Enabling chrooted sftp access for WordPress automatic upgrades

Create wordpress user specifically for the auto update and add the user to the www-data group:

  • sudo adduser wordpress
  • sudo adduser wordpress www-data

chgroup the wordpress dir to the www-data group:

  • sudo chgrp -R www-data /var/www/wordpress

Add the following to /etc/ssh/ssd_config to chroot the wordpress user to the wordpress directory:

Match User wordpress
ChrootDirectory /var/www/wordpress
AllowTCPForwarding no
X11Forwarding no
ForceCommand /usr/lib/openssh/sftp-server

Restart the sshd service:

sudo /etc/init.d/ssh restart

Setup the sftp userid and password in the wordpress settings and select sftp.

Linux servers running your gadgets

I love the fact that so many consumer gadgets are increasingly Linux based and for the so inclined you can ssh or telnet into them to fiddle around with their settings 🙂

Tivo is probably the most common of all consumer devices running Linux. We love our Tivo box. We still have a Series 1 and it’s run continuously 24×7 since approx 2002 when we first bought it. It’s only been powered down a couple of times during power outages, and from memory I can only remember once or twice when it hung and had to be restarted. It’s hands down the most stable, most reliable piece of consumer electronics I’ve ever owned, by far.

The Iomgea ix2 NAS boxes run on Linux (as do most NAS boxes) – you can enable ssh from the ‘hidden page’ at /support.html and then ssh into it using id=root and password=soho+[your admin user password]

A lot of DSL and cable modems, and Wifi routers also run Linux. Most Actiontec DSL modems have a telnet port open on the internal network, and you can telnet into them using your web admin interface userid and password.

Enabling SSL for Apache2 on Ubuntu

Edit /etc/apache2/apache2.conf – add:

LoadModule      ssl_module /usr/lib/apache2/modules/mod_ssl.so

Generate SSL certificates:

https://help.ubuntu.com/8.04/serverguide/C/certificates-and-security.html

Add SSL config and 443 port to a new Virtual Host in apache2.conf – for example:

<VirtualHost *:443>
ServerAdmin your_admin@email.com
DocumentRoot /var/www/your_doc_root
SSLEngine on
SSLOptions +StrictRequire
SSLCertificateFile path/to/server.crt
SSLCertificateKeyFile path/to/server.key
ServerName your.server.name
DirectoryIndex index.php
</VirtualHost>

Add a listen port on 443 to /etc/apache2/ports.conf:

NameVirtualHost *:443