Results 1 to 3 of 3

Thread: Login Key for Laravel developer

  1. #1
    Join Date
    Feb 2015
    Posts
    6

    Question Login Key for Laravel developer

    Hello!

    I'm not sure if this is the right forum to ask this, feel free to move the post to the right place.

    I've a CentOS 7 VPS where we're going to host our new website. The server is actually used for a Moodle installation but it's under a subdomain controlled by another user, so the main domain's public_html folder is still empty and has no website inside.

    The site is being developed with Laravel by an external developer, so we need to give him SSH access to our server. Like I said there is no current website hosted so we're not worried about content that could be deleted in the public_html folder, but we would like to restrict access to the server's administrative tools and files, like DirectAdmin access, custombuild folder, or anything that could be used to change or modify server configurations.

    I've never used Login Keys but I think it's the way to give him access, right? The main questions that come to my mind are:

    - Given it's the server's main domain we need to give access to, the Login Key has to be created for the "admin" user, right? (login as admin user > user level > login keys)
    - When creating the Login Key it says If no commands are checked (allow and deny), all commands are allowed., but what if I select some checkboxes for "allow" and leave the rest unchecked? Do I need to check the "deny" for everything else?
    - Which commands should I select to allow the user to login via ssh and run commands like git, php/composer, etc? (I'll install git client, no need to give him access to install software on the server).
    - Is there anything else I can do to restrict access to other folders outside the user's home folder?

    I hope I've asked the right questions and not give you too much work to answer them. Is this the right approach?

    Thank you in advance, sorry for my english

  2. #2
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    13,069
    Hello,

    Login Keys in Directadmin has nothing to do with connecting over SSH. Login keys are used only for connections to Directadmin.

    Directadmin does not offer tools to restrict access over SSH. You should configure a chroot`ed access over SSH for your developer. Directadmin does not offer it either. It used to offer a script for it, but as far as I know it's not working.

    See you can specify ChrootDirectory in /etc/ssh/sshd_config together with Match

    ChrootDirectory

    Specifies the pathname of a directory to chroot(2) to after authentication.At session startup sshd(8) checks that all components of the pathname are root-owned directories which are not writable by any other user or group.After the chroot, sshd(8) changes the working directory to the user's home directory.
    So it's fully up to you to find a working solution, you can use "ssh chroot" as a key-word for searching in Internet.

    This one can help you:

    - https://allanfeid.com/content/creati...ail-ssh-access

    BUT DO NOT FOLLOW THE GUIDE UNLESS YOU KNOW FOR SURE WHAT YOU ARE DOING!
    OR YOU MIGHT LOCK YOURSELF OUT OF SSH ACCESS TO YOUR SERVER
    Regards, Alex G.

    - You can hire me on www.poralix.com to work on your server
    - Follow and like @Poralix on Facebook

  3. #3
    Join Date
    Feb 2015
    Posts
    6
    Alex,

    I'll do some research on the matter before doing anything on my server, thanks for the link and the explanation.

    It is obvious that you are a very valuable member of this community, thank you for taking the time to answer this question, even if it is not related to DirectAdmin (I really thought it was).

    Regards,
    Gonzalo

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •