Marius van Witzenburg » Shell

How to create SFTP-only user accounts to kill SSH access

mariusvw — Wed, 15 Jun 2011 16:22:25 +0000

Problem Statement
We wanted to create SFTP-only user accounts that cannot SSH into the server to run commands. There is no built-in approach to this problem that we can find so we created a simple shell script to solve it. Here we will discuss how it works.

Step 1: Create a shell script to run as the user’s shell

Create a shell script called /sbin/sftp-only as follows:

#!/bin/sh
 
if [ "$*" != "-c /usr/libexec/sftp-server" ]
then
    echo “Sorry, ssh access not allowed.”
    exit
fi
 
exec /usr/libexec/sftp-server

Step 2: Edit user accounts to use this shell script as user’s shell

Modify user accounts using usermod to set the shell to /sbin/sftp-only so that when user tries to SSH to the server, the shell script will display the “Sorry, ssh access not allowed.” message. And when the user tries to connect to the server via a SFTP client, the shell script will get executed and it will start the SFTP server for the user.

Test your console if it can display 256 colors with Perl

mariusvw — Sun, 12 Jun 2011 10:44:03 +0000

With this script you can test which colors your console can display.

You will simply see all the supported colors on your console.

#!/usr/bin/perl
# Author: Todd Larason 
# $XFree86: xc/programs/xterm/vttests/256colors2.pl,v 1.1 1999/07/11 08:49:54 dawes Exp $
 
# use the resources for colors 0-15 - usually more-or-less a
# reproduction of the standard ANSI colors, but possibly more
# pleasing shades
 
# colors 16-231 are a 6x6x6 color cube
for ($red = 0; $red < 6; $red++) {
	for ($green = 0; $green < 6; $green++) {
		for ($blue = 0; $blue < 6; $blue++) {
	    	printf("\x1b]4;%d;rgb:%2.2x/%2.2x/%2.2x\x1b\\",
		   	16 + ($red * 36) + ($green * 6) + $blue,
		   	int ($red * 42.5),
		   	int ($green * 42.5),
		   	int ($blue * 42.5));
		}
	}
}
 
# colors 232-255 are a grayscale ramp, intentionally leaving out
# black and white
for ($gray = 0; $gray < 24; $gray++) {
	$level = ($gray * 10) + 8;
	printf("\x1b]4;%d;rgb:%2.2x/%2.2x/%2.2x\x1b\\", 232 + $gray, $level, $level, $level);
}
 
 
# display the colors
 
# first the system ones:
print "System colors:\n";
for ($color = 0; $color < 8; $color++) {
	print "\x1b[48;5;${color}m  ";
}
print "\x1b[0m\n";
for ($color = 8; $color < 16; $color++) {
	print "\x1b[48;5;${color}m  ";
}
print "\x1b[0m\n\n";
 
# now the color cube
print "Color cube, 6x6x6:\n";
for ($green = 0; $green < 6; $green++) {
	for ($red = 0; $red < 6; $red++) {
		for ($blue = 0; $blue < 6; $blue++) {
	    	$color = 16 + ($red * 36) + ($green * 6) + $blue;
	    	print "\x1b[48;5;${color}m  ";
		}
		print "\x1b[0m ";
	}
	print "\n";
}
 
 
# now the grayscale ramp
print "Grayscale ramp:\n";
for ($color = 232; $color < 256; $color++) {
	print "\x1b[48;5;${color}m  ";
}
print "\x1b[0m\n";

How to set UTF-8 as system default on FreeBSD

mariusvw — Fri, 10 Jun 2011 06:45:32 +0000

Setting UTF-8 support on FreeBSD as a default is quite simple.

Edit the file /etc/login.conf and add these two lines to the default block, note the trailing backslash! You need to close all lines except the last one with a backslash.

    :charset=UTF-8:\
    :lang=en_US.UTF-8:

Save the file and run the following command:

/usr/bin/cap_mkdb /etc/login.conf

Now logout and login and you have a UTF-8 aware shell

In case you use GNU Screen you should not have to worry about changes in the .screensrc like defutf8 on. Just leave them default and it should work fine.

In case some programs run into problems it might be required to change another line in login.conf:

Locate:

:setenv=MAIL=/var/mail/$,BLOCKSIZE=K,FTP_PASSIVE_MODE=YES:\

Change to

:setenv=MAIL=/var/mail/$,BLOCKSIZE=K,FTP_PASSIVE_MODE=YES,LC_COLLATE=C:\

The above should help you out to fix UTF-8 on your SSH console and such, another thing you need to add to your kernel options is this:

options TEKEN_UTF8

Note that you might need to adjust /etc/ttys and change 'cons25' to 'xterm'.

Shellproxy, an easy tool to run shell commands from PHP or other languages

mariusvw — Tue, 02 Mar 2010 19:53:02 +0000

This is a simple script that runs a shell command from PHP with the function system().
It sometimes happens that a command doesn't close the stdin or stdout, resulting the system() function to halt and wait for it to finish...
This causes PHP to reach the 30 second time limit and kill the script.

This script runs it in the background and you could make your commands send their output to a log file and still having full control.

Read the code below how to use it.

You can compile it by placing the code into shellproxy.c and then compile it with the following command:

gcc -o shellproxy shellproxy.c

I hope this is something useful for you as it was for me.

#include 
#include 
#include 
 
int main(int argc, char *argv[]) {
    char command[1024];
    int t;
 
    if (argc == 1) {
        printf("nShell Proxyn");
        printf("By Marius van Witzenburg nn");
        printf("You will mostly use this program from PHP or any othern");
        printf("webscripting language to background run programsnn");
        printf("Usage:n");
        printf("- CLI:n");
        printf("shellproxy "<cmd> <arg>"n");
        printf("shellproxy "<cmd> <arg> > redirect.txt"n");
        printf("- PHP:n");
        printf("system('shellproxy "<cmd> <arg> &"');n");
        printf("system('shellproxy "<cmd> <arg> > redirect.txt"');nn");
    }
 
    command[0] = 0;
 
    for (t = 1; t < argc; t++) {
        strcat(command, argv[t]);
        strcat(command, " ");
    }
 
    fclose(stdin);
    fclose(stdout);
    fclose(stderr);
 
    system(command);
}

It would be nice if you keep my name mentioned into this code if you use it.

Ps. Donations are welcome...