[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: P.S. - RE: [redhat-list] updates pending question





On 10/05/13 12:06 PM, Constance Morris wrote:

Hi Mr. Hovdestad,

Yum update shows me there are no packages marked for update.
Yes, the locations are the same for sftp and ssh, but not sshd.
Not sure if that makes a difference with the sshd not being in a similar path location as the other two.
But they all 3 are showing to belong to the same package.

Constance


Hi Constance.

The ssh and sftp commands should belong to the same package, openssh-clients.  The sshd daemon belongs to the openssh-server package.
   The versions should match (or at least be very close).

  From your other posts I think that your faculty accounts might be in a chroot environment.  There is an article in the Red Hat Knowledge Base that describes setting up an sftp-only environment for your faculty.
You can check this by looking for

Match Group sftp

in /etc/ssh/sshd_config.  This would indicate that any account created with the default group sftp would be in the chroot environment.  If they are in a chroot environment that would require that their default shell and home directory be specified according to the chroot configuration (-s /bin/false, -d /username [relative to the chroot environment]).

--
Alfred
----------

Hi Alfred,

Yes, I do believe they might be supposed to be in a chroot environment.

I found an article titled ' can I set up sftp to chroot only particular users in rhel' and I followed the instructions of modifying the /etc/ssh/sshd_config to have:

Comment out the #Subsystem 	sftp	/usr/libexec/openssh/sftp-server
And put this as active = subsystem	sftp	internal-sftp

* Now my sshd_config was different than above. It had:
Subsystem 	sftp	/bin/sh -c 'umas 0002; /usr/libexec/openssh/sftp-server'

Exactly like that. But I tried the above by commenting it out and adding the other line and the rest of the data as follows:

Match Group www
	ChrootDirectory /faculty-staff/%u
	AllowTcpForwarding no
	ForceCommand internal-sftp
	X11Forwarding no

And then did as it said and created a user, made a directory folder for that user in /faculty-staff and changed ownership and permissions.
Then it said to restart the sshd service and upon doing so I got the following error message:

Starting sshd: /etc/ssh/sshd_config: line 122: Bad configuration option: Match
/etc/ssh/sshd_config: terminating, 1 bad configuration options
                                                            [FAILED]

Any thoughts? The comments on the article mentioned there being a problem with selinux.

Constance




Hi Constance.

What version of Red Hat are you running? I'm thinking that it is likely RHEL 5. The Match keyword for openssh was introduced with openssh 5 (RHEL 6). That might be why your predecessor had installed a newer version of openssh (outside of RHEL).

And if sshd isn't running your faculty won't be able to login. You may have to re-install the custom version of openssh to resolve this issue.

--
Alfred



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]