How to setup isolated sftp-only access for untrusted users

This is a very common scenario: you want to setup SSH access for an untrusted user, but strictly limit his capabilities to SFTP (or scp).

Usually the requirements are just two:

  • The user can only access your machine to run the SFTP command, no other uses of the SSH service will be allowed for this user
  • The user can only access a very restricted environment and not break outside of it (so he cannot access files that he’s not supposed to access)

Depending on the degree of untrustyness, you may also want to avoid DoS attacks on the service, but for this, the best measure is the hardening of the whole SSH service.

Continue reading “How to setup isolated sftp-only access for untrusted users”

Advertisements

Five essential Docker containers for your home server

Running a server in your home network is a great addition to your digital life. There are countless of uses that you can make of it: from testing your personal projects to controlling home automation systems. But even if it is just for storing your files, like your personal DropBox, or for media services, a permanent point of presence completely under your control will give you extreme flexibility.

When it comes to services, I run everything in Docker and this is a list of the 5 applications that I find most useful for a home server.

Continue reading “Five essential Docker containers for your home server”

Install owncloud with docker, ZFS and ansible

I’ve been happily running FreeNAS on my server for quite some time now, I am a fan of ZFS and I’ve used it to great advantage both at home and at work.

After its good service and with ZFS on Linux becoming stable, I have decided to move away from FreeNAS and install a plain Ubuntu 16.04 server image to play with docker and ansible and enjoy destroying and re-spawning my ephemeral service instances in seconds!

Continue reading “Install owncloud with docker, ZFS and ansible”

Quickly setup powerline for bash in ubuntu

Powerline can do many things and it is very configurable.

I wrote a small script in case you just want to power-up your bash prompt and do it without a lot of manual steps.

This is what you will get:

Get it done!

Read the README file first, then:

(you may need to install git first, or just copy and paste the script somewhere from the repo… it will anyway install git)

git clone git@github.com:vincepii/ubuntu-powerline-bash.git
cd ubuntu-powerline-bash
./install.sh

Feel free to improve the script.

Repository on GitHub: https://github.com/vincepii/ubuntu-powerline-bash

How to setup a VPN server in a FreeNAS jail

This post is not about configuring FreeNAS to connect to a VPN, but about running a VPN server inside FreeNAS, so you will be able to access all your jails and every host on your local (home) network from the outside, using the secure VPN tunnel.

Using a VPN connection is like sending a mail envelope inside another one: the external envelope is addressed to your VPN endpoint (the server), and only the server can extract the internal envelope and process it (i.e., forward it to the specified address) as if it originated locally (thus you can access private addresses on your local network). Replies will be sent back on the tunnel by securely re-encapsulating them in an external envelope.

So, after you are connected to your VPN, you can for example

ssh root@192.168.0.1

(or whatever addresses you are using) through the Internet.

Continue reading “How to setup a VPN server in a FreeNAS jail”

Building a new fanless and silent server and NAS

I wanted a low-power micro server to have a permanent personal point of presence online to support my own operations. Main usages range from hosting some Git repositories to sync my data on OwnCloud and run HTTP servers.

Using a single board PC (raspberry-pi style) was a bit limiting as I wanted to have ZFS running with at least a mirrored zpool (so I needed SATA connectors and at least 8 GB of RAM).

Another requirement was low power consumption: I don’t want to notice the effect of this thing on my power bill.

Last important requirement was silence: I will have to sleep in the same room as my server. So, I decided for a completely fanless design, which also (necessarily) conciliates the low power consumption.

Shopping list

With a budget in mind of < 400 Euro, this is what I bought:

Continue reading “Building a new fanless and silent server and NAS”