Edit app files over SFTP with admin account

adel · July 13, 2022, 5:24pm

My YunoHost server

Hardware: VPS bought online
YunoHost version: 4.3.6.3
I have access to my server : Through SSH
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

Description of my issue

Hi guys,

hope you’re doing well. In the past I used the root account to edit stuff using SFTP but I disabled it and use only the default admin user now. How am I supposed to work with files of the apps now? I see the admin doesn’t have many permissions and using sudo is not possible with e.g. FileZilla.

Is there a way to allow temporary permission and revert after doing changes?

Best regards

ljf · July 13, 2022, 9:26pm

The answers is here: Add permissions to admin to /var/www/* using setfacl ? · Issue #1698 · YunoHost/issues · GitHub

TheNomad11 · July 14, 2022, 6:47pm

I also wondered about that. Could you explain how this solution is supposed to work with, for example Filezilla? It is, unfortunately not obvious for me

ssh admin@example.com -L 22:localhost:22
sftp root@localhost

ljf · July 14, 2022, 6:56pm

Run the command in a console (or putty/mobaxterm)

ssh admin@example.com -L 22:localhost:22

Configure filezilla to connect on host: localhost, user:root and port: 22

The first command is a ssh tunnel, it’s like if you was inside your yunohost with filezilla. In this case you can connect with root.

TheNomad11 · July 14, 2022, 7:20pm

Ah, thanks a lot. I remember I tried ssh tunneling some time ago. I will have a try, thanks!

adel · July 14, 2022, 7:47pm

Thanks for clarifying! If my yunohost ssh is at port 1337, should I use 1337:localhost:22 or 22:localhost:1337?

ljf · July 14, 2022, 7:49pm

I never know, but you can do 1337:localhost:1337 and connect with filezilla on 1337

adel · July 14, 2022, 8:02pm

I think I’ve setup the tunnel correctly. Didn’t show any errors after connecting using Terminal. Any idea why it’s asking for the public key? I use ssh keys for login but as far I understand that shouldn’t matter because I’m already logged in over Terminal. Orr… ?

Qprq · July 15, 2022, 12:41am

Syntax is LOCALPORT:HOST:REMOTE PORT, but as stated by ljf, you can use anything as LOCALPORT (as long as this port is free).

If there is a problem setting up the tunnel, a message should be displayed by ssh on the remote host (on the second line).

Anyway, I could not use SFTP in the way described by ljf, because root can’t connect to ssh on localhost on my yunohost instance with default config.

I works if:

There is an exception for root login from localhost
The local user connecting with sftp is in /root/.ssh/authorized_keys

system · July 30, 2022, 12:41am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.