PDA

View Full Version : SSH access for clients


wpwood3
13th October 2007, 06:26
How to I allow clients to access the sites they manage via SSH?

I have set up clients and websites in ISPConfig. All looks well there. They can login to ISPConfig and can use FTP. They all show up if I run:
getent passwd

Is there something additional I need to do in CentOS to give clients access via SSH?

edge
13th October 2007, 06:36
Did you enable "Shell Access:" for the site?
It's in ISPconfig > site > Basis

You might also like to "chroot" the users.

wpwood3
13th October 2007, 07:03
Did you enable "Shell Access:" for the site?
It's in ISPconfig > site > Basis
Yes, I had already done that. Still no SSH access...

Any other ideas?

mlz
13th October 2007, 08:14
I know this sounds stupid, but you've installed openssh and have it running, right?

wpwood3
13th October 2007, 08:19
When I try to access a site via SSH as a client I get this error:

File transfer server could not be started or it exited unexpectedly.
Exit value 1 was returned. Most likely the sftp-server is not in the path of the user on the server side.

till
13th October 2007, 11:23
What you are trying to do is to use sftp and not SSH. Try to use a SSH client like putty to connect to your SSH server.

For sftp, have a look at your sshd config file and make sure that sftp is installed and enabled.

wpwood3
13th October 2007, 15:57
What you are trying to do is to use sftp and not SSH. Try to use a SSH client like putty to connect to your SSH server.

For sftp, have a look at your sshd config file and make sure that sftp is installed and enabled.I thought SSH and SFTP were the same thing.
http://en.wikipedia.org/wiki/SSH_file_transfer_protocol

Regardless, I've always used SSH Secure Shell 3.2.9 (http://www.ssh.com/) and I assume that uses SSH. I have no problem connecting and transferring files as root but none of my clients can login.

My sshd_config contains the following line:
Subsystem sftp /usr/libexec/openssh/sftp-server

I downloaded and installed Putty but still got exactly the same result. Only root can login.

This server is a test server sitting right next to me. I cannot login to the console using any of the client usernames/passwords that were created in ISPConfig.

wpwood3
13th October 2007, 16:44
I think I'm starting to understand the problem but, I don't know why it is happening.

If I look at the clients in my /etc/passwd file they look like this:
bill:x:10007:10006:Bill:/var/www/web6:/bin/false
The "/bin/false" is preventing them from being able to login and receive a Bash prompt. I would assume that checking the "Shell Access" box in ISPConfig would change "/bin/false" to "/bin/bash" but it didn't!

Why??

wpwood3
13th October 2007, 16:56
:o I'm an idiot! Please kick me... :o

I had shell access turned ON for the SITES but NOT for my clients. Doh...

After looking at the results in the passwd file I went back and looked at each client in ISPConfig. Sure enough, the little boxes that say "Shell Access" were not checked. When I originally setup each site I did not check shell access for any site or users. It was only after I enabled shell access for the sites that I started testing if the users could login.

...I'll go back to my room now.

alfonso
2nd January 2008, 14:05
I had shell access turned ON for the SITES but NOT for my clients. Doh...


Which way did you enable access for clients? I only see the Shell access option on the site tab.

Thank you.

till
3rd January 2008, 11:13
Clients can nevre login to your server by SSH or FTP as they are no linux users. Only the users of the websites can login to your server by SSH or FTP if you enabled it in the site settings.

alfonso
3rd January 2008, 16:55
Clients can nevre login to your server by SSH or FTP as they are no linux users. Only the users of the websites can login to your server by SSH or FTP if you enabled it in the site settings.

It accept the user and password, but is defined as /bin/false so it get me out after MOTD.

I have checked Shell access correctly on properties, but still cannot login.

Any idea?

Thank you.

till
4th January 2008, 11:37
Which ISPConfig version do you use? The ISPConfig dev versions have a additional checkbox for shell access in the user settings that must be anabled.

alfonso
4th January 2008, 11:56
Which ISPConfig version do you use? The ISPConfig dev versions have a additional checkbox for shell access in the user settings that must be anabled.

I am using the 2.2.18 last release.

falko
5th January 2008, 13:35
I think in 2.2.18, you must enable Shell access as well for each user (under User & Email).

xrat
9th January 2008, 01:28
I think in 2.2.18, you must enable Shell access as well for each user (under User & Email).

Hint: If falko thinks it means you can be sure it actually is the case ;)

falko
9th January 2008, 17:21
I think in 2.2.18, you must enable Shell access as well for each user (under User & Email).
I've just verified it, and it is like I guessed. :)