OpenSUSE Network :: OpenSSH Chroot Only Supports Internal-sftp?
Nov 16, 2009
Had my chroot jail all set up and working nicely in OpenSUSE 11.1, upgraded to OpenSUSE 11.2 and had to set:
Subsystem sftp internal-sftp
(which was:
Subsystem sftp /usr/lib64/ssh/sftp-server)
and:
ForceCommand internal-sftp
[Code]...
Of which with-pam is mandatory. I used prefix to put the binaries in a place that would not conflict with the standard distribution, this meant I also needed to change /etc/init.d/sshd so that it referenced the newly compiled version of sshd, and copy /etc/ssh/sshd_config to /opt/etc/sshd_config.
View 9 Replies
ADVERTISEMENT
Jul 6, 2011
I'm new around here and pretty new to ubuntu and linux in general. I am setting Up an sftp server. I set it up using openssh and it worked fine for a few months. Then recently we experienced a power outage. Now the server will boot fine, all users can login locally, but when they try to login remotely they enter their user info and then are denied with some generic network error. Again, being a noob at this I tried to trouble shoot this a little bit but I'm not quite sure what to look for. I believe the ssh service is running but I don't know what else to look for.
View 9 Replies
View Related
Jan 19, 2010
The server I am working with is running CentOS 5.x. MySQL and FTP access is tunnelled through SSH using OpenSSH. Users are chrooted to their home directory as follows:
User: tristan
Home: /web/tristan/
Now, up to this point everything works fine (FTP access) except for MySQL tunnelling. The application I use for MySQL administration is Navicat. It allows me to access the remote SQL server as though it's local using a SSH tunnel. The problem is that I am unable to create a connection to the SQL server through tunnelling unless chroot is removed for the user. Once chroot is removed, I am able to connect to the SQL server just fine via tunnelling. However, ow when using SFTP, the user's "home" directory is now the root of the drive (which is what we don't want).
I wish I could give you more information about the configuration. Another user set this server up and unfortunately I will not be able to access the machine until a few days from now so my information is limited.
View 3 Replies
View Related
Jun 23, 2010
I have recently discovered the following: when I attempt to connect to any of our machines that are OpenSSH 5.x (Ubuntu 10 or OpenSuSE 11.x in our case) as one of the users defined in the NIS domain that fails. For instance, me (user bepstein) can SSH into all those machines but not SFTP.I can SFTP into those machines on the network that are OpenSSH 4.x, however (CentOS 5.3 - 5.4, OpenSUSE 10.3).As a user defined locally on the machine (in /etc/passwd ) I can connect via either SSH or SFTP even if the machine is OpenSSH 5.x.Some further discussion of that issue is available here: http:[url]....
View 2 Replies
View Related
Aug 13, 2010
I'm wanting to setup SFTP in a chroot, which is simply enough to do and I already have it working; however I also want it so that when they connect via SFTP it goes directly to their home directory. Currently I have the following in "/etc/ssh/sshd_config":
Code:
Subsystem sftp internal-sftp
Match Group sftp-users
ChrootDirectory /home
AllowTCPForwarding no
ForceCommand internal-sftp
Which works perfectly fine, however when they connect there are shown the contents of the "/home" directory which they then have to "cd username" to get to their home directory. This I do not like, and it confuses our clients who connect saying they can see "random folders that aren't mine", or some that think they've "hacked" the server. I really need it so upon connection they go to "username" directory. I can do this by using:
Code:
usermod -d /username username
Which changes the users home directory to "/username", and then upon connection it works just fine, they are taken directory to their home directory. However, I really really do not like the fact that "/etc/passwd" shows a different home directory to their real home directory, i.e it states "/username" when actually it is "/home/username".I've spent the entire day looking a different ways of doing it, and I can't come up with anything.
View 3 Replies
View Related
Feb 18, 2010
I'm trying to make it so that when a user logs in they are forced to stay within a certain directory structure. For some reason what I am doing is not working properly.Here are the relevant file informations:sshd_config:
Code:
Port 2238
Subsystem sftp internal-sftp
[code]...
View 4 Replies
View Related
Apr 27, 2010
I have FTPS setup on my ubuntu server 9.10 machine using vsftpd, and I want to disable the default SFTP server in openSSH. I didn't even know it was on until I accidentally connected to it. I tried searching the internet, and it seems that all I should have to do is comment out the line:
Code: Subsystem sftp /usr/lib/openssh/sftp-server restart sshd and it shouldn't work anymore.....except it does. Thinking that /etc/init.d/ssh restart may not have worked, I restarted the machine, but I can still connect over sFTP.
View 5 Replies
View Related
May 27, 2010
Where is the config file for the sftp bit? At the mo it shows all the hiddenfiles (dot) and I don't want it too. Don't laugh, I have just configured my proftp for this, and realised, hang on this isn't the program that dishs out sftp!
View 1 Replies
View Related
Apr 12, 2011
I see this questioned asked a lot and figured this tutorialThis tutorial explains how to create an SFTP server which confines (or chroot) users to their own home directory and deny them shell access.
