5.1.4 Ssh

Ssh (see man ssh(1)) is used to exchange meta-data and archives files by using a “chroot” jail for each collection account, as bind-unbind (see bind-unbind) script provides the cache and gitbare directories into that jail.

Process conceptual model:

• Events in

  $ ssh

  from Git (see Git): access the GIT bare repository.

  $ scp

  from misc (see misc): retrieve an archive from a remote SERVER (see Server)’s cache.

• Data in The SSH server’s configuration files bellow is are managed by init-remove-purge (see init-remove-purge) and new-free-clean (see new-free-clean) scripts.

  /etc/ssh/sshd_config

  ...
  # <<<mdtx-*
  Match user mdtx-*
            ChrootDirectory /var/cache/mediatex/mdtx/jail
            X11Forwarding no
            AllowTcpForwarding no
  # mdtx-*>>>
  

  /var/cache/mediatex/mdtx/jail/etc/group

  root:x:0:
  www-data:x:33:www-data
  mdtx:x:120:www-data
  mdtx_md:x:123:mdtx,www-data
  mdtx-COLL:x:124:www-data,mdtx
  

  /var/cache/mediatex/mdtx/jail/etc/password

  root:x:0:0:root:/root:/bin/bash
  www-data:x:33:33:www-data:/var/www:/bin/sh
  mdtx:x:112:120::/var/cache/mediatex/mdtx:/bin/bash
  mdtx-COLL:x:114:124::…/home/mdtx-COLL:/bin/bash
  

  ~mdtx-COLL/.ssh/authorized_keys

  ~mdtx-COLL/.ssh/known_hosts

  ~mdtx-COLL/.ssh/id_dsa

  ~mdtx-COLL/.ssh/id_dsa.pub

  The SSH client’s configuration file bellow is managed during MEDIATEX’s upgrades.

  ~mdtx-COLL/.ssh/config

  # Do not ask for password
  BatchMode yes
  Compression yes
  Host hostname1
          Port 22
  

Code:

scripts/lib/ssh.sh

scripts/lib/jail.sh