LinuxQuestions.org
Visit Jeremy's Blog.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
Reload this Page Configur sftp chroot utilizing Windows DFS as the backend storage
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-30-2015, 05:47 PM   #1
itanium3
LQ Newbie
 
Registered: Nov 2011
Posts: 3

Rep: Reputation: Disabled
Configur sftp chroot utilizing Windows DFS as the backend storage

Objective:
to utilize existing infrastructure(RHEL 7 and Windows 2012R2) to provide AD users access to a chrooted, SFTP solution that logs files copied into the environment, while utilizing Windows DFS and replication as the backend.

Environment:
RHEL 7 server running sftp, using Realm for AD authentication. AD group = sdn_sftp_users, user = user1@sdn.com
Local Group: sdn_sftp_users:x:566601113:user1@sdn.com

Windows DFS setup configured as the backend storage for SFTP.

sshd_config:

# override default of no subsystems
#Subsystem sftp /usr/libexec/openssh/sftp-server
Subsystem sftp internal-sftp -f AUTH -l VERBOSE

# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server

Match Group sdn_sftp_users
ChrootDirectory /dfsshare/sftproot/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

sssd.conf: (excerpt)
#fallback_homedir = /home/%d/%u
fallback_homedir = /dfsshare/sftproot/%u (this is setup as a mount in /etc/fstab)

Issues:
DFS Storage
Redirecting user home directories to the DFS share prevents jailing of sftp connection.
I cannot change permissions on a mount in /etc/fstab
Authentication
Realm > cashing creds only still need to create local group and add users but cannot /sbin/nologin the AD user.
Logging
SFTP does not appear to track files copied in via user. ???

Questions:
Can you tell me if this can be accomplished with this setup. Is it just a matter of permissions that are causing me a problem or is this even possible? if not, why?

Are there simple changes I can make to allow this to work?

Any recommendations?

NOTE:I cannot purchase 3rd party software to accomplish this!

THANK YOU,
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Configur sftp chroot utilizing Windows DFS as the backend storage itanium3 Linux - Newbie 2 10-02-2015 03:16 PM
[SOLVED] -ish Duplicity backend network storage Miati Linux - Networking 1 01-03-2015 01:36 PM
SFTP logging for Chroot on CentOS 6.2 with openssh-5.3 not working (internal-sftp) RatherBFishin Linux - Server 1 08-30-2012 06:45 PM
Backend/Storage Server Help... skate Linux - Server 3 06-20-2008 03:09 AM
Sftp and chroot axman Linux - Security 4 10-02-2003 04:51 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 11:58 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration