Add SSH keys for Users on One Domain (Virtual Server)

System: Ubuntu 18.14. with about 8 virtual servers, all on shared IP

1) I went to /home/##mydomain## 2) Created a folder: .ssh # permission 755 3) created file: authorized_keys # permission 644 4) pasted in the pub keys from (e.g) Paul, Rajan, Arjun

Now I would let to give, for this one domain only (home/##mydomain##), access via SFTP and ssh from terminal to just that one virtualMin server folder only: home/##mydomain##

I can get in because I have my pub key installed at /etc/ssh/.... etc

ssh root@##mydomain##

I end up some the root directory (not /home/##mydomain##)

I want these users to log in and the only folder they can see is "/home/##mydomain##"

a) Do I Need to add them as users in VirtualMin? b) There is no setting in the "Add Users" (for the one ##mydomain## VirtualServer, )

where I can say: "Allow this user access with SSH Keys" c) in the terminal, what would they put?

sss ####@##mydomain##

? SFTP is straight forward. Most FTP clients allow you to paste in the pub key into connection settings. That's all there is to it.

Status: 
Active

Comments

Howdy -- thanks for contacting us!

Whenever you log in as a user, it should always be placing you in what's considered to be the home directory for that user.

For example, if you look at /etc/passwd, and look for the user in question -- the home directory specified in there for that user should be the directory users see upon logging in.

Are you seeing a different directory than that when logging in though? Or is there just an unusual home directory setup for the user?

Let's say we have have a domain: www.nursery.com

with this:

/home/nursery/public_html # etc. , a virtual domain

where the admin user is "nursery@shared_ip"

I don't want to access the "box" server perse, just to this one domain.

Can't I just add a folder

/home/nursery/.ssh/authorized_keys # and put their keys on there? It that enough that they can log it?

Do they also need to be added to a Unix group in eg /etc/passwd.

I worry about access to the entire "box" .

I see in a virtual domain, I can add an FTP user. (but we only allow SFTP) Should I do that first, then their SSH will work?

Well, for the record, I was "overly thinking" how SSH keys work. It was very simple, there is no need to create users from anyone who sends you their pub key.

1) having created "/home/mydomain/.ssh/authorized_keys

2) add keys

3) then you just give them the same USER name as the Admin Owner, e,g MyOwnerUser, when the virtual domain was created, but not the password to that user (which can't be revoked, only changed)

4) because the domain was created with MyOwnerUser, I could see in the /etc/passwd file that user MyOwnerUser " is always be placing you in what's considered to be the home directory for that user."

5) so, .ssh keys are like "alternative passwords" for MyOwnerUser. (but they can be revoked easily)

6) In their SFTP application locally, they can access the site with their key, but they are "jailed" into /home/MyDomain as expected, having used the user MyOwnerUser

You can close this ticket