P.S. - RE: [redhat-list] updates pending question

m.roth at 5-cent.us m.roth at 5-cent.us
Fri May 10 20:00:03 UTC 2013


Alfred Hovdestad wrote:
> On 10/05/13 12:06 PM, Constance Morris wrote:
>>
>> I found an article titled ' can I set up sftp to chroot only particular
>> users in rhel' and I followed the instructions of modifying the
>> /etc/ssh/sshd_config to have:
>>
>> Comment out the #Subsystem 	sftp	/usr/libexec/openssh/sftp-server
>> And put this as active = subsystem	sftp	internal-sftp
>>
>> * Now my sshd_config was different than above. It had:
>> Subsystem 	sftp	/bin/sh -c 'umas 0002; /usr/libexec/openssh/sftp-server'
>>
>> Exactly like that. But I tried the above by commenting it out and adding
>> the other line and the rest of the data as follows:
>>
>> Match Group www
>> 	ChrootDirectory /faculty-staff/%u
>> 	AllowTcpForwarding no
>> 	ForceCommand internal-sftp
>> 	X11Forwarding no
>>
>> And then did as it said and created a user, made a directory folder for
>> that user in /faculty-staff and changed ownership and permissions.
>> Then it said to restart the sshd service and upon doing so I got the
>> following error message:
>>
>> Starting sshd: /etc/ssh/sshd_config: line 122: Bad configuration option:
>> Match
>> /etc/ssh/sshd_config: terminating, 1 bad configuration options
>>                                                             [FAILED]
>>
>> Any thoughts? The comments on the article mentioned there being a
>> problem with selinux.
>>
> What version of Red Hat are you running?  I'm thinking that it is likely
> RHEL 5.  The Match keyword for openssh was introduced with openssh 5
> (RHEL 6).  That might be why your predecessor had installed a newer
> version of openssh (outside of RHEL).
>
> And if sshd isn't running your faculty won't be able to login.  You may
> have to re-install the custom version of openssh to resolve this issue.

I really don't think it's an sshd problem, at this point. She's got other
(many other?) users who have no trouble; it's just these three, which is
why I'm strongly leaning towards them having Web Expression on their
workstations misconfigured.

    mark




More information about the redhat-list mailing list