1

So I have root logins disabled and I log in through a... sudo-user? (whatever you call "another user that isn't root but was added via adduser username sudo).

However I installed Filezilla because I want to be able to write/modify my website files locally and then upload them to the public_html folder on the server.

However, even with my password and all, Filezilla tells me that I don't have the right permissions to actually make any changes (I can't upload files to the designated folders, I can only see the folder / file structure of the server / account).

So how else can I do this kind of file uploading?

user712268
  • 27

1 Answers1

0

There are two general options:

  1. How to avoid using sudo when working in /var/www?

  2. Allow root logins but mitigate the risk

    • Use keys
    • Disable password authentication
    • Use iptables or fail2ban to block brute force attacks

These iptables rules mitigate brute force attacks

iptables -A INPUT -p tcp -m tcp --dport 22 -m tcp -m state --state NEW -m recent --set --name SSH --rsource

iptables -A INPUT -p tcp -m tcp --dport 22 -m recent --update --seconds 600 --hitcount 20 --rttl --name SSH --rsource -j REJECT --reject-with icmp-host-prohibited

iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

See: http://bodhizazen.com/Tutorials/SSH_keys

and

What does 'without password' mean in sshd_config file?

and

http://bodhizazen.com/Tutorials/iptables

Panther
  • 102,067
  • Can I keep password authentication (e.g. permitrootaccess set to on) but block brute-force attacks? (and how are they mitigated/blocked exactly?) – user712268 Jul 14 '17 at 00:39
  • Even if I disable password authentication, doesn't that then mean the weakness moves to a new goalpost: Someone can try to take my local machine (or get access to it) and take the key file and use that to get root access? – user712268 Jul 14 '17 at 00:41
  • key still requires a password – Panther Jul 14 '17 at 00:41
  • I thought that was not mandatory technically? – user712268 Jul 14 '17 at 00:44
  • No you can skip a password if you wish but I do not advise it without using forced commands – Panther Jul 14 '17 at 01:39