LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 01-03-2011, 08:03 AM   #1
abrarpasha.syed
LQ Newbie
 
Registered: Dec 2010
Posts: 5

Rep: Reputation: 0
chroot sftp jailing on OEL5u3 - what should be its SSH version?


I have a requirement to implement SFTP CHROOT Jailing, so that, no two different SFTP users can view other person's files nor access their directories.

My server is on OEL5 version and SSH is on 4.3p2. As advised by Oracle Support, I tried to upgrade from OpenSSH_4.3p2 To OpenSSH_5.2p1 to implement the chroot jailing. But the problem with SSH5.2p1 was that, I could no longer execute xclock. So, i had to revert my SSH back to SSH4.3p2.

Did anyone of you had luck in finding the correct SSH version that works on OEL5u3 to successfully implement the chroot jailing and also allows to execute the xclock????
 
Old 01-04-2011, 06:53 PM   #2
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
Just curious - you're saying Oracle support advised you to upgrade openssh to a different major version on OEL5? How did they advise you to do so? Build from source? (Sounds like quite a bad idea.)

Please spell out your requirements more clearly. You may be able to solve this problem by running a second ssh daemon (on a different port) that serves the chrooted sftp folks.
 
Old 01-06-2011, 10:21 AM   #3
abrarpasha.syed
LQ Newbie
 
Registered: Dec 2010
Posts: 5

Original Poster
Rep: Reputation: 0
I have about 10 feeds coming into my system. I created 10 users and added them to sftpgroup. I would like to keep those ten users restricited to SFTP only and they should be restricited from looking into other directories.
 
Old 01-06-2011, 12:11 PM   #4
TB0ne
Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 14,117

Rep: Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455
Quote:
Originally Posted by abrarpasha.syed View Post
I have a requirement to implement SFTP CHROOT Jailing, so that, no two different SFTP users can view other person's files nor access their directories.

My server is on OEL5 version and SSH is on 4.3p2. As advised by Oracle Support, I tried to upgrade from OpenSSH_4.3p2 To OpenSSH_5.2p1 to implement the chroot jailing. But the problem with SSH5.2p1 was that, I could no longer execute xclock. So, i had to revert my SSH back to SSH4.3p2.

Did anyone of you had luck in finding the correct SSH version that works on OEL5u3 to successfully implement the chroot jailing and also allows to execute the xclock????
What does xclock have to do with SFTP chroot jail?? Based on your other post:
Quote:
Originally Posted by abrarpasha.syed
I would like to keep those ten users restricited to SFTP only
you ONLY want them to be able to use SFTP...which obviously can't run shell commands, like xclock. Which do you want? If you want SFTP users ONLY, sounds like you've got it. If you want to execute commands, enable X11 forwarding in SSH, and set the users up to be able to log in via SSH.
 
Old 01-08-2011, 03:06 PM   #5
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
Originally Posted by abrarpasha.syed
I have about 10 feeds coming into my system. I created 10 users and added them to sftpgroup. I would like to keep those ten users restricited to SFTP only and they should be restricited from looking into other directories.
Tell you what - I put together a blog entry you may be interested in:

http://www.linuxquestions.org/questi...on-rhel5-3495/
 
  


Reply

Tags
chroot jail


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Chroot acess with ssh and sftp problem dreamline Linux - General 2 12-15-2010 06:32 PM
chroot sftp/ssh fails on shell Kanon Linux - Security 5 09-17-2009 08:58 AM
Chroot SSH problem: ssh working, not SFTP & SCP. NaCo Linux - Security 3 02-01-2009 02:23 AM
chroot ssh/sftp on SuSE 9.2 Pro ctb123 Linux - Security 3 06-27-2006 08:45 AM
Restrict ssh/sftp with chroot? Chowroc Linux - Networking 4 01-25-2005 10:48 AM


All times are GMT -5. The time now is 01:37 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration