALM
09/23/19 16:18:56  09/23/19 19:18:53  krbtgt/DOMAIN@REALM
09/23/19 16:18:56  09/23/19 19:18:53  host/host.domain.subdomain.local@DOMAIN

With Putty I have no problem to connect.
So I tried with openssh binary:

ssh -Kvvv USER@HOST

where the config file is

Host HOST
    GSSAPIDelegateCredentials yes
    GSSAPIAuthentication yes

I reach the server but it asks me the password and doesn’t send the kerberos ticket

And this is the log

OpenSSH_for_Windows_7.9p1, LibreSSL 2.6.4
debug1: Reading configuration data C:\Users\Test/.ssh/config
debug1: C:\Users\Test/.ssh/config line 7: Applying options for HOST
debug3: Failed to open file:C:/ProgramData/ssh/ssh_config error:2
debug2: resolving HOST port 22
debug2: ssh_connect_direct
debug1: Connecting to HOST [ip] port 22.
debug1: Connection established.
debug3: Failed to open file:C:/Users/Test/.ssh/id_rsa error:2
debug3: Failed to open file:C:/Users/Test/.ssh/id_rsa.pub error:2
debug1: identity file C:\Users\Test/.ssh/id_rsa type -1
debug3: Failed to open file:C:/Users/Test/.ssh/id_rsa-cert error:2
debug3: Failed to open file:C:/Users/Test/.ssh/id_rsa-cert.pub error:2
debug1: identity file C:\Users\Test/.ssh/id_rsa-cert type -1
debug3: Failed to open file:C:/Users/Test/.ssh/id_dsa error:2
debug3: Failed to open file:C:/Users/Test/.ssh/id_dsa.pub error:2
debug1: identity file C:\Users\Test/.ssh/id_dsa type -1
debug3: Failed to open file:C:/Users/Test/.ssh/id_dsa-cert error:2
debug3: Failed to open file:C:/Users/Test/.ssh/id_dsa-cert.pub error:2
debug1: identity file C:\Users\Test/.ssh/id_dsa-cert type -1
debug3: Failed to open file:C:/Users/Test/.ssh/id_ecdsa error:2
debug3: Failed to open file:C:/Users/Test/.ssh/id_ecdsa.pub error:2
debug1: identity file C:\Users\Test/.ssh/id_ecdsa type -1
debug3: Failed to open file:C:/Users/Test/.ssh/id_ecdsa-cert error:2
debug3: Failed to open file:C:/Users/Test/.ssh/id_ecdsa-cert.pub error:2
debug1: identity file C:\Users\Test/.ssh/id_ecdsa-cert type -1
debug3: Failed to open file:C:/Users/Test/.ssh/id_ed25519 error:2
debug3: Failed to open file:C:/Users/Test/.ssh/id_ed25519.pub error:2
debug1: identity file C:\Users\Test/.ssh/id_ed25519 type -1
debug3: Failed to open file:C:/Users/Test/.ssh/id_ed25519-cert error:2
debug3: Failed to open file:C:/Users/Test/.ssh/id_ed25519-cert.pub error:2
debug1: identity file C:\Users\Test/.ssh/id_ed25519-cert type -1
debug3: Failed to open file:C:/Users/Test/.ssh/id_xmss error:2
debug3: Failed to open file:C:/Users/Test/.ssh/id_xmss.pub error:2
debug1: identity file C:\Users\Test/.ssh/id_xmss type -1
debug3: Failed to open file:C:/Users/Test/.ssh/id_xmss-cert error:2
debug3: Failed to open file:C:/Users/Test/.ssh/id_xmss-cert.pub error:2
debug1: identity file C:\Users\Test/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_7.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to HOST:22 as USER
debug3: hostkeys_foreach: reading file "C:\Users\Test/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file C:\Users\Test/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from HOST
debug3: Failed to open file:C:/Users/Test/.ssh/known_hosts2 error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug3: order_hostkeyalgs: prefer hostkeyalgs: [..]
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: [...]
debug2: host key algorithms: [...]
debug2: ciphers ctos: [...]
debug2: ciphers stoc: [...]
debug2: MACs ctos: [...]
debug2: MACs stoc: [...]
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: [...]
debug2: host key algorithms: [...]
debug2: ciphers ctos: [...]
debug2: ciphers stoc: [...]
debug2: MACs ctos: [...]
debug2: MACs stoc: [...]
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: [...]
debug3: hostkeys_foreach: reading file "C:\Users\Test/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file C:\Users\Test/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from HOST
debug3: Failed to open file:C:/Users/Test/.ssh/known_hosts2 error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug3: hostkeys_foreach: reading file "C:\Users\Test/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file C:\Users\Test/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from IP
debug3: Failed to open file:C:/Users/Test/.ssh/known_hosts2 error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug1: Host HOST is known and matches the ECDSA host key.
debug1: Found key in C:\Users\Test/.ssh/known_hosts:1
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug3: unable to connect to pipe \\.\pipe\openssh-ssh-agent, error: 2
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
debug1: Will attempt key: C:\Users\Test/.ssh/id_rsa
debug1: Will attempt key: C:\Users\Test/.ssh/id_dsa
debug1: Will attempt key: C:\Users\Test/.ssh/id_ecdsa
debug1: Will attempt key: C:\Users\Test/.ssh/id_ed25519
debug1: Will attempt key: C:\Users\Test/.ssh/id_xmss
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 53
debug3: input_userauth_banner
+-----------------------------------------------------------------+
+-----------------------------------------------------------------+
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: GSS_S_FAILURE
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: C:\Users\Test/.ssh/id_rsa
debug3: no such identity: C:\Users\Test/.ssh/id_rsa: No such file or directory
debug1: Trying private key: C:\Users\Test/.ssh/id_dsa
debug3: no such identity: C:\Users\Test/.ssh/id_dsa: No such file or directory
debug1: Trying private key: C:\Users\Test/.ssh/id_ecdsa
debug3: no such identity: C:\Users\Test/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: C:\Users\Test/.ssh/id_ed25519
debug3: no such identity: C:\Users\Test/.ssh/id_ed25519: No such file or directory
debug1: Trying private key: C:\Users\Test/.ssh/id_xmss
debug3: no such identity: C:\Users\Test/.ssh/id_xmss: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
debug3: failed to open file:C:/dev/tty error:3
debug1: read_passphrase: can't open /dev/tty: No such file or directory
USER@HOST's password:   


