Page MenuHomeDevCentral

Create a jail on Ysul to serve files like the Jenks backup
Closed, ResolvedPublic

Description

Name: Tronstad
IP: 212.83.187.132 (main public IPv4 of Ysul)
Ports: 21 (public FTP), 5022 (SSH)

Event Timeline

dereckson created this task.Nov 28 2014, 17:23
dereckson claimed this task.
dereckson raised the priority of this task from to High.
dereckson updated the task description. (Show Details)
dereckson added a project: Servers.
dereckson added a subscriber: dereckson.

Maybe we could use this opportunity to recreate the Theyk Debian GNU/kFreeBSD experiment?

dereckson renamed this task from Create a jail on Ysul to serve Jenks backup to Create a jail on Ysul to serve files like the Jenks backup.Nov 28 2014, 17:36
dereckson updated the task description. (Show Details)
IMPORTANT: We're dropping Debian GNU/kFreeBSD support and moving in another direction for this task.
In T168#843, @dereckson wrote:

Rollbacked — We studied the interest of this move during the night. After reviewed the situation with this September 26 announce and the November decision, the lack of use of Theyk, maintain a kFreeBSD environment isn't a current priority.

Same applies here:

  • Should be a pure FreeBSD jail
  • Naming is inconsistent ­— A Nasqueron machine hostname should be a proper name from The Algebraist. Yet, Tronstad came from the cyberpunk name generator. This generator provides great names like Zemke-Rhyne but isn't suitable for the Nasqueron servers naming scheme.
dereckson updated the task description. (Show Details)Nov 29 2014, 09:51
dereckson added a comment.EditedNov 29 2014, 10:25

Two tested ways to create such jail:

[Edit: I strike the first, it's a jail with dedicated accounts to use as SFTP]

dereckson added a project: security.EditedDec 2 2014, 11:21
IMPORTANT: We enabled as experimental feature incoming write folder to see if public write folders FTP are safe again in 2014. security

DNS configuration

ftp.nasqueron.org.	86400	IN	CNAME	www1.nasqueron.org.

Jail configuration

  • Hostname: ftp.nasqueron.org
  • IP: 212.83.187.132
  • Services installed: ftpd (--ASll)
  • FTP configuration: world-readable pub/ etc/, world-writable incoming/
  • Installation log:
dereckson added a comment.EditedDec 3 2014, 16:20

Previous comment were for the FTP part, now the SFTP one.

/etc/rc.conf.local

sshd_enable="YES"
sshd_flags="-p 5022"

SSH Server

$ sshd start
Generating RSA1 host key.
2048 92:6a:e4:e9:db:a8:fc:8a:69:39:dc:e5:bf:4c:d5:aa  root@ftp.nasqueron.org (RSA1)
Generating RSA host key.
2048 db:d9:33:0c:34:8d:16:83:9b:92:c4:4d:73:5b:05:4f  root@ftp.nasqueron.org (RSA)
Generating DSA host key.
        1024 9f:a5:ae:80:09:f9:23:23:05:6d:bb:6f:1b:e5:14:e2  root@ftp.nasqueron.org (DSA)
Generating ECDSA host key.
256 c4:76:f9:76:b8:68:ec:2c:88:dd:7d:f9:62:59:d8:e8  root@ftp.nasqueron.org (ECDSA)
Performing sanity check on sshd configuration.
Starting sshd.

DNS configuration

$ ssh-keygen -r ftp.nasqueron.org
ftp.nasqueron.org IN SSHFP 1 1 4f06fd082d9d5dade6c9963fdf6143bdd04c4f5a
ftp.nasqueron.org IN SSHFP 1 2 8deb6ef3094b48e61a68fb77b74067a897502599ee618c2a59d9f18a3064fbec
ftp.nasqueron.org IN SSHFP 2 1 cd6a74b9b4a5e3b1b477e67bd6c2f7ebc014e22b
ftp.nasqueron.org IN SSHFP 2 2 abc3443972218b8f48f2956409c34aed91f018522d3614b7609b3e1da32a5b86
ftp.nasqueron.org IN SSHFP 3 1 3de9c438d62f2216f36c430eaecdaf5a98f7507a
ftp.nasqueron.org IN SSHFP 3 2 02a4fc398eae41955dfbaeb141dbc0dec00f0d7d03c9fcdb1449e323b0e52d06

Jenks backup
An account jenksbak has been created, with plaintext password available at K17.

It's so possible to use ssh -p5022 jenksbak@ftp.nasqueron.org.

Nginx configuration on Ysul
ftp.nasqueron.org is served by Ysul nginx:

# Requested by Dereckson
# Requested at 1417520580
server {
    listen          80;
    listen          [2001:470:1f12:9e1::2]:80;
    listen          [2001:470:1f13:9e1:0:c0ff:ee:1]:80;

    server_name     ftp.nasqueron.org;
    access_log      /var/log/www/nasqueron.org/ftp-access.log main;
    error_log       /var/log/www/nasqueron.org/ftp-error.log;

    root            /usr/local/jails/ftp.nasqueron.org/var/ftp;
    index           index.html index.htm default.html default.htm;
    autoindex       on;
    autoindex_exact_size off;
}
dereckson closed this task as Resolved.Dec 11 2014, 09:22

Accounts UID have been jump to 5001, 5002, etc. to avoid user accounts conflicts between jails (and host).

With T193 we're in production with this feature, all works fine.