How to: Manage SSH Shell Users

The InterWorx Control Panel allows server administrators the ability to easily manage SSH shell users from within NodeWorx. From the Shell Users page, it is possible to enable and disable shell users, change both the default and a user’s shell, change shell users’ passwords, and set jailed users.

It is recommended to exercise discretion when giving out shell access, even jailed shell access, to end users in shared hosting environments.

Contents

• How to: Manage SSH Shell Users

  • To Change the Default Shell

  • To Enable a Shell User

  • To Change a Shell User’s Shell

  • To Set a Jailed User

  • To Change a Shell User’s Password

  • To View a Shell User’s History

  • To Disable a Shell User

  • To Configure Multiple SSH Users per SiteWorx Account

    • Enabling Multiple SSH Users

    • Configuring the SSH Users

To Change the Default Shell

Note

This will change the default shell for all newly enabled accounts. It will not affect existing enabled shell users.

1. Log into NodeWorx from the browser (https://ip.ad.dr.ess:2443/nodeworx)

2. From NodeWorx, navigate to SiteWorx > Shell Users

3. At the bottom of the page, under More Options, click Default Shell. This opens the Shell Account Options form

4. Select the desired shell from the Default Shell dropdown

   

5. Click Update

To Enable a Shell User

When enabling a user’s shell, three distinct operations are performed:

• The shell user’s password is set to the SiteWorx account password

• The user’s shell is updated to the default shell setting

• The account is enabled

1. Log into NodeWorx from the browser (https://ip.ad.dr.ess:2443/nodeworx)

2. From NodeWorx, navigate to SiteWorx > Shell Users

3. Click the checkmarked person next to the shell user. This opens the Confirmation form

   

4. Click Enable to confirm

It is also possible to enable more than one shell user at the same time:

1. Log into NodeWorx from the browser (https://ip.ad.dr.ess:2443/nodeworx)

2. From NodeWorx, navigate to SiteWorx > Shell Users

3. Select the checkbox next to the user(s)

   • Selecting the checkbox next to the With Selected dropdown will automatically select all

4. Select Enable from the With Selected dropdown

5. Click Go. This opens the Confirmation form

6. Click Enable to confirm

To Change a Shell User’s Shell

1. Log into NodeWorx from the browser (https://ip.ad.dr.ess:2443/nodeworx)

2. From NodeWorx, navigate to SiteWorx > Shell Users

3. If the shell user is not already enabled, see To Enable a Shell User

4. Click …. This opens an options form

5. Select Change Shell. This opens the Change Shell form

6. Select the desired shell from the Shell dropdown

   

7. Click Update

It is also possible to change the shell of more than one user at the same time:

1. Log into NodeWorx from the browser (https://ip.ad.dr.ess:2443/nodeworx)

2. From NodeWorx, navigate to SiteWorx > Shell Users

3. Select the checkbox next to the user(s)

   • Selecting the checkbox next to the With Selected dropdown will automatically select all

4. Select Change Shell from the With Selected dropdown

5. Click Go. This opens the Change Shell form

6. Select the desired shell from the Shell dropdown

7. Click Update

To Set a Jailed User

A jailed user has a very limited view of the file system and available Linux commands when logged in.

1. Log into NodeWorx from the browser (https://ip.ad.dr.ess:2443/nodeworx)

2. From NodeWorx, navigate to SiteWorx > Shell Users

3. If the shell user is not already enabled, see To Enable a Shell User

4. Click …. This opens an options form

5. Select Change Shell. This opens the Change Shell form

6. Select /usr/sbin/jk_chrootsh from the Shell dropdown

7. Click Update

To Change a Shell User’s Password

1. Log into NodeWorx from the browser (https://ip.ad.dr.ess:2443/nodeworx)

2. From NodeWorx, navigate to SiteWorx > Shell Users

3. If the shell user is not already enabled, see To Enable a Shell User

4. Click …. This opens an options form

5. Select Change Password. This opens the Change Shell Password form

   • Alternately, click the Magic Wand to automatically generate a new password

6. Update the Password and Confirm Password fields with the new password

7. Click Update

To View a Shell User’s History

1. Log into NodeWorx from the browser (https://ip.ad.dr.ess:2443/nodeworx)

2. From NodeWorx, navigate to SiteWorx > Shell Users

3. Click View next to the shell user. This opens a new window with the complete shell history of the shell user

To Disable a Shell User

1. Log into NodeWorx from the browser (https://ip.ad.dr.ess:2443/nodeworx)

2. From NodeWorx, navigate to SiteWorx > Shell Users

3. Click the crossed out person next to the shell user. This opens the confirmation form

   

4. Click Disable to confirm

It is also possible to disable more than one shell user at the same time:

1. Log into NodeWorx from the browser (https://ip.ad.dr.ess:2443/nodeworx)

2. From NodeWorx, navigate to SiteWorx > Shell Users

3. Select the checkbox next to the user(s)

   • Selecting the checkbox next to the With Selected dropdown will automatically select all

4. Select Disable from the With Selected dropdown

5. Click Go. This opens the Confirmation form

6. Click Disable to confirm

To Configure Multiple SSH Users per SiteWorx Account

InterWorx allows for the ability to have more than one SSH user per SiteWorx account. The SiteWorx account must have shell access in order to use this feature.

Enabling Multiple SSH Users

1. Log in to the server at the CLI as root, either via SSH or from the terminal

2. Run the following commands to install libnss-mysql and set the config options to allow multiple SSH users per SiteWorx account:

   yum install libnss-mysql
   ~iworx/bin/config.pex --global --set --name SITEWORX_SSH_FEATURE --value 1
   ~iworx/bin/sshd.pex --init-libnss-mysql
   

3. Using a text editor, open /etc/nsswitch.conf. The following example uses the vim text editor:

   vim /etc/nsswitch.conf
   

4. Append mysql to the passwd, shadow, and group lines. The edited section should match the following:

    # Example:
    #passwd:    db files nisplus nis
    #shadow:    db files nisplus nis
    #group:     db files nisplus nis
   
    passwd:     files sss mysql
    shadow:     files sss mysql
    group:      files sss mysql
   #initgroups: files sss
   

5. Save and exit the file

Configuring the SSH Users

Once enabled, the secondary SiteWorx user will be able to use their SiteWorx password to access the server over SSH.

Note

Information on how to create secondary SiteWorx users can be found here.

1. Log into SiteWorx from the browser (https://ip.ad.dr.ess:2443/siteworx)

2. In SiteWorx, navigate to Adminstration > User Accounts

3. Click the Pencil next to the SiteWorx user that should have secondary SSH access. This opens the Edit SiteWorx User form

4. Select Yes next to SSH Enabled

5. If desired, update the SSH Public Key field with the User’s Public Key (Optional)

   

6. Click Save