Get this bounty!!!

#StackBounty: #bash #ubuntu #ssh #arch-linux #vim Why can't I use tab for autocompletion in neovim over SSH?

Bounty: 50

When used locally on arch I can easily use tab for auto completion in vim when e.g. filling in a path with deoplete. If I SSH to this computer from my laptop then tab still works for completion. But if I SSH from this computer to an Ubuntu 18.04 (or any version I think) machine then when I type tab it simply inserts a tab. What is causing this issue and how can I fix it so I can use tab over SSH when connected to an Ubuntu server?

All machines I mentioned are also running the exact same vimrc and are all using neovim.


Get this bounty!!!

#StackBounty: #bash #ubuntu #ssh #arch-linux #vim Why can't I use tab for autocompletion in neovim over SSH?

Bounty: 50

When used locally on arch I can easily use tab for auto completion in vim when e.g. filling in a path with deoplete. If I SSH to this computer from my laptop then tab still works for completion. But if I SSH from this computer to an Ubuntu 18.04 (or any version I think) machine then when I type tab it simply inserts a tab. What is causing this issue and how can I fix it so I can use tab over SSH when connected to an Ubuntu server?

All machines I mentioned are also running the exact same vimrc and are all using neovim.


Get this bounty!!!

#StackBounty: #bash #ubuntu #ssh #arch-linux #vim Why can't I use tab for autocompletion in neovim over SSH?

Bounty: 50

When used locally on arch I can easily use tab for auto completion in vim when e.g. filling in a path with deoplete. If I SSH to this computer from my laptop then tab still works for completion. But if I SSH from this computer to an Ubuntu 18.04 (or any version I think) machine then when I type tab it simply inserts a tab. What is causing this issue and how can I fix it so I can use tab over SSH when connected to an Ubuntu server?

All machines I mentioned are also running the exact same vimrc and are all using neovim.


Get this bounty!!!