View 1 Replies
View Related
Sep 26, 2010
I tried setting up sftp for my users. Each of my user have their home directory at "/var/www/public_html/$USER". When my users are using sftp, they can only see their own directories and unable to move to other locations of the system. I followed through the following tutorials: [URL]
The users are able to sftp into the system successfully. However, they are able to see the whole system. Somehow, it appears that the users are not jailed in their home directory although in the tutorial it states otherwise. The difference of my system against the tutorial is that I am using Dropbear for SSH server while it is using Openssh server. Although dropbear does not support sftp, I am able to login through sftp through the use of sftp-server. For the internal mechanics, I am not sure how though.
Assuming that when I tried to SFTP, the sftp-server is ran with the sshd_config, then everything should be working fine right? Do i need to run chroot command at all? The following is the procedure I used to attempt the objective:
1) Add a new user to the group: SFTPonly
2) Chown user:SFTPonly user/home/directory
2) Modify the sshd_config to what is reflected in the tutorial and other paths.
View 1 Replies
View Related
Oct 22, 2010
I've been instructed to set up an sftp server this weekend. I was going to just use vsftpd b/c it's awsome, but then someone said it's supposed to use ssh. so here's my question:
Is Vsftpd the same thing as Sftp? is it the same openssh protocol for encryption and file transport? I've set up Vsftpd before and it just uses port 21, and it doesn't seem to ask all the same questions as ssh, so is it the same thing? or should/could I tunnel vsftpd through ssh?
View 4 Replies
View Related
Dec 9, 2010
How do I set umask for sftp only users ?Users are jailed - that means they use internal-sftp:
Code:
# cat /etc/ssh/sshd_config
..........
[code]...
View 1 Replies
View Related
Jan 24, 2010
I`ve the following internet configuration at home -
WORLD
to
ADSL modem in BRIDGE mode with DHCP
[code]....
All internet browsing function are ok, but when I try to upload file using sftp to a remote compute - it hangs. This is not a problem of remote computer. Download is working ok. I disabled firewall on wireless router but this did not help.
View 1 Replies
View Related
Jan 14, 2010
I have a SuSE server (sorry but no idea what version of SuSe it's running.. I'd take a guess at 10.0) on a network with several other SuSE servers. They are all able to be SSHed externally as well as internally and all have their local firewalls disabled. I just had to reboot one of the servers and it is behaving quite strangely. I am able to SSH in and out of it externally, but can't SSH in and out of it internally.
When trying to SSH out internally I get the message:
"ssh: connect to host *.*.*.* port 22: No route to host"
When trying to SSH in internally I get the message:
"ssh: connect to host *.*.*.* port 22: Connection timed out"
Using ssh -v doesn't give any more useful information.
I have double checked that the IP is correct and that the internal firewall is disabled etc. The external firewall hasn't got anything that would prevent it (and shouldn't be an issue anyway as it's an internal only problem... SSH externally works fine). Also, it might help to know that I have the same problem with ping. I can ping this server from an external system, but not from an internal one.
View 9 Replies
View Related
Aug 4, 2010
I have a firewall/router box running openSUSE 11.2 between the outside world and the LAN. This router also provides DNS for the LAN and has SuSEfirewall enabled. LAN users need (almost) full access to the internet. However, I want to block certain sites which are not required for work (you name it: facebook is my candidate). What is the most elegant way to block certain sites (which have quite a lot of different IP numbers) ?
View 2 Replies
View Related
Nov 23, 2010
I set up a server that has dhcp going. This works 100% as I get ipaddresses. My question is how do these internal computers connect to the internet? There is a proxy that needs to be passed as well...
Is this just a simple case of portforwarding or is this a completely different thing?
View 4 Replies
View Related
Jul 12, 2011
recently we decided to make our own panel (like Plesk or cPanel) but for Ubuntu and it will be licenced under GPL (like any other professional sofware).want to make a panel not only that fits our needs but also the needs of other system administrators and domain owners. We researched other panels and found out that non of them has security/look/ease of use in one package. Bad codig is another problem found in other panels.I made a short overwiev of what I think we have to have in the beginning.I Security :1. Completely chroot enviornoment where every single service is in chroot mode (bind,mysql, postfix, .... )2. Easily managed IPtables trough web-based interface. 3. Coding rules has to be strict.
II Software selection :
1. MTA - Postfix
2. POP - dovecot
[code]....
View 7 Replies
View Related
Mar 31, 2010
Does anyone have a kernel that supports Atheros network cards? I am using ASUS EEE PC netbooks and none of the kernels I have access to have drivers installed for the NICs. I am having issues when I try to build my own kernel and maybe someone has a precompiled one? Either that or if someone has a basic, step-by-step guide to building your own custom kernel. This is my first time building a kernel and I am kind of lost. This isn't actually for running Ubuntu I will be using it in an imaging program called FOG. I just need a kernel that will support these NICs so I am able to do some imaging.
View 5 Replies
View Related
Jan 18, 2010
my servers cpu gets woken up alot (acording to powertop) by eth0 when downloading files, i figured i could get a cheap pci card that supports offloading.
