OpenSSH 5.2 p-1 Problem

saifkhan123 · 09-18-2009, 10:07 PM

i am running OpenSSH 5.2 with CentOS 5.2, the problem is that i have restricted the users to the sftp only using "Force Command" with Match Block, and those users are not able to login to the shell through ssh, now the problem is that users are not able to login to the shell even if i comment out the "Force Command", as i want some of the sftp users (not all) to login to the shell, some of my ssh options are as follows

Code:

# override default of no subsystems
Subsystem       sftp    internal-sftp

Match Group sftpusers
    ChrootDirectory /chroot
    AllowTCPForwarding no
    X11Forwarding no
    ForceCommand internal-sftp

current config is

Code:

# override default of no subsystems
Subsystem       sftp    internal-sftp

Match Group sftpusers
    ChrootDirectory /chroot
    AllowTCPForwarding no
    X11Forwarding no
#ForceCommand internal-sftp

when i try to login and give password, the window is closed, the /var/log/messages says that

Code:

sshserver sshd[2499]: Accepted password for test from 10.0.0.54 port 2683 ssh2

one more thing is that, all the sftp user has there home directory /chroot, to which they are chrooted on sftp login, and directory is owned by user "root" and group "root" (which is necessary for chrooting)..........any suggestions??

avalonit · 09-20-2009, 08:42 AM

A chroot with insufficient setup can definitely lock your users out of ssh. For example if the configured shell for the users is not present in there.
So what exactly are you trying to do? ssh users but still put them in a chroot?

Another thing to note as well is that when you change sshd configuration, you need to run "service sshd reload" so new configuration is obeyed.