Allow scp/ssh for www-data user

linux ubuntu ssh amazon-ec2 users
25,474

Solution 1

On Debian, which Ubuntu is based on, the www-data user has /bin/sh as the default shell. To enable SFTP, you can create /var/www/.ssh/authorized_keys with you public key in it. The permissions on /var/www/.ssh should be 700, and the permissions on the authorized_keys file should be 600. You'll want to add the following to your http configuration to prohibit access to this directory.

<Directory /var/www/.ssh>
  Order Deny,Allow
  Deny from all
</Directory>

You can verify the www-data users settings (home dir, shell, etc) using getent passwd www-data.

Make sure your sshd_config has Subsystem sftp /usr/lib/openssh/sftp-server, and you'll probably want to set PasswordAuthentication no also.

Solution 2

This is kind of insecure. I would suggest you to upload to an intermediate area using another user and run a cron job from time to time to move stuff where it belogs and change its permissions accordingly.

If you really insist on logging on as www-data, you must use a ssh private key to do that (AFAIK EC2 instances only allow key authentication). You must also check that www-data has a valid shell on /etc/passwd and a valid home dir.

In the end, you can also try some solutions of this question.

Share:
25,474

Related videos on Youtube

Anup
Author by

Anup

(my about me is currently blank)

Updated on September 18, 2022

Comments

  • Anup
    Anup over 1 year

    I am on Amazon EC2 using Ubuntu 10.04.2

    My web folder is owned by www-data so I want to be able to log into my server as www-data for ssh and scp.

    Thanks!

    Adding the line to my /etc/ssh/sshd_config does not seem to work.

    AllowUsers www-data
  • Anup
    Anup about 13 years
    I was planning on using a ssh private key to do that. But if I use cron to copy the files over, wouldn't it be a bit slow because I would have to wait for the cron script to copy it over. Also, I wouldn't be able to upload files. What I really want is something like FTP for www-data but secure like scp.
  • coredump
    coredump about 13 years
    The other solutions I give are feasible, I only don't like the idea.
  • Aido
    Aido about 3 years
    WARNINGsudo usermod -G replaces all of your groups. You want sudo usermod -a -G. I almost lost sudo access on my server.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Amazon EC2 lost private key, how to get access to the server?
unable to connect to the aws ec2 instance,Host key verification failed
AWS Ec2 - Scp File Transfer Permission Denied
SSH to AWS EC2 issue - key_load_public: No such file or directory
SFTP failing with "Match Group" clause
How do i know if teamviewer executed successfully and get the session id and password?
How to connect to device via SSH over direct ethernet connection
different shell for root and non-root user
Restrict FTP user to a directory
SSH not landing in the home directory