Name: Tronstad
IP: 212.83.187.132 (main public IPv4 of Ysul)
Ports: 21 (public FTP), 5022 (SSH)
Description
Description
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Resolved | dereckson | T167 Create a jail on Ysul to serve files like the Jenks backup | |||
| Resolved | dereckson | T168 Installed debootstrap-1.0.64 on Ysul | |||
| Resolved | dereckson | T177 Install ezjail on Ysul | |||
| Resolved | dereckson | T181 Configure ezjail for a base jail environment | |||
| Resolved | dereckson | T182 Enable ZFS in /etc/rc.conf on Ysul |
Event Timeline
Comment Actions
Maybe we could use this opportunity to recreate the Theyk Debian GNU/kFreeBSD experiment?
Comment Actions
IMPORTANT: We're dropping Debian GNU/kFreeBSD support and moving in another direction for this task.
Same applies here:
- Should be a pure FreeBSD jail
- Naming is inconsistent — A Nasqueron machine hostname should be a proper name from The Algebraist. Yet, Tronstad came from the cyberpunk name generator. This generator provides great names like Zemke-Rhyne but isn't suitable for the Nasqueron servers naming scheme.
Comment Actions
Two tested ways to create such jail:
http://www.maxlor.com/howto-jailed-sftp.shtml- https://github.com/junovitch/my-freebsd-build/blob/master/anonymous-ftp-jail-HOWTO
[Edit: I strike the first, it's a jail with dedicated accounts to use as SFTP]
Comment Actions
IMPORTANT: We enabled as experimental feature incoming write folder to see if public write folders FTP are safe again in 2014. security
DNS configuration
ftp.nasqueron.org. 86400 IN CNAME www1.nasqueron.org.
Jail configuration
- Hostname: ftp.nasqueron.org
- IP: 212.83.187.132
- Services installed: ftpd (--ASll)
- FTP configuration: world-readable pub/ etc/, world-writable incoming/
- Installation log:
Comment Actions
Previous comment were for the FTP part, now the SFTP one.
/etc/rc.conf.local
sshd_enable="YES" sshd_flags="-p 5022"
SSH Server
$ sshd start Generating RSA1 host key. 2048 92:6a:e4:e9:db:a8:fc:8a:69:39:dc:e5:bf:4c:d5:aa root@ftp.nasqueron.org (RSA1) Generating RSA host key. 2048 db:d9:33:0c:34:8d:16:83:9b:92:c4:4d:73:5b:05:4f root@ftp.nasqueron.org (RSA) Generating DSA host key. 1024 9f:a5:ae:80:09:f9:23:23:05:6d:bb:6f:1b:e5:14:e2 root@ftp.nasqueron.org (DSA) Generating ECDSA host key. 256 c4:76:f9:76:b8:68:ec:2c:88:dd:7d:f9:62:59:d8:e8 root@ftp.nasqueron.org (ECDSA) Performing sanity check on sshd configuration. Starting sshd.
DNS configuration
$ ssh-keygen -r ftp.nasqueron.org ftp.nasqueron.org IN SSHFP 1 1 4f06fd082d9d5dade6c9963fdf6143bdd04c4f5a ftp.nasqueron.org IN SSHFP 1 2 8deb6ef3094b48e61a68fb77b74067a897502599ee618c2a59d9f18a3064fbec ftp.nasqueron.org IN SSHFP 2 1 cd6a74b9b4a5e3b1b477e67bd6c2f7ebc014e22b ftp.nasqueron.org IN SSHFP 2 2 abc3443972218b8f48f2956409c34aed91f018522d3614b7609b3e1da32a5b86 ftp.nasqueron.org IN SSHFP 3 1 3de9c438d62f2216f36c430eaecdaf5a98f7507a ftp.nasqueron.org IN SSHFP 3 2 02a4fc398eae41955dfbaeb141dbc0dec00f0d7d03c9fcdb1449e323b0e52d06
Jenks backup
An account jenksbak has been created, with plaintext password available at K17.
It's so possible to use ssh -p5022 jenksbak@ftp.nasqueron.org.
Nginx configuration on Ysul
ftp.nasqueron.org is served by Ysul nginx:
# Requested by Dereckson
# Requested at 1417520580
server {
listen 80;
listen [2001:470:1f12:9e1::2]:80;
listen [2001:470:1f13:9e1:0:c0ff:ee:1]:80;
server_name ftp.nasqueron.org;
access_log /var/log/www/nasqueron.org/ftp-access.log main;
error_log /var/log/www/nasqueron.org/ftp-error.log;
root /usr/local/jails/ftp.nasqueron.org/var/ftp;
index index.html index.htm default.html default.htm;
autoindex on;
autoindex_exact_size off;
}Comment Actions
Accounts UID have been jump to 5001, 5002, etc. to avoid user accounts conflicts between jails (and host).
With T193 we're in production with this feature, all works fine.