On 10/05/13 12:06 PM, Constance Morris wrote:
Hi Mr. Hovdestad,
Yum update shows me there are no packages marked for update.
Yes, the locations are the same for sftp and ssh, but not sshd.
Not sure if that makes a difference with the sshd not being in a similar path location as the other two.
But they all 3 are showing to belong to the same package.
Constance
Hi Constance.
The ssh and sftp commands should belong to the same package, openssh-clients. The sshd daemon belongs to the openssh-server package.
The versions should match (or at least be very close).
From your other posts I think that your faculty accounts might be in a chroot environment. There is an article in the Red Hat Knowledge Base that describes setting up an sftp-only environment for your faculty.
You can check this by looking for
Match Group sftp
in /etc/ssh/sshd_config. This would indicate that any account created with the default group sftp would be in the chroot environment. If they are in a chroot environment that would require that their default shell and home directory be specified according to the chroot configuration (-s /bin/false, -d /username [relative to the chroot environment]).
--
Alfred
----------
Hi Alfred,
Yes, I do believe they might be supposed to be in a chroot environment.
I found an article titled ' can I set up sftp to chroot only particular users in rhel' and I followed the instructions of modifying the /etc/ssh/sshd_config to have:
Comment out the #Subsystem sftp /usr/libexec/openssh/sftp-server
And put this as active = subsystem sftp internal-sftp
* Now my sshd_config was different than above. It had:
Subsystem sftp /bin/sh -c 'umas 0002; /usr/libexec/openssh/sftp-server'
Exactly like that. But I tried the above by commenting it out and adding the other line and the rest of the data as follows:
Match Group www
ChrootDirectory /faculty-staff/%u
AllowTcpForwarding no
ForceCommand internal-sftp
X11Forwarding no
And then did as it said and created a user, made a directory folder for that user in /faculty-staff and changed ownership and permissions.
Then it said to restart the sshd service and upon doing so I got the following error message:
Starting sshd: /etc/ssh/sshd_config: line 122: Bad configuration option: Match
/etc/ssh/sshd_config: terminating, 1 bad configuration options
[FAILED]
Any thoughts? The comments on the article mentioned there being a problem with selinux.
Constance
Hi Constance.
What version of Red Hat are you running? I'm thinking that it is likely
RHEL 5. The Match keyword for openssh was introduced with openssh 5
(RHEL 6). That might be why your predecessor had installed a newer
version of openssh (outside of RHEL).
And if sshd isn't running your faculty won't be able to login. You may
have to re-install the custom version of openssh to resolve this issue.
--
Alfred
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
