[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: P.S. - RE: [redhat-list] updates pending question





On 10/05/13 02:29 PM, Constance Morris wrote:
-----Original Message-----
From: redhat-list-bounces redhat com [mailto:redhat-list-bounces redhat com] On Behalf Of m roth 5-cent us
Sent: Friday, May 10, 2013 4:00 PM
To: General Red Hat Linux discussion list
Subject: Re: P.S. - RE: [redhat-list] updates pending question

Alfred Hovdestad wrote:
On 10/05/13 12:06 PM, Constance Morris wrote:

I found an article titled ' can I set up sftp to chroot only
particular users in rhel' and I followed the instructions of
modifying the /etc/ssh/sshd_config to have:

Comment out the #Subsystem 	sftp	/usr/libexec/openssh/sftp-server
And put this as active = subsystem	sftp	internal-sftp

* Now my sshd_config was different than above. It had:
Subsystem 	sftp	/bin/sh -c 'umas 0002; /usr/libexec/openssh/sftp-server'

Exactly like that. But I tried the above by commenting it out and
adding the other line and the rest of the data as follows:

Match Group www
	ChrootDirectory /faculty-staff/%u
	AllowTcpForwarding no
	ForceCommand internal-sftp
	X11Forwarding no

And then did as it said and created a user, made a directory folder
for that user in /faculty-staff and changed ownership and permissions.
Then it said to restart the sshd service and upon doing so I got the
following error message:

Starting sshd: /etc/ssh/sshd_config: line 122: Bad configuration option:
Match
/etc/ssh/sshd_config: terminating, 1 bad configuration options
                                                             [FAILED]

Any thoughts? The comments on the article mentioned there being a
problem with selinux.

What version of Red Hat are you running?  I'm thinking that it is
likely RHEL 5.  The Match keyword for openssh was introduced with
openssh 5 (RHEL 6).  That might be why your predecessor had installed
a newer version of openssh (outside of RHEL).

And if sshd isn't running your faculty won't be able to login.  You
may have to re-install the custom version of openssh to resolve this issue.

I really don't think it's an sshd problem, at this point. She's got other (many other?) users who have no trouble; it's just these three, which is why I'm strongly leaning towards them having Web Expression on their workstations misconfigured.

     mark
-- ----------

P.S. Now Hassan can't log in and gets the same error message as jadams 'There's no site named /faculty-staff/username'.

Constance




I don't think that you should have the %u on the ChrootDirectory. Do all of these users have www as their default group? It is the default group that gets matched on the sftp connection.

--
Alfred



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]