I’d appreciate any thoughts anyone has on MySecureShell.

I used it about eight years ago, and it was exactly what I wanted. I know I can create a sftp chroot jail using OpenSSH, but MySecureShell has additional features I really like.

I like that the config is all in one place. I like that the user can only use sftp and only sees a specified directory and it’s contents. I like that I can limit simultaneous connections and rate limit the bandwidth over all and per user. It’s compatible with fail2ban and ssh keys (instead of username-password login).

Unfortunately, it looks like the last update was five years ago. I guess this could mean it’s mature and secure, but I’m not sure.

The last reply in mysecureshell/Issues was this year, but it was not by the maintainer. The maintainer, deimosfr, is still active on github, having contributed last in December, 2024. User Teka101 has contributed to the project at least once and last replied to an issue a year ago.

The documentation says it’s for 1.33, but the version in the Ubuntu repo is 2.0

I’m on a much faster connection now, so I guess I could live without the limiting functionality.

I guess I’m looking for any reasons I should or should not consider using MySecureShell again. It’ll just be for half a dozen friends for when I want to give them larger files, or if I want them to send me full-resolution photos.

I’m on Xubuntu 24.04 and would open a port on my router to allow connections (some high number mapped to 22 on this machine), or possibly give my friends access to my LAN via WireGuard but limit it to this machine.

  • moonpiedumplings@programming.devEnglish
    3·
    1 day ago

    Firstly, you may also be interested in: https://containerssh.io/v0.5/

    This is a similar software, but maintained. However, it doesn’t look like you limit networking with the Docker backend, beyond a simple on/off.

    An even simpler solution, is to have the the ssh entry command not be the usual shell command (/bin/bash), but rather a command that starts a shell within a container. So something like:

    podman run -it --rm -v "-v /HOST-DIR:/CONTAINER-DIR" docker.io/library/debian:bookworm bash would create a shell inside a short lived debian container (that is deleted upon disconnect) where a host directory is mounted inside the container.

    As for mysecureshell, I would assume that since it is in the Ubuntu repos, it is still being maintained. But it’s possible, since it is unmaintained that there are unknown security vulnerabilities or other issues, but:

    It’ll just be for half a dozen friends for when I want to give them larger files, or if I want them to send me full-resolution photos.

    If it’s just for your friends, it may be okay to use a less secure solution if you trust them.

    As an alternate solution: since you are looking for some sort of file searching, perhaps you could host an app explicitly designed for that, like Seafile or Nextcloud.