FW: [redhat-list] sftp error question

Constance Morris cmorris at daltonstate.edu
Fri May 3 14:36:48 UTC 2013 

Hey Mark,

Expression Web 4 is a software program by Microsoft used for website editing. It is similar to FrontPage or Dream Weaver if you are familiar with either of those.
Faculty who have the ability to update their web page are also limited to a certain area only on the web server as they do not have sudoers rights. 
They do basically use secure shell to access their page on the server via expression web and entering "  sftp://www.daltonstate.edu/faculty-staff/theirusername "

I did double check and his page exists out on the world wide web as well as in the faculty-staff directory on the server were it should be. 
Previously, he said that he never had to include the 'faculty-staff' part in the sftp address just 'sftp://www.daltonstate.edu/hisusername' but that must have been before my time here.
As far as I am aware they have to include that directory as they are all now listed under the 'faculty-staff' directory. 

However, I have tried both to no avail. 

Another gentleman mentioned, that I had the paths listed incorrectly and I checked on this. Sure enough, they were - I had /usr/openssh/libexec/sftp-server and the openssh & libexec needed to be switched.
However, this still did not fix the problem.

Any thoughts or suggestions?

Constance

-----Original Message-----
From: redhat-list-bounces at redhat.com [mailto:redhat-list-bounces at redhat.com] On Behalf Of m.roth at 5-cent.us
Sent: Thursday, May 02, 2013 2:37 PM
To: General Red Hat Linux discussion list
Subject: Re: FW: [redhat-list] sftp error question

Hi, Constance,

Constance   Morris wrote:
>
> Thanks again - I will attempt to finish the updates and see if that 
> fixes the problem. What is so weird to me is that I can use it just 
> fine and so can other people. So far it is only two people on campus 
> that cannot. If I go into /etc/passwd and change him from 
> /opt/openssh/libexec/sftp-server to /usr/openssh/libexec/sftp-server  
> then he gets a different error message.

Ok, first: su - to him, and type which sftp - check the path, and make sure of what he's getting. You should change him back: if that's what everyone else is using, he should be using the same.
>
> With the 1st path - he gets 'There's no site named 'faculty-staff/jadams'
> But with the 2nd path - he gets "FTP transmits the user name and 
> password without encryption. If possible, open the site by using an 
> HTTP URL to help protect it from potential network attacks."
> The funny thing is we are not using FTP - we use sftp and I've tried 
> logging in as him on from with expression web and get the same.
>
I have no idea what "expression web" is. Have you tried sftp'ing from the command line?

> Any thoughts?

In addition to the above - are doing this via browser? If so, open
tools->web developer->error console, and see what's there. You can also
check, of course, /var/log/messages and /var/log/security.

Also, have you looked to see that faulty-staff/jadams exists, where all the others reside? And what are the permissions on it?
>
> Also, thank you for the book references.
>
AND I don't eve get a kickback from O'Reilly.... <g>

