chroot sftp jailing on OEL5u3 - what should be its SSH version?
Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
chroot sftp jailing on OEL5u3 - what should be its SSH version?
I have a requirement to implement SFTP CHROOT Jailing, so that, no two different SFTP users can view other person's files nor access their directories.
My server is on OEL5 version and SSH is on 4.3p2. As advised by Oracle Support, I tried to upgrade from OpenSSH_4.3p2 To OpenSSH_5.2p1 to implement the chroot jailing. But the problem with SSH5.2p1 was that, I could no longer execute xclock. So, i had to revert my SSH back to SSH4.3p2.
Did anyone of you had luck in finding the correct SSH version that works on OEL5u3 to successfully implement the chroot jailing and also allows to execute the xclock????
Just curious - you're saying Oracle support advised you to upgrade openssh to a different major version on OEL5? How did they advise you to do so? Build from source? (Sounds like quite a bad idea.)
Please spell out your requirements more clearly. You may be able to solve this problem by running a second ssh daemon (on a different port) that serves the chrooted sftp folks.
I have about 10 feeds coming into my system. I created 10 users and added them to sftpgroup. I would like to keep those ten users restricited to SFTP only and they should be restricited from looking into other directories.
I have a requirement to implement SFTP CHROOT Jailing, so that, no two different SFTP users can view other person's files nor access their directories.
My server is on OEL5 version and SSH is on 4.3p2. As advised by Oracle Support, I tried to upgrade from OpenSSH_4.3p2 To OpenSSH_5.2p1 to implement the chroot jailing. But the problem with SSH5.2p1 was that, I could no longer execute xclock. So, i had to revert my SSH back to SSH4.3p2.
Did anyone of you had luck in finding the correct SSH version that works on OEL5u3 to successfully implement the chroot jailing and also allows to execute the xclock????
What does xclock have to do with SFTP chroot jail?? Based on your other post:
Quote:
Originally Posted by abrarpasha.syed
I would like to keep those ten users restricited to SFTP only
you ONLY want them to be able to use SFTP...which obviously can't run shell commands, like xclock. Which do you want? If you want SFTP users ONLY, sounds like you've got it. If you want to execute commands, enable X11 forwarding in SSH, and set the users up to be able to log in via SSH.
I have about 10 feeds coming into my system. I created 10 users and added them to sftpgroup. I would like to keep those ten users restricited to SFTP only and they should be restricited from looking into other directories.
Tell you what - I put together a blog entry you may be interested in:
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.