I want to use ssh for my_webapp along with sftp. How can I achieve it?
@Maniack_Crudelis can I take help of your package in providing ssh to webapp ?https://github.com/maniackcrudelis/ssh_chroot
1 Like
I needed lot of commands that was required under chroot jail along with ssh support. So I installed debootstrap and installed debian stable version inside chroot folder that is my_webapp__1. This way a virtual envirnment was created for the development of the app completely away from the yunohost. Here are the steps I followed. If some thing can be improved or can be done in better way, please don’t hesitate to improve this.
-
Install my_webapp on yunohost.
# yunohost app install https://github.com/YunoHost-Apps/my_webapp_ynh/ -
Remove force sftp for the app from ssh
# nano /etc/ssh/sshd_config
RemoveForceCommand internal-sftpfrom the my_webapp__1 . -
Allow the user to have ssh permission by adding the line
AllowUsers my_webapp__1 -
Restart ssh
# service ssh restart -
Install debootstrap. Read more about chroot and debootstrap here
# apt-get install debootstrap -
Install the choice of os in chroot directory.
# debootstrap stable /var/www/my_webapp__1 http://deb.debian.org/debian/ -
You can login to the root of the new installed os by chroot
# chroot /var/www/my_webapp__1 -
Install the required packages like ssh,sudo
# apt-get install ssh sudo -
Exit the chroot
# exit -
The uid for both the users that is the real os (Yunohost) and the chroot os should be same. So we give the same uid of my_webapp__1’s (real os-Yunohost) to the my_webapp__1’s (chroot os).
Get the uid of webapp__1 from real os(Yunohost)
#cat /etc/passwd
Check for the uid of the my_webapp__1 and copy it.
Again login to chroot directory following step 7 and create a user my_webapp__1 in chroot OS.
# adduser my_webapp__1
Give it the same password as real OS(Yuhohost) user. -
Give the same uid to the chroot os by coping the uid of real os (Yunohost) to the chroot os.
Paste the uid of for_webapp__1 ( real os) copied from real os (Yunohost)
#nano /etc/passwd
Paste the uid to the my_webapp__1 -
Now you can ssh to the chroot folder with the my_webapp__1 user.
Try it
$ ssh my_webapp__1@domain.tld
Enter password and you will be in the shell as my_webapp__1 user of chroot os.
Sometimes my_webapp__1 will require root privileges. For this either you can give my_webapp__1 as root privileges or login as root by su. Other way is giving user privilege to run sudo without password and with root access by editing /etc/sudoers.
Login to the chroot root by step 7 again and add the user to have sudo privieges.
# nano /etc/sudoers
Add this line under Allow members of group sudo to execute any command
my_webapp__1 ALL=(ALL) NOPASSWD: ALL
Now you can ssh to the chroot by ssh my_webapp__1@domain.tld and run any command which require by sudo.
1 Like
Hi!
Thank you for your solution 
I have a similar need (use command from ssh remote on my_webapp) without virtual env.
But i followed your tutorial without success… when ssh connect, my $ ssh are automaticaly closed after login 
have you an idea ?
Can you show the verbose?
Hi !
I try to do this, but I don’t understand where do you get your “my_webbapp__2”, is this a typo ?
Also step 2 seems to broke my ssh access, after this I can’t connect with ssh anymore.If I skip it I can complete all steps except…
…step 12 doesn’t work for me. No access with ssh my_webapp__1@domain.tld.
Any ideas ?
Its typing mistake.
Also step 2 seems to broke my ssh access, after this I can’t connect with ssh anymore.If I skip it I can complete all steps except…
AllowUsers my_webapp__1 should be under my_webapp__1 exactly from where you removed
ForceCommand internal-sftp
Since 4.2 there should be no AllowUsers my_webapp block anymore. The corresponding app user is in the sftp.app system group which is handled by this block: https://github.com/YunoHost/yunohost/blob/dev/data/templates/ssh/sshd_config#L93
(All of this assuming your my_webapp app is up to date)
Edit: also I guess if you really want to use ssh for this app, you can add it to the ssh.app group : usermod -a -G ssh.app my_webapp
2 Likes
So I used (indeed the my_webapp block was missing) :
usermod -a -G ssh.app my_webapp
I found my other problem :
At step 10 the new user’s password should be the same as the one of the webapp not the same as yunohost’s admin (it wasn’t clear for me).
I get now : This account is currently not available.
Hmpf yeah indeed you also need to change the login shell for that user with usermod --shell /bin/bash my_webapp
But that’s honestly puzzling why you’d want to log in with that user …
Thanks it worked !
Thank you both !
I need to host a game server.
But why would you host a server inside a server!!!?
Dunno 
I don’t know anything on hosting a server apart some basics about hosting a website…
I’m using my server for some website as well. So I thought it was better to have my game server elsewhere than in the server it self. I also need a different web adress for the clients to connect to. I don’t know if it’s the right way to do this…
1 Like
Hi guys, I opened a new thread because even by following these steps, stuff breaks… Do you have any idea about what is wrong?
Note
While performing debootstrap install, I get the following error:
W: Failure trying to run: chroot "/var/www/my_webapp" dpkg --force-overwrite --force-confold --skip-same-version --install /var/cache/apt/archives/libapparmor1_2.13.6-10_amd64.deb /var/cache/apt/archives/libargon2-1_0~20171227-0.2_amd64.deb /var/cache/apt/archives/libcryptsetup12_2%3a2.3.7-1+deb11u1_amd64.deb /var/cache/apt/archives/libip4tc2_1.8.7-1_amd64.deb /var/cache/apt/archives/libjson-c5_0.15-2_amd64.deb /var/cache/apt/archives/libkmod2_28-1_amd64.deb /var/cache/apt/archives/libcap2_1%3a2.44-1_amd64.deb /var/cache/apt/archives/dmsetup_2%3a1.02.175-2.1_amd64.deb /var/cache/apt/archives/libdevmapper1.02.1_2%3a1.02.175-2.1_amd64.deb /var/cache/apt/archives/systemd_247.3-7+deb11u1_amd64.deb
W: See /var/www/my_webapp/debootstrap/debootstrap.log for details (possibly the package systemd is at fault)