P.S. - RE: [redhat-list] updates pending question

Constance Morris cmorris at daltonstate.edu
Fri May 10 20:24:00 UTC 2013 

-----Original Message-----
From: redhat-list-bounces at redhat.com [mailto:redhat-list-bounces at redhat.com] On Behalf Of m.roth at 5-cent.us
Sent: Friday, May 10, 2013 4:00 PM
To: General Red Hat Linux discussion list
Subject: Re: P.S. - RE: [redhat-list] updates pending question

Alfred Hovdestad wrote:
> On 10/05/13 12:06 PM, Constance Morris wrote:
>>
>> I found an article titled ' can I set up sftp to chroot only 
>> particular users in rhel' and I followed the instructions of 
>> modifying the /etc/ssh/sshd_config to have:
>>
>> Comment out the #Subsystem 	sftp	/usr/libexec/openssh/sftp-server
>> And put this as active = subsystem	sftp	internal-sftp
>>
>> * Now my sshd_config was different than above. It had:
>> Subsystem 	sftp	/bin/sh -c 'umas 0002; /usr/libexec/openssh/sftp-server'
>>
>> Exactly like that. But I tried the above by commenting it out and 
>> adding the other line and the rest of the data as follows:
>>
>> Match Group www
>> 	ChrootDirectory /faculty-staff/%u
>> 	AllowTcpForwarding no
>> 	ForceCommand internal-sftp
>> 	X11Forwarding no
>>
>> And then did as it said and created a user, made a directory folder 
>> for that user in /faculty-staff and changed ownership and permissions.
>> Then it said to restart the sshd service and upon doing so I got the 
>> following error message:
>>
>> Starting sshd: /etc/ssh/sshd_config: line 122: Bad configuration option:
>> Match
>> /etc/ssh/sshd_config: terminating, 1 bad configuration options
>>                                                             [FAILED]
>>
>> Any thoughts? The comments on the article mentioned there being a 
>> problem with selinux.
>>
> What version of Red Hat are you running?  I'm thinking that it is 
> likely RHEL 5.  The Match keyword for openssh was introduced with 
> openssh 5 (RHEL 6).  That might be why your predecessor had installed 
> a newer version of openssh (outside of RHEL).
>
> And if sshd isn't running your faculty won't be able to login.  You 
> may have to re-install the custom version of openssh to resolve this issue.

I really don't think it's an sshd problem, at this point. She's got other (many other?) users who have no trouble; it's just these three, which is why I'm strongly leaning towards them having Web Expression on their workstations misconfigured.

    mark

------------

After speaking with the webmaster there are a total of 7 people who have been allowed to continue accessing their sites via expression web - all others have to now submit modification requests to the webmaster for her to make the changes for them.
Of those 7 people (jadams, cathy, lyrong, guo, Hassan, Randall, Patrick) at the beginning of all of this only 2 could not log in and both were getting a different error message (jadams and randall) and 1 additional person was having a problem but it was with uploading files (hassan).
I have been able to confirm that cathy and lyrong can log in and am still waiting to hear back from Patrick.
Cathy just let me know, that now instead of it prompting her for her login credentials - when she opens expression web it just logged her straight in. This is weird as I set everything back on the sshd_config file after following those instructions I mentioned to Alfred and receiving the error message. So the only other thing I have done is install the setroubleshoot unless I am forgetting something we have discussed for me to try.

Constance

More information about the redhat-list mailing list