I am working on a windows machine that is maintained by our IT department. My user account me lives in a domain dom, which leads to my cygwin user name being dom+me. This is inconvenient because my user name is just me on all other machines that I want to talk to with ssh and so on. Is there a way to remove or hide the dom+ part from cygwin?
Some additional details: My cygwin home directory is /home/me, so that part is fine. Whoami replies dom+me, ssh asks for dom+me's password if I do not specify a user name.
ssh can be told to override the default user name by adding the following lines to the file ~/.ssh/config:
Host *
User me
Afterwards, ssh and scp use the default user name me.
Related
I am trying to set up a user for my raspberry pi which is restricted to one file. This means that on this file, the user has all permissions (rwx) but on all other files and directories he has not any permission, not even read.
I need this because I want to lend my raspi incl. code to someone else. The one file is my code's config file which the person should be able to change for testing purposes. But I do not want to show my code and other settings.
I tried to set up a user and a group but this means I have to change all files/directories on the raspi. I simply want to restrict the user.
Thanks for any help.
muleque
sudo useradd -m $USERNAME
This will provide you a new user with whatever name you replace $USERNAME with. This user will have access to their own home directory and you can place this file that you want them to have access to here, /home/$USERNAME.
If you want to further restrict this user's access to the rest of the machine you can create a chroot jail which means they can access nothing apart from this directory. There are many options for how to perform this but if the user will access the raspberry pi over SSH here is a simple example.
https://www.tecmint.com/restrict-ssh-user-to-directory-using-chrooted-jail/
i want to save the user's IP when he connects to it's home folder, this is because i'm a user in a server where my team has a folder where our public_html is located, but we use the same account, so i just want to register who connected.
So i want to make a script that triggers when a connection is made and save the user's IP into a hidden file.
But i don't know if i could leave running a script in background to do it, and How?
If you're a root on that machine, you can simply check the auth log / messages / journal / ... (depends on the distribution). By default sshd logs all you need already.
If you're not a root, then you'll have to keep in mind this will never be secure. You can do this in the user's bash profile, but:
Since it's running as the same user, whoever logs in can just change the file (you can't hide it)
Anyone can workaround the script by executing some other command instead of the shell (for example ssh user#host /some/command will not be logged)
It's not secret.
If that's ok with you, then you just need to add this to bashrc
echo "new connection at $(date) from ${SSH_CLIENT}" >> ~/your_connection_log
Different solution, which should've been the default actually. Most distributions provide login history which you can request for your account without root privileges.
Running last your_username should give you the details of last few logins which cannot be manipulated by the user. (the log can possibly be spammed with entries however)
I am using FileZilla to log in to an SFTP host with my credentials. However, I need to use an equivalent of sudo su - user (as used in linux) to change the user. There are no passwords set for this general user, and hence direct login is not allowed.
What FTP command can I use with the "Enter custom command.." option in FileZilla to switch users after connecting?
(This is required so I can transfer files as a different user and not my login.)
SFTP protocol doesn't support changing user in the middle of transfer session (so no case to login and then change user with some custom command). But you can launch sftp server under needed user using sudo, by changing SFTP client configuration. Don't know whether this trick is supported by FileZilla, but it's supported by PuTTY or WinSCP. There in the sftp server settings you can specify something like "sudo /bin/sftp-server" in order to launch transfer session under different user.
For example, instruction how to do this with WinSCP:
https://winscp.net/eng/docs/faq_su#sudo
I'm trying to edit some files on a remote server with Vim. I've managed this on other servers without trouble in the past, but in this case when I type:
$ vim ftp://username#xxxxxx.com/
I'm prompted for a password, I type it in and I see this:
Name (notixvalet.com:george): User cannot log in.
Please login with USER and PASS.
Please login with USER and PASS.
Please login with USER and PASS.
ftp: Login failed
'george' is my username on my local machine (Mac OS X 10.8.) Vim seems to be ignoring the username I give it and trying to log on as 'george', no matter what I do. To test this I created a new account on my MacBook with the same username as the username on the server I'm trying to log in as, then from that account I can log in fine. This is obviously a VERY hacky solution - how can I connect using the right username from my regular account?
(Incidentally, the username and password I'm using are 100% definitely right - I can use them to connect to the server through an FTP client such as FileZilla.)
The plugin you are using to edit the remote files is netrw, as noted by Ingo in the comments. You can read the plugin help file through :h netrw. In special:
NETRC *netrw-netrc*
The <.netrc> file, typically located in your home directory, contains lines
therein which map a hostname (machine name) to the user id and password you
prefer to use with it.
The typical syntax for lines in a <.netrc> file is given as shown below.
Ftp under Unix usually supports <.netrc>; ftp under Windows usually doesn't.
>
machine {full machine name} login {user-id} password "{password}"
default login {user-id} password "{password}"
Your ftp client must handle the use of <.netrc> on its own, but if the
<.netrc> file exists, an ftp transfer will not ask for the user-id or
password.
Note:
Since this file contains passwords, make very sure nobody else can
read this file! Most programs will refuse to use a .netrc that is
readable for others. Don't forget that the system administrator can
still read the file! Ie. for Linux/Unix: chmod 600 .netrc
Is there any chance that you forgot to copy the ~/.netrc file from the other servers where you can connect without problems? Or it has incorrect permissions, as mentioned on the last paragraph?
We've recently set up Gitolite server. All seems well. I can connect to it without a problem.
A new user has been set up, he's on a Mac and trying to use SourceTree. The only way I could get him to connect was for him to attempt to ssh to the server and I typed in the password (exited afterwards). Without that the system kept asking for a password for that server.
Is this normal behaviour?
How do non-sysadmin users gain access to gitolite?
Gitolite is based on forced command, which means non-interactive session.
So:
no password should ever be entered (assuming here non-password protected private key).
(as detailed in "how gitolite uses ssh").
no "non-sysadmin" should ever gain access to gitolite server itself.
So all he should need is a public key stored in ~/.ssh (making sure both his home and .ssh aren't group or world writable), registered in gitolite-admin/keys and published on the gitolite server .ssh/authorized_keys file.
From there, as mentioned in "Sourcetree and Gitolite":
If you are cloning a remote git repository, you need to tab out of the Source path/ URL field to activate the clone button.
The url will be validated at that point.
The url needs no special syntax working with gitolite, and even respects the host entries in your ssh conf file. So in my case a url of gitolite:workrepo is sufficient.