How to create SFTP-only user accounts to kill SSH access
Problem Statement
We wanted to create SFTP-only user accounts that cannot SSH into the server to run commands. There is no built-in approach to this problem that we can find so we created a simple shell script to solve it. Here we will discuss how it works.
Step 1: Create a shell script to run as the user’s shell
Create a shell script called /sbin/sftp-only as follows:
#!/bin/sh if [ "$*" != "-c /usr/libexec/sftp-server" ] then echo “Sorry, ssh access not allowed.” exit fi exec /usr/libexec/sftp-server
Step 2: Edit user accounts to use this shell script as user’s shell
Modify user accounts using usermod to set the shell to /sbin/sftp-only so that when user tries to SSH to the server, the shell script will display the “Sorry, ssh access not allowed.” message. And when the user tries to connect to the server via a SFTP client, the shell script will get executed and it will start the SFTP server for the user.
Test your console if it can display 256 colors with Perl
With this script you can test which colors your console can display.
You will simply see all the supported colors on your console.
#!/usr/bin/perl # Author: Todd Larason <jtl@molehill.org> # $XFree86: xc/programs/xterm/vttests/256colors2.pl,v 1.1 1999/07/11 08:49:54 dawes Exp $ # use the resources for colors 0-15 - usually more-or-less a # reproduction of the standard ANSI colors, but possibly more # pleasing shades # colors 16-231 are a 6x6x6 color cube for ($red = 0; $red < 6; $red++) { for ($green = 0; $green < 6; $green++) { for ($blue = 0; $blue < 6; $blue++) { printf("\x1b]4;%d;rgb:%2.2x/%2.2x/%2.2x\x1b\\", 16 + ($red * 36) + ($green * 6) + $blue, int ($red * 42.5), int ($green * 42.5), int ($blue * 42.5)); } } } # colors 232-255 are a grayscale ramp, intentionally leaving out # black and white for ($gray = 0; $gray < 24; $gray++) { $level = ($gray * 10) + 8; printf("\x1b]4;%d;rgb:%2.2x/%2.2x/%2.2x\x1b\\", 232 + $gray, $level, $level, $level); } # display the colors # first the system ones: print "System colors:\n"; for ($color = 0; $color < 8; $color++) { print "\x1b[48;5;${color}m "; } print "\x1b[0m\n"; for ($color = 8; $color < 16; $color++) { print "\x1b[48;5;${color}m "; } print "\x1b[0m\n\n"; # now the color cube print "Color cube, 6x6x6:\n"; for ($green = 0; $green < 6; $green++) { for ($red = 0; $red < 6; $red++) { for ($blue = 0; $blue < 6; $blue++) { $color = 16 + ($red * 36) + ($green * 6) + $blue; print "\x1b[48;5;${color}m "; } print "\x1b[0m "; } print "\n"; } # now the grayscale ramp print "Grayscale ramp:\n"; for ($color = 232; $color < 256; $color++) { print "\x1b[48;5;${color}m "; } print "\x1b[0m\n";
How to set UTF-8 as system default on FreeBSD
Setting UTF-8 support on FreeBSD as a default is quite simple.
Edit the file /etc/login.conf and add these two lines to the default block, note the trailing backslash! You need to close all lines except the last one with a backslash.
:charset=UTF-8:\ :lang=en_US.UTF-8:
Save the file and run the following command:
/usr/bin/cap_mkdb /etc/login.conf
Now logout and login and you have a UTF-8 aware shell 
In case you use GNU Screen you should not have to worry about changes in the .screensrc like defutf8 on. Just leave them default and it should work fine.
In case some programs run into problems it might be required to change another line in login.conf:
Locate:
:setenv=MAIL=/var/mail/$,BLOCKSIZE=K,FTP_PASSIVE_MODE=YES:\
Change to
:setenv=MAIL=/var/mail/$,BLOCKSIZE=K,FTP_PASSIVE_MODE=YES,LC_COLLATE=C:\
The above should help you out to fix UTF-8 on your SSH console and such, another thing you need to add to your kernel options is this:
options TEKEN_UTF8
Note that you might need to adjust /etc/ttys and change 'cons25' to 'xterm'.
Shellproxy, an easy tool to run shell commands from PHP or other languages
This is a simple script that runs a shell command from PHP with the function system().
It sometimes happens that a command doesn't close the stdin or stdout, resulting the system() function to halt and wait for it to finish...
This causes PHP to reach the 30 second time limit and kill the script.
This script runs it in the background and you could make your commands send their output to a log file and still having full control.
Read the code below how to use it.
You can compile it by placing the code into shellproxy.c and then compile it with the following command:
gcc -o shellproxy shellproxy.c
I hope this is something useful for you as it was for me.
#include <stdio .h> #include <stdlib .h> #include <string .h> int main(int argc, char *argv[]) { char command[1024]; int t; if (argc == 1) { printf("nShell Proxyn"); printf("By Marius van Witzenburg <http ://kitara.nl>nn"); printf("You will mostly use this program from PHP or any othern"); printf("webscripting language to background run programsnn"); printf("Usage:n"); printf("- CLI:n"); printf("shellproxy "<cmd> <arg>"n"); printf("shellproxy "<cmd> <arg> > redirect.txt"n"); printf("- PHP:n"); printf("system('shellproxy "<cmd> <arg> &"');n"); printf("system('shellproxy "<cmd> <arg> > redirect.txt"');nn"); } command[0] = 0; for (t = 1; t < argc; t++) { strcat(command, argv[t]); strcat(command, " "); } fclose(stdin); fclose(stdout); fclose(stderr); system(command); }
It would be nice if you keep my name mentioned into this code if you use it.
Ps. Donations are welcome...
Donations
Follow Me!
Categories
- BSD / Linux / Unix (76)
- Fun (1)
- General (4)
- How to (95)
- Lovebirds (6)
- Mac OS X (24)
- Webdevelopment (31)
Random Quote
Backup early, backup often!