Hello,
I've got a vps running Rocky Linux 9. It's got an Nginx web server with several sites that I'd like to allow users to manage. They use VS Code. Currently and this is not working entirely to my satisfaction I've got these users set up as sftp-only, while they do have accounts n the system they are all set with a nologin shell. In sshd_config the internal sftp server is used. If I atempt login from a second system using one of these user's username/password combos that works, and I can see there writable webstore area nd only that area, so the chroot is somewhat working. I am more uncertain about permissions and owner/group access for nginx and sshd, I don't want to give these users' files to much permissions. I would like to turn off PasswordAuthentication entirely and only use PublickeyAuthentication.
On the second system I've generated keypairs for a user and put them on the server in home directory .ssh and manually set permissions. These keys do not have a passphrase so my expected outcome is to atempt an sftp login and the connection goes right in without password. This doesn't happen, I keep getting a message that PublickeyAuthentication not allowed, even though that option is set in sshd_config and again in each user-specific block.
Lastly, once I get PublickeyAuthentication going and have disabled PasswordAuthentication I'm going to want to hook VS Code in to this. Currently I've got the remote ssh extension installed, but from what I'm reading this only does ssh not sftp.
Does anyone have something similar to this setup going? If so any help appreciated.
Thanks. Dave.