Quote:
Originally Posted by roopakl
# ls -la .htpasswd -rw-r--r-- 1 www-data root 18 10. Mai 16:30 .htpasswd
For above file, should we create it under /var/www in the webserver?
|
Correct.
Quote:
Originally Posted by roopakl
and this file is nothing but the same in which we are copying that bash shell script. isn't it?
|
No. The shell script in the post is "/var/www/.htpasswd.sh" but I would advice you to place it as /usr/local/bin/htpasswd.sh instead.
Quote:
Originally Posted by roopakl
# cat .ssh/authorized_keys
command="/var/www/.htpasswd.sh" ssh-rsa AAAA... user@host
The 2nd one is not clear. Should we do this in the web server or in every client machine. Could you please show me with some example. Because I copied as it is but it is not working. what about "AAAA... user@host", should we type AAAA... also and user@host means who and which. I added as "roopa@192.168.0.3"(which is the client PC username and IP address) in .ssh/authorized_keys under root's home directory of the web server, and ran "ssh apache@localhost" and ran "ssh apche@(webserverIP) from the client machine. I got connection refused error for 1st one, asking apache password for 2nd one. I gave username as apache because I am running centos(web server) and home dirctory of apache is /var/www. So I could not understand and I request you to explain with full details.
|
* First of all you do not use root to SSH into the machine! If you do that currently, correct that mistake
before doing anything else: create an unprivileged user, set it up to use 'sudo', then reconfigure /etc/ssh/sshd_config to deny root access.
** Secondly they talk about adding accounts for unprivileged users to the web server user. I would advice against that
as the Apache web server user should not be allowed a functional shell and SSH access. Instead set up sudo for any unprivileged user to execute '/usr/local/bin/htpasswd.sh' as user httpd (or user www-data, www or apache depending on your distro). You set the
command="/usr/bin/sudo -u httpd /usr/local/bin/htpasswd.sh" part in each unprivileged users account on the
server. So for example for user "unspawn" open up /home/unspawn/.ssh/authorized_keys and find the key
Code:
ssh-rsa AAAAa6e1243e5889285e9c64e01fc1a55d86f0e5f8feb0baa2a51913efa76dad49e19A= unspawn@loopback.internic.ca
and change it to
Code:
command="/usr/bin/sudo -u httpd /usr/local/bin/htpasswd.sh" ssh-rsa AAAAa6e1243e5889285e9c64e01fc1a55d86f0e5f8feb0baa2a51913efa76dad49e19A= unspawn@loopback.internic.ca
. That also explains the ""AAAA... user@host"" part (it's the SSH key). Note when adding the command this key can not be used for anything else anymore.
Quote:
Originally Posted by roopakl
As per script I saw mkpasswd. I ran in both ubuntu & cent OS as "whereis mkpasswd". I neither found the path in cent OS nor in ubuntu. Is it additional package and should it be installed before doing these all things?
|
mkpasswd is in the "expect" package.