Linux

8415 readers

159 users here now

Welcome to c/linux!

Welcome to our thriving Linux community! Whether you're a seasoned Linux enthusiast or just starting your journey, we're excited to have you here. Explore, learn, and collaborate with like-minded individuals who share a passion for open-source software and the endless possibilities it offers. Together, let's dive into the world of Linux and embrace the power of freedom, customization, and innovation. Enjoy your stay and feel free to join the vibrant discussions that await you!

Rules:

Stay on topic: Posts and discussions should be related to Linux, open source software, and related technologies.
Be respectful: Treat fellow community members with respect and courtesy.
Quality over quantity: Share informative and thought-provoking content.
No spam or self-promotion: Avoid excessive self-promotion or spamming.
No NSFW adult content
Follow general lemmy guidelines.

founded 2 years ago

MODERATORS

MigratingtoLemmy@lemmy.world

MySecureShell: Still/Ever a sound solution? (lemmy.world)

submitted 5 days ago by Zachariah@lemmy.world to c/linux@lemmy.world

9 comments fedilink hide all child comments

I'd appreciate any thoughts anyone has on MySecureShell.

I used it about eight years ago, and it was exactly what I wanted. I know I can create a sftp chroot jail using OpenSSH, but MySecureShell has additional features I really like.

I like that the config is all in one place. I like that the user can only use sftp and only sees a specified directory and it's contents. I like that I can limit simultaneous connections and rate limit the bandwidth over all and per user. It's compatible with fail2ban and ssh keys (instead of username-password login).

Unfortunately, it looks like the last update was five years ago. I guess this could mean it's mature and secure, but I'm not sure.

The last reply in mysecureshell/Issues was this year, but it was not by the maintainer. The maintainer, deimosfr, is still active on github, having contributed last in December, 2024. User Teka101 has contributed to the project at least once and last replied to an issue a year ago.

The documentation says it's for 1.33, but the version in the Ubuntu repo is 2.0

I'm on a much faster connection now, so I guess I could live without the limiting functionality.

I guess I'm looking for any reasons I should or should not consider using MySecureShell again. It'll just be for half a dozen friends for when I want to give them larger files, or if I want them to send me full-resolution photos.

I'm on Xubuntu 24.04 and would open a port on my router to allow connections (some high number mapped to 22 on this machine), or possibly give my friends access to my LAN via WireGuard but limit it to this machine.

top 9 comments

sorted by: hot top controversial new old

[–] catloaf@lemm.ee 5 points 5 days ago (1 children)

Solution for what? What's your use case?

[–] Zachariah@lemmy.world 1 points 5 days ago (1 children)

Solution for the problems it was created to solve. Or does it just introduce more problems, and OpenSSH (or something else) is better.

My use case was a bit spread out:

… sftp chroot jail

… config is all in one place.

… limit simultaneous connections and rate limit the bandwidth over all and per user.

… I guess I could live without the limiting functionality.

…It’ll just be for half a dozen friends for when I want to give them larger files, or if I want them to send me full-resolution photos.

[–] possiblylinux127@lemmy.zip 1 points 4 days ago* (last edited 4 days ago) (1 children)

Doesn't openssh support all of those?

Clarification: I think it should. I personally used bubblewrap when I was doing something similar.

[–] Zachariah@lemmy.world 1 points 4 days ago

I don’t know if it supports per-user limits on connections and upload/download bandwidth.

[–] moonpiedumplings@programming.dev 3 points 4 days ago (1 children)

Firstly, you may also be interested in: https://containerssh.io/v0.5/

This is a similar software, but maintained. However, it doesn't look like you limit networking with the Docker backend, beyond a simple on/off.

An even simpler solution, is to have the the ssh entry command not be the usual shell command (/bin/bash), but rather a command that starts a shell within a container. So something like:

podman run -it --rm -v "-v /HOST-DIR:/CONTAINER-DIR" docker.io/library/debian:bookworm bash would create a shell inside a short lived debian container (that is deleted upon disconnect) where a host directory is mounted inside the container.

As for mysecureshell, I would assume that since it is in the Ubuntu repos, it is still being maintained. But it's possible, since it is unmaintained that there are unknown security vulnerabilities or other issues, but:

It’ll just be for half a dozen friends for when I want to give them larger files, or if I want them to send me full-resolution photos.

If it's just for your friends, it may be okay to use a less secure solution if you trust them.

As an alternate solution: since you are looking for some sort of file searching, perhaps you could host an app explicitly designed for that, like Seafile or Nextcloud.

[–] Zachariah@lemmy.world 1 points 4 days ago

Thank you. These are all great ideas. Looks like I’ve got more reading to do :)

[–] possiblylinux127@lemmy.zip 1 points 4 days ago

I would look into containers and sandboxing. You can use tools like podman, bubblewrap and systemd to isolate software. I'm not sure what you are looking for exactly.

[–] krnl386@lemmy.ca 2 points 4 days ago (1 children)

Have you looked at the mod_sftp for ProFTPd? It seems like ProFTPd is alive and well, despite its official site not supporting HTTPS! It seems like mod_sftp supports most of the SSH/SFTP-specific features, whereas ProFTPd may also offer additional features that complement the mod_sftp module. All in all, probably not a 100% match, and definitely not a drop-in replacement, but at least a seemingly viable/supported alternative?

[–] Zachariah@lemmy.world 2 points 4 days ago

Thank you. I’ll take a look.