How to create a temporary SSH for external companies

#1

Hi Craig,

I hope you had a good Easter break.

Could you please advise me in your spare time how to create temporary ssh (ip-restricted ) for external developers and how to enable disable it if needed?

Also, could you inform me how to change my current magento server-user pass.

Thank you.

Regards,
Pawel

0 Likes

#2

Hey @PawelP, thanks.

Fantastic question. Great to know you’re thinking about security. I also use temporary accounts for 3rd party users. In some cases I give them their own VPS.

I’m slowly working on a CLI video that will help everyone here improve their skill levels by teaching day-to-day tasks you might need to perform. I’ve copied and pasted some of those here…

Method 1 (The secure way)

adduser
In order to create a new user on the web server, we’d use the adduser command. This is a command that requires “superuser” privileges. Therefore, we prefix it with sudo . And at the end we add the username we wish to add.

So, if I wanted to add a user called “bob” then I’d run:

sudo adduser bob

You’ll then be prompted to add a password for that user. And then add additional details of that user - Which you can skip by hitting Enter. Then confirm everything at the end when prompted by pressing Y.

group
You’ll also need to allow your new user to the www-group, to help control their level of access to the Magento files. You can do this by entering:

sudo usermod -g www-data bob

chmod
Now that “bob” is part of the www-data group, you will need to decide what Folders/Files you want them to be able to Write to. The most common places where code gets created or modified are both app/design/ and app/code. So, to allow any use in the www-group to edit those files and folders then you would want to apply Permission 775. You can apply this rule to those locations by running the following as the “magento” user within the Magento root directory:

Apply 775 Permissions to all Files within app/design/ and app/code:

find app/code app/design -type f -exec chmod 775 {} + 

Apply 775 Permissions to all Directories within app/design/ and app/code:

find app/code app/design -type d -exec chmod 775 {} +

There will be some complications with this method. For example, if “bob” were to upload any files via FTP then the Owner of that file would default to “bob” instead of “magento”. So, you’d regularly have to reset the ownership of your Files/Folders. But that’s like a 20 second task.

Method 2 (The half-arsed way)

Naturally, you could also just give them the password for the “magento” user - Who will have all of the Read+Write Permissions without having to do anything else. Obviously, you would need to change the password for this user regularly.

There maybe more methods, but these are the only 2 that come to mind for me - That I use.

Misc

passwd
Sometimes you’ll need to change the password of a user. This can be achieved with passwd . To change my own password, I would simply type:

passwd

And confirm the new password twice.

But if I wanted to change the password of another user, I could use the superuser command. So, to change the password of the “magento” user I would type:

sudo passwd magento

And again, I’d confirm the password twice.

IP Restriction
If you’re using a good host, then you could use their Dashboard to control the Firewall. If not, then you can use the following ufw commands.

To whitelist an IP address on any/all ports:

sudo ufw allow from 123.123.123.123

To remove the whitelisted IP address that you’ve added:

sudo ufw delete allow from 123.123.123.123

You can verify your changes using:

sudo ufw status

Obviously, you can temporarily disable any user by either changing their password or removing their IP address from the Whitelist (or both). I’ll check back in tonight if you have any further questions.

0 Likes

#3

Hi Craig,

Great. Thank you.
I need to go through this, digest the code and understand it :slight_smile:
Please send me what you were able to find out.

Thank you in advance.

Regards,
Pawel

0 Likes

#4

Hi Craig,

Can you please advise if there is a way how to reset may Magento server user name password?
You see have a few snapshots on DOcean. One of them is my initial Magento vanilla.
I keep it with the intention of testing things on the refresh M. install. Going along with the development I changed my Magento SSH password after a 3rd party company finished working. I updated my LastPass replacing the old pass but forgot to change the pass in some of my snapshots, therefore, I can’t access them now.

If I can’t restore the pass maybe I could delete the existing Magento user and create a new one?
Please advise if you can. What commands should I use?

It is not urgent.
Thank you in advance.

Regards,
Pawel

0 Likes

#5

Hi,

Please ignore my question. I found it. It was so simple.

  1. Log in with super user account
  2. Type command: sudo passwd <username>
  3. Then type super user pass
  4. Finally, add and reconfirm a new password

I’ll be fighting with Porto this evening and elastic search on Magneto vanila.
These 2 are now on my plate.

Regards,
Pawel

0 Likes

#6

Hey @PawelP, we also covered that here: How to create a temporary SSH for external companies

Also, if you’re already logged in as the user that you want to change the password for (and know the existing password) then you only need to enter:

passwd
0 Likes