This is a very common scenario: you want to setup SSH access for an untrusted user, but strictly limit his capabilities to SFTP (or scp).
Usually the requirements are just two:
- The user can only access your machine to run the SFTP command, no other uses of the SSH service will be allowed for this user
- The user can only access a very restricted environment and not break outside of it (so he cannot access files that he’s not supposed to access)
Depending on the degree of untrustyness, you may also want to avoid DoS attacks on the service, but for this, the best measure is the hardening of the whole SSH service.
Continue reading “How to setup isolated sftp-only access for untrusted users”
Running a server in your home network is a great addition to your digital life. There are countless of uses that you can make of it: from testing your personal projects to controlling home automation systems. But even if it is just for storing your files, like your personal DropBox, or for media services, a permanent point of presence completely under your control will give you extreme flexibility.
When it comes to services, I run everything in Docker and this is a list of the 5 applications that I find most useful for a home server.
Continue reading “Five essential Docker containers for your home server”
I’ve been happily running FreeNAS on my server for quite some time now, I am a fan of ZFS and I’ve used it to great advantage both at home and at work.
After its good service and with ZFS on Linux becoming stable, I have decided to move away from FreeNAS and install a plain Ubuntu 16.04 server image to play with docker and ansible and enjoy destroying and re-spawning my ephemeral service instances in seconds!
Continue reading “Install owncloud with docker, ZFS and ansible”