View 4 Replies
View Related
Apr 13, 2011
i have a vsftpd server running well but i want to make/force all users to use sftp and not just ftp is this possible?
View 1 Replies
View Related
Feb 25, 2011
I've installed Ubuntu Server 10.10 with two network cards. One for external, and one internal.My problem is that as soon as i activate eth1 (external), i can't access the server from the internal network (eth0)
With these settings i can't reach the internal network from inside.If i disable the gateway on eth1 and enable the gateway on eth0, it works.
View 6 Replies
View Related
Mar 31, 2010
I have an OpenBSD server and I access i'm trying to access it via serial port with a Opensuse computer. I have been using Minicom but its 2 emulation types (vt102 and ANSI) Dont seem to be working for me. Is there a terminal emulator for linux that supports wyse50? That would be best.
View 4 Replies
View Related
Feb 15, 2010
I run some IT systems for my schools Engineering student organization.
We are upgrading our systems and I just purchased a new server system which I am configuring.
I am using Ubuntu 10.04 Lucid Lynx and the new likewise-open packages.
The points I bring up following this sentence are to fulfill this final goal : Get SFTP, SSH, and Network Share's over our private network all using the schools Active Directory for auth and it's groups to derive privs.
So... Here's what i've done and what i've tried to do.
1 ) I set up likewise-open and got it to join the domain. When I do this I can ssh to localhost as 'schoolnetworkADname'. So that part works (hurray). To get a network share to use these same auth methods I have tried installing likewise-open-server. Everything launches find and the daemons run, but when I go into computer management on a windows server to set up the actual shares, I get permission denied. The account it is giving permission denied to is the same AD account that join likewise-open to the network, so... what is going on.
2 ) Samba, fail. I can't seem to get samba to run on this machine at all, which is strange because even my Samba expert was puzzled. It just won't let Samba join the domain properly, and due to this, I want to keep on the newer likewise package... unless I have to switch to this.
How I can get the lame likewise-open-server to work?
View 1 Replies
View Related
Mar 3, 2010
I need to set up ssh/sftp/network shares all authenticating with AD. I want to use likewise to do the auth, but to mount the network shares I need to use an older version of samba so it can connect with likewise.How can I go about installing an older version of samba onto this new distro of the OS? I've tried installing the lenny and etch versions but I always get an error during install just saying that samba errored.
View 4 Replies
View Related
Aug 25, 2011
I`m running openSUSE Tumbleweed so the first question is: can i run ONLY another openSUSE OS inside the environment ? or can i run any distro i want ?
My second question is how do it set up the environment to act just like my normal OS, with both root and user rights on it? and of course can i run X ?
And finally third question: after googling a bit i did not found a tutorial for openSUSE but i have seen that is says that i have mount and/or bind certain things, how do i make the same thing under openSUSE for the respective chroot environment?
View 9 Replies
View Related
Sep 5, 2011
I can see from /var/log/messages error messages and weird crashes that the disk in my laptop is on the way out. I plan to replace it but to do this I'd rather not have to install everything again.My laptop has these partitions:Windows Recovery (10GB)Windows 7 (NTFS 96.6GB)Linux /boot (ext4 100MB)Linux LVM (encrypted, 143GB)I need software that will allow me to create an image (or images) of all these partitions, save the image(s) to a USB hard drive and restore from those images once I've put the new, blank, hard drive into the laptop. Does anyone know of software (either open source or commercial pay-ware) or a technique to do this?
View 1 Replies
View Related
Aug 11, 2011
I'm trying to get it so that for a particular user, at login, they are chrooted to a specific directory. I've set up the directory and everything such that I think it should work. I wrote a new login shell that chroots the user and set it to be the login shell for that user in yast. Everything works great, except that when the user logs in, it asks for two passwords : the user's password, and then the root password (because chrooting requires su privileges). Is there a way around this? This is what my login shell looks like:
Code:
#!/bin/sh
/usr/bin/sudo /usr/bin/chroot /home/raid/dictation /bin/bash
[code]....
View 8 Replies
View Related
Apr 28, 2010
I forwarded my port 22 so i can access my ssh console on my mac or Windows (using ssh secure shell client for Windows by the company SSH). On Windows i can transfer the files no problem. Now on my mac's Finder ( that supports sftp natively ) i can't access the sftp is any configuration i need to make?
View 4 Replies
View Related
Oct 6, 2009
I am not too knowledgeable on networks, however I think this should be possible.I have a computer at work, which is connected to the work network. I have files stored on the central server here and also my local computer.
At this place, computer support say "We do not offer this service". However they also say "The simplest way to do what you are asking is to install an ssh server on your actual workstation".I have done this, and it the openssh server is working because I can test from my workstation by doing ssh user@hostname and it works.What I want to do however, is to connect from outside the network. Firstly, is this possible, and secondly, what is the syntax for ssh in order to do it.
View 3 Replies
View Related
Apr 13, 2010
it's as the title sayes i can sftp into the ip address ok but if I put the computor name instead I get return
Code:
ssh: Could not resolve hostname server: Name or service not known Couldn't read packet: Connection reset by peer hopesome1 knows a round this
View 1 Replies
View Related
