-----Original Message----- From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Alfred Hovdestad Sent: Friday, May 10, 2013 3:53 PM To: General Red Hat Linux discussion list Subject: Re: P.S. - RE: [redhat-list] updates pending question On 10/05/13 12:06 PM, Constance Morris wrote: >> Hi Mr. Hovdestad, >> >> Yum update shows me there are no packages marked for update. >> Yes, the locations are the same for sftp and ssh, but not sshd. >> Not sure if that makes a difference with the sshd not being in a similar path location as the other two. >> But they all 3 are showing to belong to the same package. >> >> Constance >> > > Hi Constance. > > The ssh and sftp commands should belong to the same package, openssh-clients. The sshd daemon belongs to the openssh-server package. > The versions should match (or at least be very close). > > From your other posts I think that your faculty accounts might be in a chroot environment. There is an article in the Red Hat Knowledge Base that describes setting up an sftp-only environment for your faculty. > You can check this by looking for > > Match Group sftp > > in /etc/ssh/sshd_config. This would indicate that any account created with the default group sftp would be in the chroot environment. If they are in a chroot environment that would require that their default shell and home directory be specified according to the chroot configuration (-s /bin/false, -d /username [relative to the chroot environment]). > > -- > Alfred > ---------- > > Hi Alfred, > > Yes, I do believe they might be supposed to be in a chroot environment. > > I found an article titled ' can I set up sftp to chroot only particular users in rhel' and I followed the instructions of modifying the /etc/ssh/sshd_config to have: > > Comment out the #Subsystem sftp /usr/libexec/openssh/sftp-server > And put this as active = subsystem sftp internal-sftp > > * Now my sshd_config was different than above. It had: > Subsystem sftp /bin/sh -c 'umas 0002; /usr/libexec/openssh/sftp-server' > > Exactly like that. But I tried the above by commenting it out and adding the other line and the rest of the data as follows: > > Match Group www > ChrootDirectory /faculty-staff/%u > AllowTcpForwarding no > ForceCommand internal-sftp > X11Forwarding no > > And then did as it said and created a user, made a directory folder for that user in /faculty-staff and changed ownership and permissions. > Then it said to restart the sshd service and upon doing so I got the following error message: > > Starting sshd: /etc/ssh/sshd_config: line 122: Bad configuration > option: Match > /etc/ssh/sshd_config: terminating, 1 bad configuration options > [FAILED] > > Any thoughts? The comments on the article mentioned there being a problem with selinux. > > Constance > > Hi Constance. What version of Red Hat are you running? I'm thinking that it is likely RHEL 5. The Match keyword for openssh was introduced with openssh 5 (RHEL 6). That might be why your predecessor had installed a newer version of openssh (outside of RHEL). And if sshd isn't running your faculty won't be able to login. You may have to re-install the custom version of openssh to resolve this issue. -- Alfred -------- Hey Alfred, Yes, I'm running RHEL 5.9 (Tikanga) How will I know which is the custom version of openssh to re-install? And do I have to download it from a website first and then upload it to the server, or do I type in a command? When I enter the command: yum install openssh or yum install openssh-server I get error messages either way saying : " Loaded plugins: rhnplugin, security Traceback (most recent call last): File "/usr/bin/yum", line 29, in ? yummain.user_main(sys.argv[1:], exit_code=True) File "/usr/share/yum-cli/yummain.py", line 309, in user_main errcode = main(args) File "/usr/share/yum-cli/yummain.py", line 161, in main return exFatal(e) File "/usr/share/yum-cli/yummain.py", line 64, in exFatal logger.critical('\n\n%s', to_unicode(e)) File "/usr/lib/python2.4/logging/__init__.py", line 1019, in critical apply(self._log, (CRITICAL, msg, args), kwargs) File "/usr/lib/python2.4/logging/__init__.py", line 1078, in _log record = self.makeRecord(self.name, level, fn, lno, msg, args, exc_info) File "/usr/lib/python2.4/logging/__init__.py", line 1064, in makeRecord return LogRecord(name, level, fn, lno, msg, args, exc_info) File "/usr/lib/python2.4/logging/__init__.py", line 226, in __init__ if args and (len(args) == 1) and args[0] and (type(args[0]) == types.DictType): TypeError: 'NoneType' object is not callable" Thanks, Constance -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
