Help with Remote Login

Discussion in 'Mac OS X Server, Xserve, and Networking' started by tedro, Jun 21, 2015.

  1. tedro macrumors newbie

    Joined:
    Jun 21, 2015
    #1
    Hi,

    I don't run the server osx, but thought i should ask here, thank you:)

    What do I need to do or change so that when a user is setup with Remote Access (via Sharing pane) it only allows them to see their own Home folder?
    Currently, they go to /!!! yikes.
    I want them to be able see ONLY their Home Dir.

    Something I need to add to ssh config or something?

    Help?
     
  2. Altemose macrumors G3

    Altemose

    Joined:
    Mar 26, 2013
    Location:
    Elkton, Maryland
    #2
    @tedro You can configure share points in the "File Sharing" pane under System Preferences --> Sharing.
     
  3. tedro thread starter macrumors newbie

    Joined:
    Jun 21, 2015
    #3
    thanks! can i get some more info on that, please?
    all i see under Sharing is where i can "Allow Access For" > "Only These Users".
    i don't see where i can assign the share point?
     
  4. Altemose macrumors G3

    Altemose

    Joined:
    Mar 26, 2013
    Location:
    Elkton, Maryland
    #4
    I am away from my Mac right now but you should see two white panes. On the left it will say "John Doe's Public Folder". Select it and hit the minus sign and add the folder you want by hitting the plus sign. Then you can set your permissions on the right pane by allowing all users or only some.
     
  5. tedro thread starter macrumors newbie

    Joined:
    Jun 21, 2015
    #5
    on os x client? i'm not on os x server, just a reminder.
     
  6. Altemose macrumors G3

    Altemose

    Joined:
    Mar 26, 2013
    Location:
    Elkton, Maryland
    #6
    Yes.
     
  7. tedro thread starter macrumors newbie

    Joined:
    Jun 21, 2015
    #7
    OK! yes yes yes.
    check this, the source of my question:

    i made a new user (non admin) for a friend to test something for me.
    he logged in using ssh Remote Login and was dropped in at /.
    are you saying (i know i should just try it) that had i also listed his home dir in that pane you refer to, ot wouod drop him in at his ~/ (only)?
     
  8. tedro thread starter macrumors newbie

    Joined:
    Jun 21, 2015
    #8
    also, i'm talking about ssh connections ...from outside?

    i just tried it and the user is dropped into his ~/ but he can still back into /.

    i did see when creating the user that i can choose standard or share only...let me try share only....
     
  9. tedro thread starter macrumors newbie

    Joined:
    Jun 21, 2015
    #9
    if you don't mind--THANK YOU--do you why the host machine sometimes changes its local address, e.g.:
    10.0.1.7 and then it could be 10.0.1.8 ?

    can i stop that?

    brb
     
  10. tedro, Jul 2, 2015
    Last edited: Jul 2, 2015

    tedro thread starter macrumors newbie

    Joined:
    Jun 21, 2015
    #10
    yes, it eeems that a Sharing Only user is not assignable and cannot ssh in.

    so, from my reply above:
    i create a standard user, ensble them under Remote Login;
    in the Sharing sharepoint pane...add the new user's home dir.
    when they login using ssh from outside, they first go to their home, but they can still back up into /.
    what am i doing wrong?
     
  11. Altemose macrumors G3

    Altemose

    Joined:
    Mar 26, 2013
    Location:
    Elkton, Maryland
    #11
    @tedro A client will change its IP unless you either set it up with a static IP configuration or use a DHCP reservation on the router. Do you want SMB or AFP for file sharing?
     
  12. tedro, Jul 2, 2015
    Last edited: Jul 2, 2015

    tedro thread starter macrumors newbie

    Joined:
    Jun 21, 2015
    #12
    yes, AFP. that's more secure than SMB, right? anyway, no Windows clients.
    so, i've been using AFP--i, my account, can ssh in fine, but, then, i'm not concerned about my access to /. i just want to stop others'!

    p.s. hmmm...dhcp reservation.
     
