tags: - sshfs - mount categories: - informational comments: true

date: 2021-12-26 00:00:00

DESCRIPTION

ERRORS

COMMANDS

openssh-server - secure shell (SSH) server, for secure access from remote machines

sshfs - filesystem client based on SSH File Transfer Protocol openssh-client - secure shell (SSH) client, for secure access to remote machines

fusermount -u /home/user/mnt
mkdir /home/this_userlogs
groupadd this_userlogs
useradd -d /home/this_userlogs -M -g this_userlogs -s /bin/rbash this_userlogs
chown root:root /home/this_userlogs
chmod 0755 /home/this_userlogs
id this_userlogs
uid=1016(this_userlogs) gid=1001(this_userlogs) groups=1001(this_userlogs)

grep this_userlogs /etc/passwd
this_userlogs:x:1016:1001::/home/this_userlogs:/bin/sh
mkdir /home/this_useruser /home/this_useruser/.ssh /home/this_useruser/bin
chown -R this_useruser:root /home/this_useruser
chmod 0500 /home/this_useruser
chmod 0700 /home/this_useruser/.ssh

mkdir /home/this_userlogs/app1_logs
mkdir /home/this_userlogs/app2_logs
mkdir /home/this_userlogs/app3_logs
chown this_userlogs:root /home/this_userlogs/app1_logs
chown this_userlogs:root /home/this_userlogs/app2_logs
chown this_userlogs:root /home/this_userlogs/app3_logs
chmod 0700 /home/this_userlogs/app1_logs
chmod 0700 /home/this_userlogs/app2_logs
chmod 0700 /home/this_userlogs/app3_logs
su - this_userlogs
cd /home/this_useruser/bin
#! /bin/bash
set -o pipefail
set -o nounset
set -o errexit

PATH=/bin:/usr/bin

LDIR="/home/this_userlogs/app1_logs"
RDIR="/opt/MGW/app1/logs"

COMM="this_userlogs@x.x.x.x"
ARG="-o ro,reconnect,ServerAliveInterval=15,ServerAliveCountMax=3 -o IdentityFile=/home/this_useruser/.ssh/id_rsa -o StrictHostKeyChecking=no"

mount | grep "${LDIR}" >/dev/null 2>&1 ||sshfs ${ARG} ${COMM}:${RDIR} ${LDIR}
#! /bin/bash
set -o pipefail
set -o nounset
set -o errexit

PATH=/bin:/usr/bin

LDIR="/home/this_userlogs/app2_logs"
RDIR="/opt/MGW/app2/apache-tomcat-9.0.54/logs"

COMM="this_userlogs@x.x.x.x"
ARG="-o ro,reconnect,ServerAliveInterval=15,ServerAliveCountMax=3 -o IdentityFile=/home/this_useruser/.ssh/id_rsa -o StrictHostKeyChecking=no"

mount | grep "${LDIR}" >/dev/null 2>&1 ||sshfs ${ARG} ${COMM}:${RDIR} ${LDIR}
#! /bin/bash
set -o pipefail
set -o nounset
set -o errexit

PATH=/bin:/usr/bin
LDIR="/home/this_userlogs/app3_logs"
RDIR="/opt/MGW/app1/remoteStorage"

COMM="this_userlogs@x.x.x.x"
ARG="-o ro,reconnect,ServerAliveInterval=15,ServerAliveCountMax=3 -o IdentityFile=/home/this_useruser/.ssh/id_rsa -o StrictHostKeyChecking=no"

mount | grep "${LDIR}" >/dev/null 2>&1 ||sshfs ${ARG} ${COMM}:${RDIR} ${LDIR}
#! /bin/bash
set -o pipefail
set -o errexit
set -o nounset

nc -w 20 -v -z x.x.x.x 22 >/dev/null 2>&1 || exit

if [ $(id -n -u) != "this_userlogs" ]; then
    exit 1
fi

/home/this_useruser/bin/app1-logs
/home/this_useruser/bin/app2-logs
/home/this_useruser/bin/app3-logs
@reboot     this_userlogs /usr/local/bin/mount-logs-this_useruser
*/8 * * * * this_userlogs /usr/local/bin/mount-logs-this_useruser
su - this_userlogs
cd /home/this_useruser/.ssh
ssh-keygen -f id_rsa

Copy .ssh/id_rsa.pub to rs01 server under appropriate user keys - app1_user & app2_user

# override default of no subsystems
# Subsystem     sftp    /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp

Match User this_userlogs
    ChrootDirectory %h
    ForceCommand internal-sftp
    AllowTCPForwarding no
    X11Forwarding no

## access the system cannot be restricted to sftp command or rbash, as folder
## traversing is required
#Match User app1_user
#    ChrootDirectory %h
#    ForceCommand internal-sftp
#    AllowTCPForwarding no
#    X11Forwarding no

VERIFICATION

sftp this_userlogs@y.y.y.y
Connected to y.y.y.y
sftp> cd /etc
Couldn't stat remote file: No such file or directory
sftp> ls
app1_logs       app2_logs       app3_logs  
sftp> cd app2_logs/
sftp> ls
sftp> put /etc/hosts
Uploading /etc/hosts to /app2_logs/hosts
remote open("/app2_logs/hosts"): Failure
sftp>