Managing a Heliohost Website with SSHFS This may be particularly helpful right now (Aug 2021) if you're on ricky, which is still running but hasn't been upgraded to plesk yet. This will only be useful to you if you are running linux on your local desktop. If your aren't, then you should try it out! ________________________________________ Background There are various options for transferring files back and forth between heliohost and your local machine (see https://wiki.helionet.org/management/uploading-files). This includes: 1) webdav: fine for {up,down}loading a couple of files, but not good for recursively transferring a whole directory tree. Webdav is unaware of linux's symbolic links, so this can lead to an infinite loop that would eventually require more space than the combined resources of all the datacenters in the world. 2) Plain old FTP: works, but everything is transferred un-encrypted across the internet. So, you are broadcasting all your stuff to anyone who cares to listen, and, in this day and age, it seems like there are a lot of such folks. 3) ftps: this is the standard ftp protocol, but tunneled thu a secure ssl connection, the same way that https is related to http. Perhaps the simplest option for using a client program like filezilla. 4) sftp: despite the similar name, this is totally unrelated to options 2 and 3 above. It is an acronym for "ssh file transfer protocol", which was designed specifically for linux (and unix more generally). Heliohost doesn't allow remote ssh logins to the command line, for very sane security reasons. But they are running an ssh daemon, on an alternate port, which can only be used to invoke the server part of this protocol. From the point of view of something like filezilla, sftp and ftps are probably about the same. ________________________________________ Mounting Your Heliohost Site to a Local Directory on a Linux Desktop Fuse(8) is a linux package that allows you to use the filesystem for all sorts of clever purposes (fuse stands for "filesystem in userspace"). It will let you use almost anything that can transfer files to "mount" a remote directory tree onto a local directory. This makes it look as though the remote files are in your local directory. Every time you add, delete, or change a file, fuse works in the background to do whatever in necessary to "make it so" on the remote system. At first, I thought that the standard linux 'sshfs' command wouldn't work because heliohost doesn't allow ssh. I tried the fuse modules for webdav and sftp with limited success. Then I realized that sshfs *is* supported. Here is how to use it for ricky right now to work around the cpanel debacle. 1) Create a directory to mount your heliohost files in. For this example, I'll use a sub-directory named 'Helio' of your home directory, but it can be anything you like. Note that '~/' is the standard way to refer to your home directory. You can create the directory from the command line with: 'mkdir ~/Helio'. 2) Run this command: sshfs -o Port=1373 -o idmap=user USER@ricky.heliohost.org: ~/Helio except replace USER with the username you used for logging into cpanel. Enter your cpanel password when prompted. Your ~/helio/ directory now "contains" all of your remote files. You can use the standard linux commands: cp, mv, rm, chmod,... to maintain your website. Or, you can also use any gui file manager that you like. You can use tar to make backups of some or all of your heliohost files. You can use your favorite editor (emacs, of course) to edit the files under ~/Helio/public_html in place, and the changes are made to your website the instant you save them. If you are only interested in the website files, you can change 'USER@ricky.heliohost.org:' to USER@ricky.heliohost.org:public_html' in the sshfs command, and then ~/Helio will contain only your website files. When you can are done, you should use either 'fusermount -u ~/Helio' or 'sudo umount ~/Helio' to disconnect/logout from heliohost. You can automate mounting your heliohost site with a simple shell script that contains the above sshfs command. You could even put your password in the script, but I always cringe at seeing a plain-text password of any sort in a file. What I did was to store the password using the secret-tool(1) utility. I then created a script, named heliomount, with the following (just 2 lines, but the 2nd one is long and may wrap on screen): #! /bin/sh -x secret-tool lookup helio host | sshfs -o Port=1373 -o idmap=user -o password_stdin USER@ricky.heliohost.org: ~/Helio ________________________________________ A More Advanced Example A short while ago, I need to create a new password protected directory on my ricky website. A standard apache feature is that each directory can contain a file named .htaccess which controls how apache treats files in and below that directoy. So, I looked at the .htaccess file that cpanel had created in another password protected directory, and found something like this (except it contained my user login name, not 'USER', of course). #----------------------------------------------------------------cp:ppd # Section managed by cPanel: Password Protected Directories -cp:ppd # - Do not edit this section of the htaccess file! -cp:ppd #----------------------------------------------------------------cp:ppd AuthType Basic AuthName "This is some stuff" AuthUserFile "/home/USER/.htpasswds/public_html/some_stuff/passwd" Require valid-user #----------------------------------------------------------------cp:ppd # End section managed by cPanel: Password Protected Directories -cp:ppd I then created a new directory named public_html/new_stuff, and added an .htaccess file there with the following (except there are no asterisks in my file :-). # Fu** cpanel! This isn't brain surgery :-) # Thu Jul 29 15:53:52 2021 AuthType Basic AuthName "This is some new stuff" AuthUserFile "/home/USER/.htpasswds/public_html/new_stuff/passwd" Require valid-user Note that AuthName just sets the title for the login pop on the web. Now, all I needed to do was to add a new 'passwd' file in the directory specified by .htaccess. This file holds the username and encrypted password corresponding to the protected new_stuff directory. If you have apache installed on your local machine, you can use the 'htpassw' command to do this. If you don't have 'htpasswd', here is another way to create it: a) Temporarily add a new user to your local system and assign it the password that you want to use to protect the web directory. b) Extract the corresponding line from /etc/shadow e.g: 'sudo grep USERNAME /etc/shadow > htpass' where USERNAME is the name of new user c) You'll find something like this: USERNAME:$6$5a5D4LTYpv.:18837:0:99999:7::: except that the string between the first and second colon will be *much* longer. That string is the encrypted password. Just edit the htpass file to remove the second colon and everything that follows. E.g.: USERNAME:$6$5a5D4LTYpv. but your line will be much longer and have the real user name. d) Copy the htpass file to ~/Helio/.htpasswds/public_html/new_stuff/passwd Now accessing the corresponding url on the web will require the username and password that you chose. e) Delete the temporary user. Leaving it would likely be a security risk to your local system. (I speak from experience here.) ________________________________________ As the saying goes, hope this helps. -Jeff === LocalWords: userspace Heliohost filesystem heliohost filezilla linux sshfs (in the following, replace USER with your username and password for cpanel/plesk). --- # Fuck cpanel! This isn't brain surgery :-) # Thu Jul 29 15:53:52 2021 AuthType Basic AuthName "Stuff" AuthUserFile "/home/jnorden/.htpasswds/public_html/mri/passwd" Require valid-user --- --- #----------------------------------------------------------------cp:ppd # Section managed by cPanel: Password Protected Directories -cp:ppd # - Do not edit this section of the htaccess file! -cp:ppd #----------------------------------------------------------------cp:ppd AuthType Basic AuthName "testeroo to you" AuthUserFile "/home/jnorden/.htpasswds/public_html/testeroo/passwd" Require valid-user #----------------------------------------------------------------cp:ppd # End section managed by cPanel: Password Protected Directories -cp:ppd --- LocalWords: cpanel