similar to: Prompt for chrooted users

On Mon, July 6, 2015 15:47, m.roth at 5-cent.us wrote: > James B. Byrne wrote: >> We have a requirement to allow ssh access to a server in order to >> provide a secure link to one of our legacy systems. I would like to >> chroot these accounts. >> >> I have this working except for one small detail, the user's prompt >> in >> the ssh session. Each

We have a requirement to allow ssh access to a server in order to provide a secure link to one of our legacy systems. I would like to chroot these accounts. I have this working except for one small detail, the user's prompt in the ssh session. Each user has their shell set to /bin/bash in /etc/passwd. However, instead of getting the prompt defined in their .bash_profiles we see this:

I run a sshd host solely to allow employees to tunnel secure connections to our internal hosts. Some of which do not support encrypted protocols. These connections are chroot'ed via the following in /etc/ssh/sshd_config Match Group !wheel,!xxxxxx,yyyyy AllowTcpForwarding yes ChrootDirectory /home/yyyyy X11Forwarding yes Where external users belong to group yyyyy (primary). We

CentOS-6.6 We have sshd chroot working, mostly, for a particular groupid. However, we have two things that remain u/s, no doubt due to some omission on my part. Basically, we would like our users to be able to tunnel their https over the ssh connection to this server and be able to do X11 forwarding as well. At the moment both work when the user connects without chroot and neither works if

Our firm uses a dedicated virtual host to provide ssh tunnels for remote employee access to various internal services and for http/s access to the outside world. For security reasons I would like to have the remote users forward their dns lookups over the tunnel as well. However, we recently chrooted a number of ssh users and these accounts cannot resolve dns queries passed over the tunnel. I

I am testing a chrooted environment for sftp using the internal-sftp subsystem. Now that I seem to have SELinux mostly out of the way, when I do an 'ls -l' after the sftp login I see only numbers for the uids and gids. When I was using scponly I simply had a local version of /etc/passwd and /etc/group but these are evidently not used by the internal sftp subsystem. Is there a way to get

On Fri, May 8, 2015 13:23, m.roth at 5-cent.us wrote: > Devin Reade wrote: >> --On Friday, May 08, 2015 09:58:32 AM -0400 "James B. Byrne" >> <byrnejb at harte-lyne.ca> wrote: >> >>> While attempting to debug something else I ran across this: >>> >>> ssh -vvv somehost >>> . . . >>> debug1: Connection established.

James B. Byrne wrote: > We have a requirement to allow ssh access to a server in order to > provide a secure link to one of our legacy systems. I would like to > chroot these accounts. > > I have this working except for one small detail, the user's prompt in > the ssh session. Each user has their shell set to /bin/bash in > /etc/passwd. However, instead of getting the

Hi! I want to set a OpenSSH server which restricts some users to only chrooted SFTP, while others have full/normal ssh, scp and sftp access. Most or all guides on the web say that I should enable the config line "Subsytem sftp internal-sftp" among other things, but I've found out that this only causes non-restricted users to not be able use SFTP at all, only the chrooted users.

HI: I tried to deploy a SFTP server with chroot but when i tried to connnect the client send the next error: Write failed: Broken pipe Couldn't read packet: Connection reset by peer The sshd_conf file is the next: ------------------------------------------------------------------- # Package generated configuration file # See the sshd_config(5) manpage for details # What ports, IPs and

Note: I am digest subscriber so if you could copy me directly on any reply to the list I would appreciate it very much. I sent this to the OpenSSH list (secureshell at securityfocus.com) yesterday and received no response so I am asking here in hopes that someone else has run across this problem on CentOS. We have encountered a situation that requires sftp access to one of our server by an

https://bugzilla.mindrot.org/show_bug.cgi?id=1951 Bug #: 1951 Summary: Add home directory facility for chrooted environments Classification: Unclassified Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: sshd

https://bugzilla.mindrot.org/show_bug.cgi?id=2048 Priority: P5 Bug ID: 2048 Assignee: unassigned-bugs at mindrot.org Summary: Make chrooted sftp more user friendly using bind mount (solution suggested) Severity: enhancement Classification: Unclassified OS: Linux Reporter: harviecz at gmail.com

Hello, First, a big thank you to the OpenSSH devs. _ /Problem Summary:/ _ Chroot and SELinux don't get along. This affects both the new (official) ChrootDirectory feature, as well as the older (3rd party) patch at http://chrootssh.sourceforge.net/. _ /History and repro:/ _ On March 21, 2008, Alexandre Rossi posted to this list with the subject: "*ChrootDirectory

I am trying to determine how to customize the date and time display of system utilities and user programs using the locale settings. What I really want is some sort of utility program that does the same thing for CentOS as the Regions Settings Control Panel app. for MicroSoft Windows accomplishes, but I have no hope of seeing that. I have traced the login locale processing through /etc/profile

Previously, when I did this: >> samba-tool dns query localhost brockley.harte-lyne.ca brockley.harte-lyne.ca >> ALL -U administrator Then I saw this: >> Password for [BROCKLEY\administrator]: Now I see this: >> samba-tool dns query localhost brockley.harte-lyne.ca brockley.harte-lyne.ca >> ALL -U administrator >> Cannot do GSSAPI to an IP address >>

And no sooner do I send the email than I spot the problem. Oops! Sorry about that. The sshd_config needed to contain a different internal-sftp line: Match User test-sftp-only ChrootDirectory /home/sftp/mcsosftp ForceCommand internal-sftp -f AUTHPRIV -l INFO PasswordAuthentication no AuthorizedKeysCommand /usr/local/bin/get_sftp_key That's gotten

I am supporting a site that allows members to upload release files. I have inherited this site which was previously existing. The goal is to allow members to file transfer to and from their project area for release distribution but not to allow general shell access and not to allow access to other parts of the system. Currently rsync and old scp has been restricted using a restricted shell

Hi all, I am running Debian Etch. I've compiled openssh-5.0p1 with pam support. I'd like to use a chrooted sftp environment for my users and also log their sftp file transfers. Currently file transfer logging stops working when I implement a jail. Logging from within the chroot seems like a useful feature. I hope it makes it in sooner rather than later. Here's the contents of my

Hello everyone, We have some chrooted sftp-only users on a CentOS release 6.6 server. The server had been logging their actions, but after recent updates the logs have stopped. The server correctly logs non-chrooted users: Sep 14 17:47:24 vsecure4 sshd[1981]: Accepted publickey for jcours from 192.168.10.166 port 42545 ssh2 Sep 14 17:47:24 vsecure4 sshd[1981]: pam_unix(sshd:session):