[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: P.S. - RE: [redhat-list] updates pending question



-----Original Message-----
From: redhat-list-bounces redhat com [mailto:redhat-list-bounces redhat com] On Behalf Of Alfred Hovdestad
Sent: Friday, May 10, 2013 11:28 AM
To: General Red Hat Linux discussion list
Subject: Re: P.S. - RE: [redhat-list] updates pending question

On 10/05/13 07:27 AM, Constance Morris wrote:
> -----Original Message-----
> From: redhat-list-bounces redhat com 
> [mailto:redhat-list-bounces redhat com] On Behalf Of Alfred Hovdestad
> Sent: Thursday, May 09, 2013 4:35 PM
> To: General Red Hat Linux discussion list
> Subject: Re: P.S. - RE: [redhat-list] updates pending question
>
>
>
> There are several things that you can try.  From the command line, enter:
>
> yum clean all
> yum update
>
> To see if any updates are still pending.  Next check the package that the sftp command belongs to:
>
> which sftp
> rpm -qf /usr/bin/sftp
> rpm -qf /usr/bin/ssh
>
> They should belong to the same package.
>
> --
> Alfred Hovdestad
> University of Saskatchewan
> ------------------------
>
> Hi Mr. Hovdestad,
>
> Yum update shows me there are no packages marked for update.
> Yes, the locations are the same for sftp and ssh, but not sshd.
> Not sure if that makes a difference with the sshd not being in a similar path location as the other two.
> But they all 3 are showing to belong to the same package.
>
> Constance
>

Hi Constance.

The ssh and sftp commands should belong to the same package, openssh-clients.  The sshd daemon belongs to the openssh-server package. 
  The versions should match (or at least be very close).

 From your other posts I think that your faculty accounts might be in a chroot environment.  There is an article in the Red Hat Knowledge Base that describes setting up an sftp-only environment for your faculty. 
You can check this by looking for

Match Group sftp

in /etc/ssh/sshd_config.  This would indicate that any account created with the default group sftp would be in the chroot environment.  If they are in a chroot environment that would require that their default shell and home directory be specified according to the chroot configuration (-s /bin/false, -d /username [relative to the chroot environment]).

--
Alfred
----------

Hi Alfred,

Yes, I do believe they might be supposed to be in a chroot environment. 

I found an article titled ' can I set up sftp to chroot only particular users in rhel' and I followed the instructions of modifying the /etc/ssh/sshd_config to have:

Comment out the #Subsystem 	sftp	/usr/libexec/openssh/sftp-server
And put this as active = subsystem	sftp	internal-sftp

* Now my sshd_config was different than above. It had:
Subsystem 	sftp	/bin/sh -c 'umas 0002; /usr/libexec/openssh/sftp-server'

Exactly like that. But I tried the above by commenting it out and adding the other line and the rest of the data as follows:

Match Group www
	ChrootDirectory /faculty-staff/%u
	AllowTcpForwarding no
	ForceCommand internal-sftp
	X11Forwarding no

And then did as it said and created a user, made a directory folder for that user in /faculty-staff and changed ownership and permissions.
Then it said to restart the sshd service and upon doing so I got the following error message:

Starting sshd: /etc/ssh/sshd_config: line 122: Bad configuration option: Match
/etc/ssh/sshd_config: terminating, 1 bad configuration options
                                                           [FAILED]

Any thoughts? The comments on the article mentioned there being a problem with selinux.

Constance




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]