Docker/Compose/SFTP

sudo ufw allow 20022/tcp
sudo ufw status numbered

mkdir -p /opt/shahed/chorke/academia/var/playground/sftp
ln    -s /opt/shahed/chorke/academia/var/playground/sftp \
         ${HOME}/Documents/sftp-playground
      cd ${HOME}/Documents/sftp-playground/

mkdir -p ./data/{etc/{sftp,ssh/sshd_config.d},home/{academia,agronomy}/upload}
ls  -lah ./data/{etc/{sftp,ssh/sshd_config.d},home/{academia,agronomy}/upload}

cat <<'CFG' | tee ./data/etc/ssh/sshd_config >/dev/null
# Secure defaults
# See: https://stribika.github.io/2015/01/04/secure-secure-shell.html
Protocol 2
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key

# Faster connection
# See: https://github.com/atmoz/sftp/issues/11
UseDNS no

# Limited access
X11Forwarding no
PermitRootLogin no
AllowTcpForwarding no

PubkeyAuthentication no
PermitEmptyPasswords no
PasswordAuthentication yes

# Force sftp and chroot jail
Subsystem sftp internal-sftp
ForceCommand internal-sftp
ChrootDirectory %h

# Enable this for more logs
#LogLevel VERBOSE
CFG

makepasswd --chars 12  --count 5 --crypt-md5
cat <<'CFG' | tee ./data/etc/sftp/users.conf >/dev/null
academia:sadaqah!:1001
agronomy:sadaqah!:1002
CFG

echo 'sadaqah!'|makepasswd --crypt-md5 --clearfrom=-
cat <<'CFG' | tee ./data/etc/sftp/users.conf >/dev/null
academia:$1$9PfGgh6y$MOtEU48nCvgWmwlotjhj5.:e:1001
agronomy:$1$9PfGgh6y$MOtEU48nCvgWmwlotjhj5.:e:1002
CFG

sudo chown 0:0 -R ./data/etc/
sudo chmod 600    ./data/etc/sftp/users.conf
sudo chmod 644    ./data/etc/ssh/sshd_config
sudo chmod 755    ./data/etc/ssh/sshd_config.d

docker compose up   -d
docker compose logs -ft
docker compose down

docker exec -it sftp ash
sftp -P 20022 academia@localhost
sftp -P 20022 agronomy@localhost

ssh-keygen -f ${HOME}/.ssh/known_hosts -R '[localhost]:20022'
sftp -o PreferredAuthentications=password -o PubkeyAuthentication=no -P 20022 academia@localhost
sftp -o PreferredAuthentications=password -o PubkeyAuthentication=no -P 20022 agronomy@localhost

nmap vpn.shahed.biz --reason -Pn --top 20
nmap vpn.shahed.biz --reason -Pn -p25,465,587,993

sudo tail -n100 -f /var/log/auth.log
sudo tail -n100 -f /var/log/kern.log

sudo cat /etc/shadow|grep nobody
last

sudo apt-get install makepasswd
echo 'sadaqah!'|makepasswd --crypt-md5 --clearfrom=-

makepasswd --chars 12 --count 5 --crypt-md5
makepasswd --chars 12 --count 5 --crypt

makepasswd --chars 12 --count 5
makepasswd --chars 12

cat << EXE | sudo bash
sed 's|#PasswordAuthentication yes|PasswordAuthentication no|' -i /etc/ssh/sshd_config
sed 's|#PubkeyAuthentication yes|PubkeyAuthentication yes|'    -i /etc/ssh/sshd_config
sed 's|#PermitEmptyPasswords no|PermitEmptyPasswords no|'      -i /etc/ssh/sshd_config
sed 's|#PermitRootLogin yes|PermitRootLogin no|'               -i /etc/ssh/sshd_config
systemctl restart ssh
EXE

cat << EXE | sudo bash
sshd -T | grep -i PasswordAuthentication
sshd -T | grep -i PubkeyAuthentication
sshd -T | grep -i PermitEmptyPasswords
sshd -T | grep -i PermitRootLogin
systemctl status  ssh
EXE