LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (http://www.linuxquestions.org/questions/linux-general-1/)
-   -   chroot sftp jailing on OEL5u3 - what should be its SSH version? (http://www.linuxquestions.org/questions/linux-general-1/chroot-sftp-jailing-on-oel5u3-what-should-be-its-ssh-version-853896/)

abrarpasha.syed 01-03-2011 09:03 AM

chroot sftp jailing on OEL5u3 - what should be its SSH version?
 
I have a requirement to implement SFTP CHROOT Jailing, so that, no two different SFTP users can view other person's files nor access their directories.

My server is on OEL5 version and SSH is on 4.3p2. As advised by Oracle Support, I tried to upgrade from OpenSSH_4.3p2 To OpenSSH_5.2p1 to implement the chroot jailing. But the problem with SSH5.2p1 was that, I could no longer execute xclock. So, i had to revert my SSH back to SSH4.3p2.

Did anyone of you had luck in finding the correct SSH version that works on OEL5u3 to successfully implement the chroot jailing and also allows to execute the xclock????

anomie 01-04-2011 07:53 PM

Just curious - you're saying Oracle support advised you to upgrade openssh to a different major version on OEL5? How did they advise you to do so? Build from source? (Sounds like quite a bad idea.)

Please spell out your requirements more clearly. You may be able to solve this problem by running a second ssh daemon (on a different port) that serves the chrooted sftp folks.

abrarpasha.syed 01-06-2011 11:21 AM

I have about 10 feeds coming into my system. I created 10 users and added them to sftpgroup. I would like to keep those ten users restricited to SFTP only and they should be restricited from looking into other directories.

TB0ne 01-06-2011 01:11 PM

Quote:

Originally Posted by abrarpasha.syed (Post 4211438)
I have a requirement to implement SFTP CHROOT Jailing, so that, no two different SFTP users can view other person's files nor access their directories.

My server is on OEL5 version and SSH is on 4.3p2. As advised by Oracle Support, I tried to upgrade from OpenSSH_4.3p2 To OpenSSH_5.2p1 to implement the chroot jailing. But the problem with SSH5.2p1 was that, I could no longer execute xclock. So, i had to revert my SSH back to SSH4.3p2.

Did anyone of you had luck in finding the correct SSH version that works on OEL5u3 to successfully implement the chroot jailing and also allows to execute the xclock????

What does xclock have to do with SFTP chroot jail?? Based on your other post:
Quote:

Originally Posted by abrarpasha.syed
I would like to keep those ten users restricited to SFTP only

you ONLY want them to be able to use SFTP...which obviously can't run shell commands, like xclock. Which do you want? If you want SFTP users ONLY, sounds like you've got it. If you want to execute commands, enable X11 forwarding in SSH, and set the users up to be able to log in via SSH.

anomie 01-08-2011 04:06 PM

Quote:

Originally Posted by abrarpasha.syed
I have about 10 feeds coming into my system. I created 10 users and added them to sftpgroup. I would like to keep those ten users restricited to SFTP only and they should be restricited from looking into other directories.

Tell you what - I put together a blog entry you may be interested in:

http://www.linuxquestions.org/questi...on-rhel5-3495/


All times are GMT -5. The time now is 07:26 PM.