ssh support for customers

[Ward]

Hello,

 

I read some topics that it's not possible to give customer ssh access trough the admin panel, but instead you could do it within the database of froxlor. I've tried to put the ssh field in the ftp_users table to /bin/bash or /bin/sh instead of /bin/false, but I'm not able to login with the customers account.

 

Anybody any idea how I can give the customer access?

 

Thanks!

Ward

[d00p]

Do you have libnss-mysql setup? This reads system-users from our database, think you'll need that

[Ward]

Okay I installed that. But looks like I'm having trouble with my config file. Does anybody has an sample config file that works on the froxlor db structure?

 

Thanks!

[d00p]

Froxlor does.

Look in Configuration -> [your os] -> Other (system) -> libnss

[plasmagunman]

not working here...

we have libnss and a valid shell in ftp_users table.

is this ssh support a linux-specific feature? since we are running on freebsd.

froxlor version is 0.9.17.

 

thanks in advance.

[arnoldB]

[...] since we are running on freebsd.

froxlor version is 0.9.17.

 

By the way: http://forum.froxlor.org/index.php?/topic/1112-froxlor-0922-on-freebsd/

[plasmagunman]

By the way: http://forum.froxlor.org/index.php?/topic/1112-froxlor-0922-on-freebsd/

is this an answer to my question, or just a nice-to-know?

as far as i see this thread (and the implications, that ssh login for froxlor ftp-accounts works if you set a valid shell and configure libnss) is older than version 0.9.17, so updating wouldn't solve my problem, wouldn't it?

 

to clarify my question: is a valid shell in ftp-users and a configured libnss all you have to do to enable ssh login for froxlor-crated users? do we have a misconfiguration on our site or am i missing something? i found some documentation on a pam_mysql module, but this thread and others in this forum (http://forum.froxlor.org/index.php?/topic/779-ssh-nutzung-mit-den-virtuellen-usern/, http://forum.froxlor.org/index.php?/topic/94-ssh/) don't mention pam. do we need pam_mysql to enable ssh login for froxlor ftp users?

[CoCo]

is this an answer to my question, or just a nice-to-know?

as far as i see this thread (and the implications, that ssh login for froxlor ftp-accounts works if you set a valid shell and configure libnss) is older than version 0.9.17, so updating wouldn't solve my problem, wouldn't it?

 

to clarify my question: is a valid shell in ftp-users and a configured libnss all you have to do to enable ssh login for froxlor-crated users? do we have a misconfiguration on our site or am i missing something? i found some documentation on a pam_mysql module, but this thread and others in this forum (http://forum.froxlor.org/index.php?/topic/779-ssh-nutzung-mit-den-virtuellen-usern/, http://forum.froxlor.org/index.php?/topic/94-ssh/) don't mention pam. do we need pam_mysql to enable ssh login for froxlor ftp users?

 

I gave this a quick and dirty try on 8.2-STABLE, using Froxlor 0.9.22 and libnss-mysql 1.5_3. Please note, that I never used libnss-mysql before, so take my hints with a grain of salt.

 

Since the gets* functions are not implemented on FreeBSD, I had to modify the getp* queries to return the password from the database. It's quite possible, that the original installation instructions where created having the linuxulator installed, but I haven't tried that.

 

Here's the relevant snippet from /usr/local/etc/libnss-mysql.cfg

 

getpwnam SELECT username, password, uid, gid, '0', '', 'MySQL User', homedir, shell, '0' FROM ftp_users WHERE username='%1$s' AND login_enabled = 'Y' LIMIT 1
getpwuid SELECT username, password, uid, gid, '0', '', 'MySQL User', homedir, shell, '0' FROM ftp_users WHERE uid='%1$u' AND login_enabled = 'Y' LIMIT 1
getpwent SELECT username, password, uid, gid, '0', '', 'MySQL User', homedir, shell, '0' FROM ftp_users

 

Please drop me a note, if this works out for you, also.

 

MfG CoCo