Adding Maven Repo to Website (rootjail)

Submitted by code_admin on Mon, 07/23/2018 - 15:05

Steps I took to add an Internal Maven Repo to my memset website.

Used this tutorial to create a restricted SSH user which can upload files
https://passingcuriosity.com/2014/openssh-restrict-to-sftp-chroot/
then SFTP didn't work so I followed
http://askubuntu.com/questions/93411/simple-easy-way-to-jail-users

  1. sudo addgroup maven_repo

Now alter sshd config NOT NEEDED TO ALTER
/etc/ssh/sshd_config

  1. #Match Group maven_repo
  2.  # # Force the connection to use SFTP and chroot to the required directory.
  3.  # ###ForceCommand internal-sftp SFTP DIDNt work with maven deploy
  4.  # ChrootDirectory /var/sub/maven_repo
  5.  # # Disable tunneling, authentication agent, TCP and X11 forwarding.
  6.  # PermitTunnel no
  7.  # AllowAgentForwarding no
  8.  # AllowTcpForwarding no
  9.  # X11Forwarding no

Add the user

  1. sudo adduser --ingroup maven_repo maven_repo

Use long password but no need to keep it.

Drop in authorized_keys file:

  1. mkdir /home/maven_repo/.ssh
  2. echo ssh-rsa AAA robert@catness > /home/maven_repo/.ssh/authorized_keys
  1. TMPDIR=~/tmpxxx
  2. JAILROOT=/var/sub/maven_repo
  3. JAILEDUSER=maven_repo
  4.  
  5. mkdir ${TMPDIR}
  6. cd ${TMPDIR}
  7.  
  9. tar -zxvf jailkit-2.17.tar.gz
  10. cd jailkit-2.17
  11. ./configure
  12. make
  13. make install
  14.  
  15.  
  16.  
  17. cd ~
  18. rm -rf ${TMP_DIR}
  19.  
  20.  
  21. chown -R ${JAILEDUSER} ${JAILROOT}
  22. chgrp -R ${JAILEDUSER} ${JAILROOT}
  23. chown root ${JAILROOT}
  24. chgrp root ${JAILROOT}
  25.  
  26. jk_init -v ${JAILROOT} basicshell
  27. jk_init -v ${JAILROOT} netutils
  28. jk_init -v ${JAILROOT} ssh
  29. jk_init -v ${JAILROOT} jk_lsh
  30. jk_init -v ${JAILROOT} scp
  31.  
  32.  
  33. jk_jailuser -m -j ${JAILROOT} ${JAILEDUSER}
  34.  
  35. jk_cp -v -f ${JAILROOT} /bin/bash

Edit the ${JAILROOT}/etc/passwd file so the user ${JAILEDUSER} points to bash:

  1. maven_repo:x:1003:1000:,,,:/home/maven_repo:/bin/bash

Add public directory

  1. mkdir ${JAILROOT}/public
  2. chown ${JAILEDUSER} ${JAILROOT}/public
  3. chgrp ${JAILEDUSER} ${JAILROOT}/public
  4.  
  5. mkdir ${JAILROOT}/public_snapshots
  6. chown ${JAILEDUSER} ${JAILROOT}/public_snapshots
  7. chgrp ${JAILEDUSER} ${JAILROOT}/public_snapshots
  1. sudo service ssh restart

Add authorised keys to /var/sub/maven_repo/home/maven_repo/.ssh

Test
SSH:
ssh maven_repo@metcarob.com -p 7456

sftp -P7456 maven_repo@metcarob.com

Add gosecure directory so lets encrypt works:

  1. mkdir /var/sub/gosecure_maven_repo
  2. cd /var/sub/gosecure_maven_repo
  3. ln -s ../gosecure/index.php

added mvn.metcarob.com to my hosts file to point to server

added mvn.metcarob.com to /etc/apache2/sites-available/make_config.sh

  1. VAR_011_SITE_NAME=maven_repo
  2. VAR_011_SITE_HOST=mvn.metcarob.com
  3. VAR_011_SITE_ROOT=/var/sub/maven_repo/public/
  4. VAR_011_SITE_ROOT_NOSSL=/var/sub/gosecure_maven_repo
  5. VAR_011_SITE_EXTRA_OPTIONS=Indexes

run make_config
restart apache

a2ensite maven_repo.conf

check https://mvn.metcarob.com works

cd ~/letsencrypt

sudo ./letsencrypt-auto certonly --webroot -w /var/sub/dev_mylinkedthings -d dev.mylinkedthings.com -w /var/su****CUT OUT USE THIS PAGE FOR UP TO DATE CERT COMMAND****rob.com

service apache2 restart

Google Juice

ubuntu root jail

Tags

RJM Article Type
Work Notes