[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: P.S. - RE: [redhat-list] updates pending question

On 10/05/13 12:06 PM, Constance Morris wrote:

Hi Mr. Hovdestad,

Yum update shows me there are no packages marked for update.
Yes, the locations are the same for sftp and ssh, but not sshd.
Not sure if that makes a difference with the sshd not being in a similar path location as the other two.
But they all 3 are showing to belong to the same package.


Hi Constance.

The ssh and sftp commands should belong to the same package, openssh-clients.  The sshd daemon belongs to the openssh-server package.
   The versions should match (or at least be very close).

  From your other posts I think that your faculty accounts might be in a chroot environment.  There is an article in the Red Hat Knowledge Base that describes setting up an sftp-only environment for your faculty.
You can check this by looking for

Match Group sftp

in /etc/ssh/sshd_config.  This would indicate that any account created with the default group sftp would be in the chroot environment.  If they are in a chroot environment that would require that their default shell and home directory be specified according to the chroot configuration (-s /bin/false, -d /username [relative to the chroot environment]).


Hi Alfred,

Yes, I do believe they might be supposed to be in a chroot environment.

I found an article titled ' can I set up sftp to chroot only particular users in rhel' and I followed the instructions of modifying the /etc/ssh/sshd_config to have:

Comment out the #Subsystem 	sftp	/usr/libexec/openssh/sftp-server
And put this as active = subsystem	sftp	internal-sftp

* Now my sshd_config was different than above. It had:
Subsystem 	sftp	/bin/sh -c 'umas 0002; /usr/libexec/openssh/sftp-server'

Exactly like that. But I tried the above by commenting it out and adding the other line and the rest of the data as follows:

Match Group www
	ChrootDirectory /faculty-staff/%u
	AllowTcpForwarding no
	ForceCommand internal-sftp
	X11Forwarding no

And then did as it said and created a user, made a directory folder for that user in /faculty-staff and changed ownership and permissions.
Then it said to restart the sshd service and upon doing so I got the following error message:

Starting sshd: /etc/ssh/sshd_config: line 122: Bad configuration option: Match
/etc/ssh/sshd_config: terminating, 1 bad configuration options

Any thoughts? The comments on the article mentioned there being a problem with selinux.


Hi Constance.

What version of Red Hat are you running? I'm thinking that it is likely RHEL 5. The Match keyword for openssh was introduced with openssh 5 (RHEL 6). That might be why your predecessor had installed a newer version of openssh (outside of RHEL).

And if sshd isn't running your faculty won't be able to login. You may have to re-install the custom version of openssh to resolve this issue.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]