* [gentoo-user] internal-sftp and logs files
@ 2011-03-01 16:03 Naira Kaieski
2011-03-02 17:05 ` Ivan Kharlamov
0 siblings, 1 reply; 3+ messages in thread
From: Naira Kaieski @ 2011-03-01 16:03 UTC (permalink / raw
To: gentoo-user
Good afternoon,
Staff set up openssh to direct users to a certain group members to a
chroot environment and these users will have access only to the server
using sftp protocol.
Put in the sshd_config file:
Match Group customers
ChrootDirectory% h
ForceCommand internal-sftp-l VERBOSE f-AUTH
Thus each user is directed to the chroot environment indicated in the
variable% h (home directory defined in / etc / passwd)
An example of directory is:
User: naira
Home directory: /var/www/naira.com.br
The problem is that I am not able to capture logs of the user group
"clients" that are targeted to the chroot environment. Access via
internal-sftp from other users who do not belong to the "client" I get
the logs in auth.log files.
I'm using syslog-ng.
Has anyone ever made this kind of setup?
Thanks,
--
Naira Kaieski
Nucleo de Internet/Redes - Faccat
Linux Professional Institute - LPI000223834
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [gentoo-user] internal-sftp and logs files
2011-03-01 16:03 [gentoo-user] internal-sftp and logs files Naira Kaieski
@ 2011-03-02 17:05 ` Ivan Kharlamov
2011-03-03 17:37 ` Naira Kaieski
0 siblings, 1 reply; 3+ messages in thread
From: Ivan Kharlamov @ 2011-03-02 17:05 UTC (permalink / raw
To: gentoo-user
2011/3/1 Naira Kaieski <naira@faccat.br>:
> Good afternoon,
>
> Staff set up openssh to direct users to a certain group members to a chroot
> environment and these users will have access only to the server using sftp
> protocol.
>
> Put in the sshd_config file:
> Match Group customers
> ChrootDirectory% h
> ForceCommand internal-sftp-l VERBOSE f-AUTH
>
> Thus each user is directed to the chroot environment indicated in the
> variable% h (home directory defined in / etc / passwd)
>
> An example of directory is:
> User: naira
> Home directory: /var/www/naira.com.br
>
> The problem is that I am not able to capture logs of the user group
> "clients" that are targeted to the chroot environment. Access via
> internal-sftp from other users who do not belong to the "client" I get the
> logs in auth.log files.
>
> I'm using syslog-ng.
>
> Has anyone ever made this kind of setup?
>
> Thanks,
>
> --
> Naira Kaieski
> Nucleo de Internet/Redes - Faccat
> Linux Professional Institute - LPI000223834
>
>
Hi!
Actually, I am incompetent at this area, but have you tried this?
http://groups.google.com/group/comp.security.ssh/browse_thread/thread/ce30a1d9889dc2e2
Best regards,
Ivan
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [gentoo-user] internal-sftp and logs files
2011-03-02 17:05 ` Ivan Kharlamov
@ 2011-03-03 17:37 ` Naira Kaieski
0 siblings, 0 replies; 3+ messages in thread
From: Naira Kaieski @ 2011-03-03 17:37 UTC (permalink / raw
To: gentoo-user
Good afternoon,
http://groups.google.com/group/comp.security.ssh/browse_thread/thread/ce30a1d9889dc2e2?pli=1
The tip above link to solve the problem. I had found this link, however
I was creating the log file in the dev directory of the chroot user.
With the command strace I noticed what was happening permission error
file access.
Effectively you need only create the dev directory, the Log Files
syslog-ng will automatically create. The log file is actually a socket
file that syslog-ng will create.
Solution:
My mistake was to manually create the log file in the dev directory of
the chroot user.
An example of directory is:
User: naira
Home directory: /var/www/naira.com.br
--> File sshd_config
Match Group customers
ChrootDirectory %h
ForceCommand internal-sftp-l VERBOSE f-AUTH
--> File syslog-ng.conf
source src {
unix-stream("/dev/log");
internal();
unix-stream("/var/www/naira.com.br/dev/log");
};
# ls -lah /var/www/naira.com.br/
drwxrwxr-x 13 root root 3.8K Mar 1 14:58 dev
Restart syslog-ng.
Thanks.
Naira Kaieski
Nucleo de Internet/Redes - Faccat
Linux Professional Institute - LPI000223834
Em 2/3/2011 14:05, Ivan Kharlamov escreveu:
> 2011/3/1 Naira Kaieski<naira@faccat.br>:
>> Good afternoon,
>>
>> Staff set up openssh to direct users to a certain group members to a chroot
>> environment and these users will have access only to the server using sftp
>> protocol.
>>
>> Put in the sshd_config file:
>> Match Group customers
>> ChrootDirectory% h
>> ForceCommand internal-sftp-l VERBOSE f-AUTH
>>
>> Thus each user is directed to the chroot environment indicated in the
>> variable% h (home directory defined in / etc / passwd)
>>
>> An example of directory is:
>> User: naira
>> Home directory: /var/www/naira.com.br
>>
>> The problem is that I am not able to capture logs of the user group
>> "clients" that are targeted to the chroot environment. Access via
>> internal-sftp from other users who do not belong to the "client" I get the
>> logs in auth.log files.
>>
>> I'm using syslog-ng.
>>
>> Has anyone ever made this kind of setup?
>>
>> Thanks,
>>
>> --
>> Naira Kaieski
>> Nucleo de Internet/Redes - Faccat
>> Linux Professional Institute - LPI000223834
>>
>>
>
> Hi!
>
> Actually, I am incompetent at this area, but have you tried this?
> http://groups.google.com/group/comp.security.ssh/browse_thread/thread/ce30a1d9889dc2e2
>
> Best regards,
> Ivan
>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2011-03-03 17:39 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-03-01 16:03 [gentoo-user] internal-sftp and logs files Naira Kaieski
2011-03-02 17:05 ` Ivan Kharlamov
2011-03-03 17:37 ` Naira Kaieski
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox