SFTP Publishing on Ubuntu 10.04 (Lucid Lynx)

mikeraynham edited this page Jun 7, 2011 · 15 revisions
Clone this wiki locally

Prerequisites

Servers

This guide assumes the use of two Ubuntu 10.04 servers, both with the OpenSSH ssh meta-package installed. An SFTP server is included as part of the OpenSSH server.

One server is the Bricolage server — the server on which Bricolage CMS is running. The other server is a remote server onto which the Bricolage content is to be published — the web server. The remote server hostname is shown as remote_server, and the user with permissions to the remote directory structure is remote_user.

Dependencies

It is assumed that libgmp3-dev libssh2, Net::SFTP, Net::SSH2 and Net::SSH::Perl have all been installed on the Bricolage server. See Installing Bricolage 2.0.1 on Ubuntu 10.04 LTS (Lucid Lynx) for more information. Note that it is recommended that the latest version of libssh2 be installed from source, rather than using the Ubuntu libssh2-1-dev package.

Create a user on the remote server

From the remote server

Create a separate user account for the website files on the remote server. A public_html directory in the user’s home area will be used as the website’s document root.

sudo adduser \
  --system \
  --home /srv/www/website \
  --group \
  remote_user

Create a password for the remote user:

sudo passwd remote_user

Create SSH keys

From the Bricolage server

Make directory for SSH keys:

sudo mkdir -m 0700 /usr/local/bricolage/.ssh

Create SSH keys — for added security, enter a password when prompted:

sudo ssh-keygen \
  -t rsa \
  -b 4096 \
  -C "Bricolage" \
  -f /usr/local/bricolage/.ssh/id_rsa

Set the appropriate permissions:

sudo chown -R www-data:www-data /usr/local/bricolage/.ssh
sudo chmod 0600 \
  /usr/local/bricolage/.ssh/id_rsa \
  /usr/local/bricolage/.ssh/id_rsa.pub

Copy the public key from to the remote server

From the Bricolage server

sudo ssh-copy-id \
  -i /usr/local/bricolage/.ssh/id_rsa \
  remote_user@remote_server

Check that you can login via SFTP:

sudo sftp \
  -oIdentityFile=/usr/local/bricolage/.ssh/id_rsa \
  remote_user@remote_server

If you are unable to connect, ensure that the file permissions for the SSH keys are correct, and that you are using the correct username and password.

Type quit to exit the SFTP console.

Disable SSH password authentication (optional)

From the remote server

This step prevents SSH connections from using password authentication (it does not prevent the use of password protected SSH keys):

sudo vim /etc/ssh/sshd_config
# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes
PasswordAuthentication no

Restart the SSH daemon:

sudo /etc/init.d/ssh restart

Enable SFTP from Bricolage

From the Bricolage server

For more information about the configuration directives, see Distribution Configuration.

Edit bricolage.conf:

sudo vim /usr/local/bricolage/conf/bricolage.conf
ENABLE_SFTP_MOVER       = Yes
SFTP_MOVER_CIPHER       = 0
SFTP_KEY_TYPE           = ssh-rsa
SFTP_PRIVATE_KEY_FILE   = /usr/local/bricolage/.ssh/id_rsa
SFTP_PUBLIC_KEY_FILE    = /usr/local/bricolage/.ssh/id_rsa.pub
FTP_UNLINK_BEFORE_MOVE  = Yes

Note: Enabling FTP_UNLINK_BEFORE_MOVE is optional. However, if you receive the following error when attempting to publish updated files, enabling it should solve the problem:

An error occurred while processing your request:

Error renaming 'index.htm.tmp' to 'index.htm' on 'remote_server'

4 SSH_FX_FAILURE

Restart Bricolage:

sudo /etc/init.d/bric_apachectl restart

Create Bricolage publishing destination

From the Bricolage server

From the Bricolage GUI:

Distribution → Destinations → Add a New Destination

Name Move Method Copy Resources Publishes Previews
My Remote Server SFTP No Yes No

In section 2, OUTPUT CHANNELS, add the required Output Channels.

Next →

Add a New Action (section 4, ACTIONS)

Type
Move

Next →

Add A New Server (section 5, SERVERS)

Host Name OS Document Root Login Password
remote_server Unix /srv/www/website/public_html remote_user SSH key password