How to use and SFTP storage with the webgui using certificates (video)

sftp
web-ui

#1

#2

This is a great video.

Just one recommendation, for security in general…

When you create that .ssh directory, it’s good practice to lock it down as well as the authorized_keys file. i.e.: chmod -R og= ~/.ssh (or 0700).


#3

I did this in the video for the authorized key file.
0600
If this key gets lost what should happen?
this is a public key.


#4

It’s not about if it gets lost, it’s also to prevent other users/groups accessing your .ssh directory and installing their own backdoor. It’s good security practice. :slight_smile:


#5

Thanks I will check the folder


#6

In fact, by default, properly configured sshd will not authenticate the user if the permissions on these files are not set correctly. You can relax this requirement of course (by setting StrictModes no in sshd_config) but it’s a bad idea to do so, since as @Droolio said, if anyone can write there – anyone can impersonate you.

From the man page:

 StrictModes
         Specifies whether sshd(8) should check file modes and ownership of the user's files and home directory before accepting login.  This is normally desirable because
         novices sometimes accidentally leave their directory or files world-writable.  The default is yes.  Note that this does not apply to ChrootDirectory, whose permissions
         and ownership are checked unconditionally.

The expected permissions are 700 on ~/.ssh and 600 on ~/.ssh/authorized_keys