P.S. - RE: [redhat-list] updates pending question
Alfred Hovdestad
alfred.hovdestad at usask.ca
Fri May 10 20:37:21 UTC 2013
On 10/05/13 02:29 PM, Constance Morris wrote:
> -----Original Message-----
> From: redhat-list-bounces at redhat.com [mailto:redhat-list-bounces at redhat.com] On Behalf Of m.roth at 5-cent.us
> Sent: Friday, May 10, 2013 4:00 PM
> To: General Red Hat Linux discussion list
> Subject: Re: P.S. - RE: [redhat-list] updates pending question
>
> Alfred Hovdestad wrote:
>> On 10/05/13 12:06 PM, Constance Morris wrote:
>>>
>>> I found an article titled ' can I set up sftp to chroot only
>>> particular users in rhel' and I followed the instructions of
>>> modifying the /etc/ssh/sshd_config to have:
>>>
>>> Comment out the #Subsystem sftp /usr/libexec/openssh/sftp-server
>>> And put this as active = subsystem sftp internal-sftp
>>>
>>> * Now my sshd_config was different than above. It had:
>>> Subsystem sftp /bin/sh -c 'umas 0002; /usr/libexec/openssh/sftp-server'
>>>
>>> Exactly like that. But I tried the above by commenting it out and
>>> adding the other line and the rest of the data as follows:
>>>
>>> Match Group www
>>> ChrootDirectory /faculty-staff/%u
>>> AllowTcpForwarding no
>>> ForceCommand internal-sftp
>>> X11Forwarding no
>>>
>>> And then did as it said and created a user, made a directory folder
>>> for that user in /faculty-staff and changed ownership and permissions.
>>> Then it said to restart the sshd service and upon doing so I got the
>>> following error message:
>>>
>>> Starting sshd: /etc/ssh/sshd_config: line 122: Bad configuration option:
>>> Match
>>> /etc/ssh/sshd_config: terminating, 1 bad configuration options
>>> [FAILED]
>>>
>>> Any thoughts? The comments on the article mentioned there being a
>>> problem with selinux.
>>>
>> What version of Red Hat are you running? I'm thinking that it is
>> likely RHEL 5. The Match keyword for openssh was introduced with
>> openssh 5 (RHEL 6). That might be why your predecessor had installed
>> a newer version of openssh (outside of RHEL).
>>
>> And if sshd isn't running your faculty won't be able to login. You
>> may have to re-install the custom version of openssh to resolve this issue.
>
> I really don't think it's an sshd problem, at this point. She's got other (many other?) users who have no trouble; it's just these three, which is why I'm strongly leaning towards them having Web Expression on their workstations misconfigured.
>
> mark
> -- ----------
>
> P.S. Now Hassan can't log in and gets the same error message as jadams 'There's no site named /faculty-staff/username'.
>
> Constance
>
>
I don't think that you should have the %u on the ChrootDirectory. Do
all of these users have www as their default group? It is the default
group that gets matched on the sftp connection.
--
Alfred
More information about the redhat-list
mailing list