locking down dev server - multiple ssh keys - /sub/ access
I've been "webmaster" for my own sites running on Dreamhost but always solo, as a root user. Formerly, this firm hosted on Media Temple, and self hosted an Ubuntu dev and svn server. With the control panels on DH & MT at least, one is able to assign permissions to certain directories, and MySQL db for certain users.
This is important in the context of this organization, as they have a a half dozen development projects in process at any time, and any number of hired guns contributing to them.
Clearly, allowing root access to the entire server is undesirable.
So I've been digging into ssh keys, and command line access. As a first step, I generated RSA and DSA keys locally, and as root, created a user for myself in ~/home/ on the dev Linode.
Yesterday i tried to scp my public keys to ~/home/user/.ssh
Terminal stated -bash: cd: /.ssh: No such file or directory
despite issuing a mkdir command. However logged in via STFP, I can see /.ssh and my two public keys in it. I did not see this directory last night. There should not be time lag, and am puzzled by this.
Since my keys are now in /.ssh I just tried to log in via Terminal as my user, not root. I was still asked for the password I set when I created my user logged in as root.
I believe there are several commands that need to be issued as root to lock down the server and enable key access logins.
Q: Will that lock-down prevent SFTP access?
And further, to the point of my introductory statement, assuming as root that I create users for hired guns, how do I associate them with particular projects and MySQL databases?
Is this question, and my puzzle over the phantom /.ssh too vague, broad and deep to be asked here? I fear it is.
I'm hoping for some help, if not clarity, or suggested reading. I've been consulting library.linode.com for information, but it's not as granular as perhaps needed for a lightweight like myself.
cheers, mjb
12 Replies
current directory structure is ~/home/user/.ssh and I can see that via an FTP client logged in as root.
to reiterate, the issue is, we will have users who need access to ~/var/www/projects/project and to MySQL on a user by project basis.
how best to do that, so that when project is complete, creds can be parked, or removed/revoked.
mjb
So ~/home/user/.ssh in fact expands to be "/home/user/home/user/.ssh"
I had signed up for a free cPanel 20 day license, but what I've also come to understand in reading pre-install documentation, is that it must be installed on a blank box. We currently have 21GB of project sites and MySQL databases being served on the node I'd like to run it on to put a face on all that back-end admin we need to do.
I can look into the panels you list, but to your knowledge (or anyone else's) will we run into a similar issue. That is, if we have data, will that preclude install.
cheers
If you really need a control panel then bring up a new node and migrate your projects to it, otherwise it's time to learn the command line!
TOS
@hoopycat:
What is CFS? And why would it be against the
? TOS
Better yet, who is peleus and why is he going around resurrecting 2+ year old threads?