  13. tedro, Jul 2, 2015
    Last edited: Jul 2, 2015

    tedro thread starter macrumors newbie

    Joined:
    Jun 21, 2015
    #13
    THE FOLLOWING MESSAGE IS HEREBY DELETED ;)

    possibly off topic: i decuded to run Disk Util and do a perms repair.
    one message i got is:
    WARNING: SUID file "System/Library/Filesystems/AppleShare/afpLoad" has been modified and will not be repaired.
    ok? off topic? no worries. i can use a Terminal, btw. just saying.

    thanks so much
     
  14. Altemose macrumors G3

    Altemose

    Joined:
    Mar 26, 2013
    Location:
    Elkton, Maryland
    #14
    Opening any ports with direct access to your machine is insecure but unless you ran a VPN it is hard to get around.
     
  15. tedro thread starter macrumors newbie

    Joined:
    Jun 21, 2015
    #15
    yes, i understand.

    any hope for making it so a user ssh'ing in only sees his home folder?

    thanks
     
  16. Altemose macrumors G3

    Altemose

    Joined:
    Mar 26, 2013
    Location:
    Elkton, Maryland
    #16
    A standard account will only access the folder you setup in System Preferences --> File Sharing. An administrator account will see the whole drive.
     
  17. tedro, Jul 2, 2015
    Last edited: Jul 2, 2015

    tedro thread starter macrumors newbie

    Joined:
    Jun 21, 2015
    #17
    so,
    create standard user
    turn on Remote Login for user
    turn on File Sharing and in the Shared Folders pane click + and navigate to the user's home dir.

    user connects over internet via ssh client, Cyberduck, etc.
    user only has access to his home dir?

    edit: i'm doing exactly that, but user can see everything. :-(

    p.s. isn't the File Sharing prefpane only related to local network use, i mean, does also configure Remote Login?
     
  18. tedro thread starter macrumors newbie

    Joined:
    Jun 21, 2015
    #18
    Sharing > File Sharing is only for local network access.
    and that *does* only take the user to his home, only.

    as i've been saying: ssh (Remote Login) via internet--from outside the local network. the same standard user can see everything...which i don't want.

    perhaps something in ssh config, or something, could be modified.
     
  19. Altemose macrumors G3

    Altemose

    Joined:
    Mar 26, 2013
    Location:
    Elkton, Maryland
    #19
    @tedro If the user has an administrator account they will see everything. Only standard accounts are bound by your settings.
     
  20. tedro thread starter macrumors newbie

    Joined:
    Jun 21, 2015
    #20
    for File Sharing yes, for Remote Access no, apparently, on 10.5.6 client.

    i'll write back if i learn more. :-|

    thanks for your time and efforts, very much.
     
  21. Altemose macrumors G3

    Altemose

    Joined:
    Mar 26, 2013
    Location:
    Elkton, Maryland
    #21
    @tedro What type of account is remotely connecting to this Mac?
     
  22. tedro, Jul 2, 2015
    Last edited: Jul 2, 2015

    tedro thread starter macrumors newbie

    Joined:
    Jun 21, 2015
    #22
    *Standard*. i am the only admin.
    e.g.:
    sftp://username@IP_address:22

    check this:
    http://apple.stackexchange.com/questions/41652/create-a-remote-only-user-in-os-x

    seems one would need to create a jail by modifying ssh_config. as i suspected.

    believe it or not i used to be a mac tech...i think i knew this! i'm just gettimg back into it lately.

    i have old friend who runs an osx network whom i've mailed.
     
  23. Altemose macrumors G3

    Altemose

    Joined:
    Mar 26, 2013
    Location:
    Elkton, Maryland
    #23
    Is there a reason why you don't just use the File Sharing panel then? If I understand correctly all you want to do is share the home folder of that one user.
     
  24. tedro thread starter macrumors newbie

    Joined:
    Jun 21, 2015
    #24
    i don't want to use it. i want the Remote user to ssh into it...and only it.
    that article explains it. the guy posting is asking virtually the same thing i'm asking:
    "I'd like to create a user on OS X that has remote ssh login privileges where they can access a certain folder /path/to/the/goods/ and add/modify/delete files manually or via rsync while the rest of the Mac is off limits (outside their home directory)."

    apparently, you have to create a chroot jail in ssh_ config, for the user.
     
  25. Altemose macrumors G3

    Altemose

    Joined:
    Mar 26, 2013
    Location:
    Elkton, Maryland
    #25
    @tedro Those steps are for OS X Server. To my knowledge the only option is to use the File Sharing pane which would work just fine.
     

Share This Page