search for: sftpusers

...ry" option for the sshd daemon to jail my ssh users. Additionally, I'm using the "Match group" option to only jail people belonging to a specific active directory group. Here are the relevant lines of the sshd_config file: LogLevel Debug3 Subsystem sftp internal-sftp Match group sftpusers ChrootDirectory /my/chroot/home ForceCommand internal-sftp sftpusers is an active directory group. I logged me in with a user belonging to that group. The first time, the user will only see the home directories of the other jailed users, so, the real root path won't be showed. However, if I...

I've configured OpenSSH_5.3p1 to only allow sftp connections (openssh chroot functionality). i.e. Subsystem sftp internal-sftp Match group sftpusers ChrootDirectory /chroot/%u X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp So far everything works correctly with sftp but when a user ssh's or scp's to the box the login hangs after authentication. Is there anyway to get sshd to close...

On 21/06/2019 15:39, Edouard Guign? via samba wrote: > Hello, > > I am facing 2 issues now. > The first one is the more critical for me... > > 1. When I switch from sssd to winbind with : > # authconfig --enablekrb5 --enablewinbind --enablewinbindauth > --enablemkhomedir --update > > My sftp access did not work. Does it change the way to pass the login ? > I used

This way is so easier... Thank you Rowland Le 20/06/2019 ? 14:01, Rowland penny via samba a ?crit?: > On 20/06/2019 17:54, Edouard Guign? via samba wrote: >> My idea is to replace default "cifs_idmap_sss.so" plugin by >> "idmapwb.so" winbind plugin, in order to SSSD becomes a client of >> winbind. >> To avoid to change nsswitch.conf : >>

...cture because this will often leave him confused and he'll often call helpdesk and complain about it. That's one of reasons why we have chroot support in OpenSSH. Other reason is obvious: better security. So this is typical configuration: Subsystem sftp internal-sftp Match Group sftpusers ChrootDirectory %h ForceCommand internal-sftp AllowTcpForwarding no It has one big problem. For security reasons we cannot chroot into directory that is not owned by root (or writable by user). There's probably nothing we can do about this right now, but let's take a deeper look...

Yes, I have only one domain. Even after added "winbind use default domain = yes" to smb.cnf, I cannot ssh : /Jun 21 12:43:59 [localhost] sshd[5938]: pam_sss(sshd:auth): Request to sssd failed. Connection refused// //Jun 21 12:43:59 [localhost] sshd[5938]: pam_krb5[5938]: TGT verified using key for 'host/mysambserver at MYDOMAIN.LOCAL'// //Jun 21 12:43:59 [localhost]

Hello, I am facing 2 issues now. The first one is the more critical for me... 1. When I switch from sssd to winbind with : # authconfig --enablekrb5 --enablewinbind --enablewinbindauth --enablemkhomedir --update My sftp access did not work. Does it change the way to pass the login ? I used to connect in sftp with userlogin / userpassword //var/log/secure :// / /Jun 21 11:08:31 [localhost]