How to: Manage SSH Shell Users¶
The InterWorx Control Panel allows server administrators the ability to easily manage SSH shell users from within NodeWorx. From the Shell Users page, it is possible to enable and disable shell users, change both the default and a user’s shell, change shell users’ passwords, and set jailed users.
It is recommended to exercise discretion when giving out shell access, even jailed shell access, to end users in shared hosting environments.
Contents
To Change the Default Shell¶
Note
This will change the default shell for all newly enabled accounts. It will not affect existing enabled shell users.
Log into NodeWorx from the browser (https://ip.ad.dr.ess:2443/nodeworx)
From NodeWorx, navigate to SiteWorx > Shell Users
At the bottom of the page, under More Options, click Default Shell. This opens the Shell Account Options form
Select the desired shell from the Default Shell dropdown
Click Update
To Enable a Shell User¶
When enabling a user’s shell, three distinct operations are performed:
The shell user’s password is set to the SiteWorx account password
The user’s shell is updated to the default shell setting
The account is enabled
Log into NodeWorx from the browser (https://ip.ad.dr.ess:2443/nodeworx)
From NodeWorx, navigate to SiteWorx > Shell Users
Click the checkmarked person next to the shell user. This opens the Confirmation form
Click Enable to confirm
It is also possible to enable more than one shell user at the same time:
Log into NodeWorx from the browser (https://ip.ad.dr.ess:2443/nodeworx)
From NodeWorx, navigate to SiteWorx > Shell Users
Select the checkbox next to the user(s)
Selecting the checkbox next to the With Selected dropdown will automatically select all
Select Enable from the With Selected dropdown
Click Go. This opens the Confirmation form
Click Enable to confirm
To Change a Shell User’s Shell¶
Log into NodeWorx from the browser (https://ip.ad.dr.ess:2443/nodeworx)
From NodeWorx, navigate to SiteWorx > Shell Users
If the shell user is not already enabled, see To Enable a Shell User
Click …. This opens an options form
Select Change Shell. This opens the Change Shell form
Select the desired shell from the Shell dropdown
Click Update
It is also possible to change the shell of more than one user at the same time:
Log into NodeWorx from the browser (https://ip.ad.dr.ess:2443/nodeworx)
From NodeWorx, navigate to SiteWorx > Shell Users
Select the checkbox next to the user(s)
Selecting the checkbox next to the With Selected dropdown will automatically select all
Select Change Shell from the With Selected dropdown
Click Go. This opens the Change Shell form
Select the desired shell from the Shell dropdown
Click Update
To Set a Jailed User¶
A jailed user has a very limited view of the file system and available Linux commands when logged in.
Log into NodeWorx from the browser (https://ip.ad.dr.ess:2443/nodeworx)
From NodeWorx, navigate to SiteWorx > Shell Users
If the shell user is not already enabled, see To Enable a Shell User
Click …. This opens an options form
Select Change Shell. This opens the Change Shell form
Select /usr/sbin/jk_chrootsh from the Shell dropdown
Click Update
To Change a Shell User’s Password¶
Log into NodeWorx from the browser (https://ip.ad.dr.ess:2443/nodeworx)
From NodeWorx, navigate to SiteWorx > Shell Users
If the shell user is not already enabled, see To Enable a Shell User
Click …. This opens an options form
Select Change Password. This opens the Change Shell Password form
Alternately, click the Magic Wand to automatically generate a new password
Update the Password and Confirm Password fields with the new password
Click Update
To View a Shell User’s History¶
Log into NodeWorx from the browser (https://ip.ad.dr.ess:2443/nodeworx)
From NodeWorx, navigate to SiteWorx > Shell Users
Click View next to the shell user. This opens a new window with the complete shell history of the shell user
To Disable a Shell User¶
Log into NodeWorx from the browser (https://ip.ad.dr.ess:2443/nodeworx)
From NodeWorx, navigate to SiteWorx > Shell Users
Click the crossed out person next to the shell user. This opens the confirmation form
Click Disable to confirm
It is also possible to disable more than one shell user at the same time:
Log into NodeWorx from the browser (https://ip.ad.dr.ess:2443/nodeworx)
From NodeWorx, navigate to SiteWorx > Shell Users
Select the checkbox next to the user(s)
Selecting the checkbox next to the With Selected dropdown will automatically select all
Select Disable from the With Selected dropdown
Click Go. This opens the Confirmation form
Click Disable to confirm
To Configure Multiple SSH Users per SiteWorx Account¶
InterWorx allows for the ability to have more than one SSH user per SiteWorx account. The SiteWorx account must have shell access in order to use this feature.
Enabling Multiple SSH Users¶
Log in to the server at the CLI as root, either via SSH or from the terminal
Run the following commands to install libnss-mysql and set the config options to allow multiple SSH users per SiteWorx account:
yum install libnss-mysql ~iworx/bin/config.pex --global --set --name SITEWORX_SSH_FEATURE --value 1 ~iworx/bin/sshd.pex --init-libnss-mysql
Using a text editor, open
/etc/nsswitch.conf
. The following example uses the vim text editor:vim /etc/nsswitch.conf
Append
mysql
to thepasswd
,shadow
, andgroup
lines. The edited section should match the following:# Example: #passwd: db files nisplus nis #shadow: db files nisplus nis #group: db files nisplus nis passwd: files sss mysql shadow: files sss mysql group: files sss mysql #initgroups: files sss
Save and exit the file
Configuring the SSH Users¶
Once enabled, the secondary SiteWorx user will be able to use their SiteWorx password to access the server over SSH.
Note
Information on how to create secondary SiteWorx users can be found here.
Log into SiteWorx from the browser (https://ip.ad.dr.ess:2443/siteworx)
In SiteWorx, navigate to Adminstration > User Accounts
Click the Pencil next to the SiteWorx user that should have secondary SSH access. This opens the Edit SiteWorx User form
Select Yes next to SSH Enabled
If desired, update the SSH Public Key field with the User’s Public Key (Optional)
Click Save