P.S. - RE: [redhat-list] updates pending question
Constance Morris
cmorris at daltonstate.edu
Fri May 10 18:06:57 UTC 2013
-----Original Message-----
From: redhat-list-bounces at redhat.com [mailto:redhat-list-bounces at redhat.com] On Behalf Of Alfred Hovdestad
Sent: Friday, May 10, 2013 11:28 AM
To: General Red Hat Linux discussion list
Subject: Re: P.S. - RE: [redhat-list] updates pending question
On 10/05/13 07:27 AM, Constance Morris wrote:
> -----Original Message-----
> From: redhat-list-bounces at redhat.com
> [mailto:redhat-list-bounces at redhat.com] On Behalf Of Alfred Hovdestad
> Sent: Thursday, May 09, 2013 4:35 PM
> To: General Red Hat Linux discussion list
> Subject: Re: P.S. - RE: [redhat-list] updates pending question
>
>
>
> There are several things that you can try. From the command line, enter:
>
> yum clean all
> yum update
>
> To see if any updates are still pending. Next check the package that the sftp command belongs to:
>
> which sftp
> rpm -qf /usr/bin/sftp
> rpm -qf /usr/bin/ssh
>
> They should belong to the same package.
>
> --
> Alfred Hovdestad
> University of Saskatchewan
> ------------------------
>
> Hi Mr. Hovdestad,
>
> Yum update shows me there are no packages marked for update.
> Yes, the locations are the same for sftp and ssh, but not sshd.
> Not sure if that makes a difference with the sshd not being in a similar path location as the other two.
> But they all 3 are showing to belong to the same package.
>
> Constance
>
Hi Constance.
The ssh and sftp commands should belong to the same package, openssh-clients. The sshd daemon belongs to the openssh-server package.
The versions should match (or at least be very close).
From your other posts I think that your faculty accounts might be in a chroot environment. There is an article in the Red Hat Knowledge Base that describes setting up an sftp-only environment for your faculty.
You can check this by looking for
Match Group sftp
in /etc/ssh/sshd_config. This would indicate that any account created with the default group sftp would be in the chroot environment. If they are in a chroot environment that would require that their default shell and home directory be specified according to the chroot configuration (-s /bin/false, -d /username [relative to the chroot environment]).
--
Alfred
----------
Hi Alfred,
Yes, I do believe they might be supposed to be in a chroot environment.
I found an article titled ' can I set up sftp to chroot only particular users in rhel' and I followed the instructions of modifying the /etc/ssh/sshd_config to have:
Comment out the #Subsystem sftp /usr/libexec/openssh/sftp-server
And put this as active = subsystem sftp internal-sftp
* Now my sshd_config was different than above. It had:
Subsystem sftp /bin/sh -c 'umas 0002; /usr/libexec/openssh/sftp-server'
Exactly like that. But I tried the above by commenting it out and adding the other line and the rest of the data as follows:
Match Group www
ChrootDirectory /faculty-staff/%u
AllowTcpForwarding no
ForceCommand internal-sftp
X11Forwarding no
And then did as it said and created a user, made a directory folder for that user in /faculty-staff and changed ownership and permissions.
Then it said to restart the sshd service and upon doing so I got the following error message:
Starting sshd: /etc/ssh/sshd_config: line 122: Bad configuration option: Match
/etc/ssh/sshd_config: terminating, 1 bad configuration options
[FAILED]
Any thoughts? The comments on the article mentioned there being a problem with selinux.
Constance
More information about the redhat-list
mailing list