I have no problems accessing Nextcloud files in a filebrowser, in Dolphin for example via
Not all programs speak WebDAV (Digikam in particular for me), so I hoped to use SSHFS. The security is too good for me to find a way in though ;-(
I added my public key to /home/users/nextcloud/.ssh/authorised_keys , but I can’t manage to log in. The id_rsa-key is not tried for user nextcloud, even though it works for admin.
Trying to log in …
ssh firstname.lastname@example.org -i .ssh/id_rsa -vvv
.... debug1: Offering public key: .ssh/id_rsa RSA SHA256:pUgXalgQdsgUXF0ZFNlosixUdlumC7GTCA63+vafXyk explicit debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: ,password debug3: authmethod_is_enabled password debug1: Next authentication method: password email@example.com's password:
Without explicit key, id_rsa is skipped (not tried at all, it starts with id_dsa and then a bunch of other algorithms).
In /etc/ssh/sshd_conf I found
Match User admin,root AllowTcpForwarding yes AllowStreamLocalForwarding yes PermitUserRC yes
Adding nextcloud didn’t seem a very good idea, but after testing, it did not make a difference so I removed it again.
I’d be hesitant to use admin or root for SSHFS-access to nextcloud, but it does not give access to nextcloud data anyway (admin has very limited access to other users’ data, root some more, but not to nextcloud data).
I am quite sure it has to do with user nextcloud not having a shell, is that correct?
Is there a workaround?
For me the best scenario would be to have SSHFS-access on a per user basis, but because it is only for private use, giving everyone access to other users nextcloud data is also an option (hence testing with
sshfs firstname.lastname@example.org:/home/yunhost.app/nextcloud sshfs-dir )
(Solution: ljf gave the shape of the solution, see below for FACL specifics)