-----Original Message----- From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Alfred Hovdestad Sent: Friday, May 10, 2013 4:37 PM To: General Red Hat Linux discussion list Subject: Re: P.S. - RE: [redhat-list] updates pending question On 10/05/13 02:29 PM, Constance Morris wrote: > -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx > [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of m.roth@xxxxxxxxx > Sent: Friday, May 10, 2013 4:00 PM > To: General Red Hat Linux discussion list > Subject: Re: P.S. - RE: [redhat-list] updates pending question > > Alfred Hovdestad wrote: >> On 10/05/13 12:06 PM, Constance Morris wrote: >>> >>> I found an article titled ' can I set up sftp to chroot only >>> particular users in rhel' and I followed the instructions of >>> modifying the /etc/ssh/sshd_config to have: >>> >>> Comment out the #Subsystem sftp /usr/libexec/openssh/sftp-server >>> And put this as active = subsystem sftp internal-sftp >>> >>> * Now my sshd_config was different than above. It had: >>> Subsystem sftp /bin/sh -c 'umas 0002; /usr/libexec/openssh/sftp-server' >>> >>> Exactly like that. But I tried the above by commenting it out and >>> adding the other line and the rest of the data as follows: >>> >>> Match Group www >>> ChrootDirectory /faculty-staff/%u >>> AllowTcpForwarding no >>> ForceCommand internal-sftp >>> X11Forwarding no >>> >>> And then did as it said and created a user, made a directory folder >>> for that user in /faculty-staff and changed ownership and permissions. >>> Then it said to restart the sshd service and upon doing so I got the >>> following error message: >>> >>> Starting sshd: /etc/ssh/sshd_config: line 122: Bad configuration option: >>> Match >>> /etc/ssh/sshd_config: terminating, 1 bad configuration options >>> >>> [FAILED] >>> >>> Any thoughts? The comments on the article mentioned there being a >>> problem with selinux. >>> >> What version of Red Hat are you running? I'm thinking that it is >> likely RHEL 5. The Match keyword for openssh was introduced with >> openssh 5 (RHEL 6). That might be why your predecessor had installed >> a newer version of openssh (outside of RHEL). >> >> And if sshd isn't running your faculty won't be able to login. You >> may have to re-install the custom version of openssh to resolve this issue. > > I really don't think it's an sshd problem, at this point. She's got other (many other?) users who have no trouble; it's just these three, which is why I'm strongly leaning towards them having Web Expression on their workstations misconfigured. > > mark > -- ---------- > > P.S. Now Hassan can't log in and gets the same error message as jadams 'There's no site named /faculty-staff/username'. > > Constance > > I don't think that you should have the %u on the ChrootDirectory. Do all of these users have www as their default group? It is the default group that gets matched on the sftp connection. -- Alfred ----------- Alfred, Okay, that's good to know if I have to make those changes again, but I had removed all of those changes to the sshd_config file when I ran into that error message after trying to restart the sshd service. So it doesn't have the 'Match Group www' info or the ChrootDirectory /faculty-staff/%u info in that file anymore. Ah......for their faculty-staff directory pages then yes they all have the www group. However, ones like Cathy don't log in for the faculty-staff directory but to their department directory and it uses a different group. So I see my error there with having listed the 'www' group when I tried that. If I have to add those back in to the sshd_config file since I removed them when I got the error message......any suggestions on what I should use for the matched or should I leave that out of it? Constance -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
