SSH for my_webapp and installing chroot os with the help of debootstrap

I want to use ssh for my_webapp along with sftp. How can I achieve it?

@Maniack_Crudelis can I take help of your package in providing ssh to webapp ?https://github.com/maniackcrudelis/ssh_chroot

I needed lot of commands that was required under chroot jail along with ssh support. So I installed debootstrap and installed debian stable version inside chroot folder that is my_webapp__1. This way a virtual envirnment was created for the development of the app completely away from the yunohost. Here are the steps I followed. If some thing can be improved or can be done in better way, please don’t hesitate to improve this.

  1. Install my_webapp on yunohost.
    # yunohost app install https://github.com/YunoHost-Apps/my_webapp_ynh/

  2. Remove force sftp for the app from ssh
    # nano /etc/ssh/sshd_config
    Remove ForceCommand internal-sftp from the my_webapp__1 .

  3. Allow the user to have ssh permission by adding the line AllowUsers my_webapp__1

  4. Restart ssh
    # service ssh restart

  5. Install debootstrap. Read more about chroot and debootstrap here
    # apt-get install debootstrap

  6. Install the choice of os in chroot directory.
    # debootstrap stable /var/www/my_webapp__1 http://deb.debian.org/debian/

  7. You can login to the root of the new installed os by chroot
    # chroot /var/www/my_webapp__1

  8. Install the required packages like ssh,sudo
    # apt-get install ssh sudo

  9. Exit the chroot
    # exit

  10. The uid for both the users that is the real os (Yunohost) and the chroot os should be same. So we give the same uid of my_webapp__1’s (real os-Yunohost) to the my_webapp__1’s (chroot os).
    Get the uid of webapp__1 from real os(Yunohost)
    #cat /etc/passwd
    Check for the uid of the my_webapp__1 and copy it.
    Again login to chroot directory following step 7 and create a user my_webapp__1 in chroot OS.
    # adduser my_webapp__1
    Give it the same password as real OS(Yuhohost) user.

  11. Give the same uid to the chroot os by coping the uid of real os (Yunohost) to the chroot os.
    Paste the uid of for_webapp__1 ( real os) copied from real os (Yunohost)
    #nano /etc/passwd
    Paste the uid to the my_webapp__1

  12. Now you can ssh to the chroot folder with the my_webapp__1 user.
    Try it
    $ ssh my_webapp__1@domain.tld
    Enter password and you will be in the shell as my_webapp__1 user of chroot os.

Sometimes my_webapp__1 will require root privileges. For this either you can give my_webapp__1 as root privileges or login as root by su. Other way is giving user privilege to run sudo without password and with root access by editing /etc/sudoers.
Login to the chroot root by step 7 again and add the user to have sudo privieges.
# nano /etc/sudoers
Add this line under Allow members of group sudo to execute any command
my_webapp__1 ALL=(ALL) NOPASSWD: ALL

Now you can ssh to the chroot by ssh my_webapp__1@domain.tld and run any command which require by sudo.

Hi!
Thank you for your solution :slight_smile:
I have a similar need (use command from ssh remote on my_webapp) without virtual env.
But i followed your tutorial without success… when ssh connect, my $ ssh are automaticaly closed after login :frowning:

have you an idea ?

Can you show the verbose?

Hi !

I try to do this, but I don’t understand where do you get your “my_webbapp__2”, is this a typo ?

Also step 2 seems to broke my ssh access, after this I can’t connect with ssh anymore.If I skip it I can complete all steps except…

…step 12 doesn’t work for me. No access with ssh my_webapp__1@domain.tld.

Any ideas ?

Its typing mistake.

Also step 2 seems to broke my ssh access, after this I can’t connect with ssh anymore.If I skip it I can complete all steps except…

AllowUsers my_webapp__1 should be under my_webapp__1 exactly from where you removed

ForceCommand internal-sftp

Since 4.2 there should be no AllowUsers my_webapp block anymore. The corresponding app user is in the sftp.app system group which is handled by this block: yunohost/sshd_config at dev · YunoHost/yunohost · GitHub

(All of this assuming your my_webapp app is up to date)

Edit: also I guess if you really want to use ssh for this app, you can add it to the ssh.app group : usermod -a -G ssh.app my_webapp

2 Likes

So I used (indeed the my_webapp block was missing) :
usermod -a -G ssh.app my_webapp

I found my other problem :
At step 10 the new user’s password should be the same as the one of the webapp not the same as yunohost’s admin (it wasn’t clear for me).

I get now : This account is currently not available.

Hmpf yeah indeed you also need to change the login shell for that user with usermod --shell /bin/bash my_webapp

But that’s honestly puzzling why you’d want to log in with that user …

Thanks it worked !
Thank you both !

I need to host a game server.

But why would you host a server inside a server!!!?

Dunno :stuck_out_tongue:
I don’t know anything on hosting a server apart some basics about hosting a website…

I’m using my server for some website as well. So I thought it was better to have my game server elsewhere than in the server it self. I also need a different web adress for the clients to connect to. I don’t know if it’s the right way to do this…

1 Like