tags: - sshfs - mount categories: - informational comments: true
openssh-server - secure shell (SSH) server, for secure access from remote machines
sshfs - filesystem client based on SSH File Transfer Protocol openssh-client - secure shell (SSH) client, for secure access to remote machines
fusermount -u /home/user/mnt
mkdir /home/this_userlogs
groupadd this_userlogs
useradd -d /home/this_userlogs -M -g this_userlogs -s /bin/rbash this_userlogs
chown root:root /home/this_userlogs
chmod 0755 /home/this_userlogs
id this_userlogs
uid=1016(this_userlogs) gid=1001(this_userlogs) groups=1001(this_userlogs)
grep this_userlogs /etc/passwd
this_userlogs:x:1016:1001::/home/this_userlogs:/bin/sh
mkdir /home/this_useruser /home/this_useruser/.ssh /home/this_useruser/bin
chown -R this_useruser:root /home/this_useruser
chmod 0500 /home/this_useruser
chmod 0700 /home/this_useruser/.ssh
mkdir /home/this_userlogs/app1_logs
mkdir /home/this_userlogs/app2_logs
mkdir /home/this_userlogs/app3_logs
chown this_userlogs:root /home/this_userlogs/app1_logs
chown this_userlogs:root /home/this_userlogs/app2_logs
chown this_userlogs:root /home/this_userlogs/app3_logs
chmod 0700 /home/this_userlogs/app1_logs
chmod 0700 /home/this_userlogs/app2_logs
chmod 0700 /home/this_userlogs/app3_logs
su - this_userlogs
cd /home/this_useruser/bin
sshfs mount scripts
app1-logs
#! /bin/bash
set -o pipefail
set -o nounset
set -o errexit
PATH=/bin:/usr/bin
LDIR="/home/this_userlogs/app1_logs"
RDIR="/opt/MGW/app1/logs"
COMM="this_userlogs@x.x.x.x"
ARG="-o ro,reconnect,ServerAliveInterval=15,ServerAliveCountMax=3 -o IdentityFile=/home/this_useruser/.ssh/id_rsa -o StrictHostKeyChecking=no"
mount | grep "${LDIR}" >/dev/null 2>&1 ||sshfs ${ARG} ${COMM}:${RDIR} ${LDIR}
#! /bin/bash
set -o pipefail
set -o nounset
set -o errexit
PATH=/bin:/usr/bin
LDIR="/home/this_userlogs/app2_logs"
RDIR="/opt/MGW/app2/apache-tomcat-9.0.54/logs"
COMM="this_userlogs@x.x.x.x"
ARG="-o ro,reconnect,ServerAliveInterval=15,ServerAliveCountMax=3 -o IdentityFile=/home/this_useruser/.ssh/id_rsa -o StrictHostKeyChecking=no"
mount | grep "${LDIR}" >/dev/null 2>&1 ||sshfs ${ARG} ${COMM}:${RDIR} ${LDIR}
#! /bin/bash
set -o pipefail
set -o nounset
set -o errexit
PATH=/bin:/usr/bin
LDIR="/home/this_userlogs/app3_logs"
RDIR="/opt/MGW/app1/remoteStorage"
COMM="this_userlogs@x.x.x.x"
ARG="-o ro,reconnect,ServerAliveInterval=15,ServerAliveCountMax=3 -o IdentityFile=/home/this_useruser/.ssh/id_rsa -o StrictHostKeyChecking=no"
mount | grep "${LDIR}" >/dev/null 2>&1 ||sshfs ${ARG} ${COMM}:${RDIR} ${LDIR}
#! /bin/bash
set -o pipefail
set -o errexit
set -o nounset
nc -w 20 -v -z x.x.x.x 22 >/dev/null 2>&1 || exit
if [ $(id -n -u) != "this_userlogs" ]; then
exit 1
fi
/home/this_useruser/bin/app1-logs
/home/this_useruser/bin/app2-logs
/home/this_useruser/bin/app3-logs
@reboot this_userlogs /usr/local/bin/mount-logs-this_useruser
*/8 * * * * this_userlogs /usr/local/bin/mount-logs-this_useruser
su - this_userlogs
cd /home/this_useruser/.ssh
ssh-keygen -f id_rsa
Copy .ssh/id_rsa.pub
to rs01 server under appropriate user keys -
app1_user
& app2_user
/etc/ssh/sshd_config
# override default of no subsystems
# Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp
Match User this_userlogs
ChrootDirectory %h
ForceCommand internal-sftp
AllowTCPForwarding no
X11Forwarding no
## access the system cannot be restricted to sftp command or rbash, as folder
## traversing is required
#Match User app1_user
# ChrootDirectory %h
# ForceCommand internal-sftp
# AllowTCPForwarding no
# X11Forwarding no
sftp this_userlogs@y.y.y.y
Connected to y.y.y.y
sftp> cd /etc
Couldn't stat remote file: No such file or directory
sftp> ls
app1_logs app2_logs app3_logs
sftp> cd app2_logs/
sftp> ls
sftp> put /etc/hosts
Uploading /etc/hosts to /app2_logs/hosts
remote open("/app2_logs/hosts"): Failure
sftp>