         mark
>
> -----Original Message-----
> From: redhat-list-bounces at redhat.com
> [mailto:redhat-list-bounces at redhat.com] On Behalf Of m.roth at 5-cent.us
> Sent: Thursday, May 02, 2013 9:46 AM
> To: General Red Hat Linux discussion list
> Subject: RE: [redhat-list] sftp error question
>
> Hi, Constance,
>
> Constance   Morris wrote:
>>
> <snip>
>>> (This would have to do with the apache configuration (httpd); that's 
>>> in /etc/httpd/conf and /etc/httpd/conf.d Sounds to me as though the 
>>> virtual hosts are messed up, or possibly that you have secondary 
>>> IPs, for which you need to look at /etc/sysconfig/network-scripts.)
>>
>> I've checked the httpd files (conf and conf.d) but they have not been 
>> updated by the updates that took place thus far. But in
>
> Updates will *not* overwrite existing configuration files, esp. if 
> they've been changed from what came in the original release - you'll 
> see they dump the new versions as *.rpmnew.
>
>> /etc/sysconfig/network-scripts I can see 3 that were updated (ifdown, 
>> ifdown-isdn, ifup, ifup-isdn).
>
> That may well be ok. I suspect you're not using ISDN, and ifdown is a 
> shutdown the network script, with no effect on bringing it up.
>>
>>> (What I did at work, several years ago, was to talk to the system 
>>> owners, and set up a regular monthly maintenance window, when I 
>>> could do full updates - bug and security fixes - and reboot as 
>>> needed. And they make sure their users know of the window.)
>>
>> Unfortunately, I do not have that luxury. So I have to do them in 
>> between semester breaks....etc.
>
> <g> There are holidays... but you can do updates, and that won't 
> really affect anyone until the program's restarted. There *are* 
> certain provisos to that, though, things like glibc (the C libraries that everything uses).
>
> If you need to do something, I recommend, in this order, Tuesday or 
> Thursday morning somewhere between 02:00  and 06:00. (This is based on 
> personal knowledge that the City of Chicago 911 system, when they do 
> maintenance, that's the least-busy time). You certainly wouldn't need 
> more than half an hour... WITH THE EXCEPTION of fsck. That, you can 
> certainly do between semesters - twice a year is fine.
>>
>>> (Third, if this is a server, and *esp* if it's a production machine, 
>>> I would recommend turning off yum-updatesd (that's the auto-updated; 
>>> it doesn't exist in 6.x) - you should consider the updates, and 
>>> coordinate if there's something that your users might see, like NFS 
>>> or apache, etc.)
>>
>>> Thank you - I will turn that off as it is a production server. What 
>>> did you mean by: " you should consider the updates, and coordinate 
>>> if there's something that your users might see, like NFS or apache, 
>>> etc"? I assume you meant, being careful what updates I do and when I 
>>> do them, but I wasn't sure.
>
> Yep. There are things that would affect a lot of folks - websites, for 
> example, and restarting things like apache, or if (as I hope) you've 
> got NFS-mounted home directories. For the latter, you *have* to have 
> users log out and log back in, or they're immediately start getting 
> the dreaded "Stale File Handle" error.
>
> A recommendation: if you're going to be doing this for a while, you 
> should pick up one of two books, and READ IT ALL THE WAY THROUGH: 
> either Frisch's Essential Systems Administration, published by 
> O'Reilly*, or Nemeth, Snyder, Seebass & Hein's Unix Systems 
> Administration Handbook, published by Prentice Hall. These are the two 
> books that just about all sysadmins know. Yeah, the Frisch one's about 
> 10 years since the last update, but at the very least, find it, and 
> read chapter 2: The Unix Way, which will give you full Enlightenment 
> about how all version of *Nix work, and the architecture that underpins them.
>>
>> Thank you for responding Mark!
>
> That's why we hang out on lists like this, to help each other.
>
> * Almost any book published by O'Reilly is *good* - almost all 
> computer folks I know have anywhere from one book from them to a shelf of them.
> They're the only publisher I know that goes out of their way to not 
> only find people who *really* know their subject, but can actually
> *communicate* that information.
>
>         mark
>>
>> Constance
>>
>> -----Original Message-----
>> From: redhat-list-bounces at redhat.com
>> [mailto:redhat-list-bounces at redhat.com] On Behalf Of mark
>> Sent: Thursday, May 02, 2013 8:06 AM
>> To: General Red Hat Linux discussion list
>> Subject: Re: [redhat-list] sftp error question
>>
>> On 05/02/13 07:35, Constance Morris wrote:
>>> Hi everyone, I'm new to this list, so I apologize if my email is not 
>>> in keeping with the procedures. I am a newbie with RHEL 5.7 system 
>>> administration and recently registered our web server with Red Hat 
>>> (this past Monday). Upon registration, I noticed online that the 
>>> server needed
>>> 506 updates and so I set the auto errata to enabled. By the time, I 
>>> realized my mistake there were only 217 updates left to be done. I 
>>> changed the auto errata to disabled and locked the account to stop 
>>> the rest from going through on their own.
>>
>> Hi, Constance,
>>
>> You've probably got several things going on.
>>
>> First, finish the full updates, really. 5.7 is several years old - 
>> it's now on 5.9, for the 5.x branch (the 6.x is up to 6.4 as of 
>> several months
>> ago) and if you type lsb_release -a, that's what you should see.
>> Having it partly updated is asking for trouble, esp. if interrelated 
>> packages are not all installed, such as an application like apache, 
>> but libraries it needs aren't updated.
>>
>> Second, when you do a reboot, it *will* have major issues, unless you 
>> finish that update, for the reason above.
>>
>> Third, if this is a server, and *esp* if it's a production machine, I 
>> would recommend turning off yum-updatesd (that's the auto-updated; it 
>> doesn't exist in 6.x) - you should consider the updates, and 
>> coordinate if there's something that your users might see, like NFS 
>> or apache, etc.
>>>
>>> Immediately following, I was unable to use Putty to ssh to the web 
>>> server. A co-worker worked with me to get us access again by 
>>> updating the
>>
>> And, presumably, restarting sshd (service sshd restart).
>>
>>> sshd_config file. However, we have some clients who use Expression 
>>> Web
>>> 4 to update sites and they cannot gain access. It says "There's no 
>>> site named 'blah' " when they try to login.
>>
>> This would have to do with the apache configuration (httpd); that's 
>> in /etc/httpd/conf and /etc/httpd/conf.d Sounds to me as though the 
>> virtual hosts are messed up, or possibly that you have secondary IPs, 
>> for which you need to look at /etc/sysconfig/network-scripts.
>>
>> *Do* run yum update regularly. RH should be emailing you about 
>> updates; anything labelled "critical" (like firefox) should be done 
>> that day; important, if you read what it fixes and find that it 
>> affects you, in the next couple of days. What I did at work, several 
>> years ago, was to talk to the system owners, and set up a regular 
>> monthly maintenance window, when I could do full updates - bug and 
>> security fixes - and reboot as needed. And they make sure their users 
>> know of the window.
>>
>> 	mark
>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>


--
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

More information about the redhat-list mailing list