Solved

Unable to Log In Via SSH

Posted on 2014-02-06
35
1,115 Views
Last Modified: 2014-02-21
Hello Experts!

I am having a problem being able to log in via SSH with a user I created using the article found at http://derek.rule88.com/2011/05/17/simple-jailed-sftp-users-with-centos/.  When I set up the user with its password on the server, and try to log in via SSH through PuTTY, I get a "Access denied" error.  It does not matter how many times or in what shape or form I make the password, I get the same error every time.

Here is a copy of my sshd_config file:
#       $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile     .ssh/authorized_keys
#AuthorizedKeysCommand none
#AuthorizedKeysCommandRunAs nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes

# GSSAPI options
#GSSAPIAuthentication no
GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no
UsePAM yes

# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
#ChrootDirectory none

# no default banner path
#Banner none

# override default of no subsystems
#Subsystem      sftp    /usr/libexec/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#       X11Forwarding no
#       AllowTcpForwarding no
#       ForceCommand cvs server
UseDNS  no

Subsystem       sftp    internal-sftp
AllowGroups root sftponly
Match Group sftponly
        ChrootDirectory /home/newuser
        ForceCommand    internal-sftp
        AllowTcpForwarding      no

Open in new window

Any help or ideas you can give me would be greatly appreciated.

Thanks.
0
Comment
Question by:OmniUnlimited
  • 18
  • 12
  • 3
  • +1
35 Comments
 
LVL 48

Expert Comment

by:Tintin
ID: 39841014
What user are you trying to connect as?

Do you really want a chrooted sftp environment?
0
 
LVL 17

Author Comment

by:OmniUnlimited
ID: 39841051
The user is newuser.  What I am trying to do is to limit SSH access of this user to just his directory under the /home directory, which in this case is /home/newuser.  The article I posted the link to seems to set this up, however I am not the expert in this, if you have a better solution, I am all ears.
0
 
LVL 48

Expert Comment

by:Tintin
ID: 39841063
So you want the user to be able to login to the command line or do they just require the ability to transfer files?

There's quite a difference to setting up a chrooted ssh environment compared to a chrooted sftp environment.
0
 
LVL 17

Author Comment

by:OmniUnlimited
ID: 39841073
They need to be able to login to the command line but only have access to their directory.
0
 
LVL 48

Assisted Solution

by:Tintin
Tintin earned 50 total points
ID: 39841102
In that case, you don't want sftp.   The process is a little more complicated and does depend on your distro/openssh version, but the instructions at http://how-to.linuxcareer.com/how-to-automatically-chroot-jail-selected-ssh-user-logins should help.
0
 
LVL 17

Author Comment

by:OmniUnlimited
ID: 39841110
That does look interesting, but since I've never done that before, I think I should ask you first:

Can the chroot directory be the /home/newuser directory?

Also, in the middle of the tutorial is this:

At this point all is ready and we can chroot

# chroot /vat/chroot
bash-4.2# ls /  
bash: ls: command not found

Open in new window


Is

# chroot /vat/chroot

Open in new window


supposed to be

# chroot /var/chroot

Open in new window

?
0
 
LVL 8

Expert Comment

by:Surrano
ID: 39841190
The catch here is that if you restrict some users' access to their home directories then they won't access other stuff like /bin which probably includes their login shell binary or /usr/lib which is pretty much used by all binary executables.

What is it exactly that makes you think that it's a (security?) risk for a user to leave the home directory?

Why not use good old file permissions or not-so-old-but-still-old ACLs to prevent them doing something nasty?
0
 
LVL 17

Author Comment

by:OmniUnlimited
ID: 39848278
@Tintin:  You never answered my questions, but I went ahead and tried the instructions from your link and I ended up with the same problem.  I continue getting an "access denied" error.

@Surrano:  I would prefer that people not see what programs and platforms I am using on my machine, and what directory structures exist on my sites.
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39849275
Is newuser in the group sftponly? Have you try to comment out the following section, restart ssh and see if  it even work without the match group option?

AllowGroups root sftponly
Match Group sftponly
        ChrootDirectory /home/newuser
        ForceCommand    internal-sftp
        AllowTcpForwarding      no

Open in new window

0
 
LVL 17

Author Comment

by:OmniUnlimited
ID: 39849283
Hello Mazdajai!

I appreciate your assistance with this issue.  To answer your questions:

1. Newuser is in sftponly group
2. Per your suggestion, I tried commenting out everything you listed and restarted sshd.  I still get an Access denied error when attempting to log in with Newuser.
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39849284
Do yo have a original copy of the sshd_config? Is ssh ever work with newuser on this box? Recreating the user with userdel/useradd? It might be quicker to reinstall ssh and start from scratch, one step at a time.

If not, can you provide the output of the following? (Case sensitive)

ssh -vvv -l newuser <servername>

Open in new window

0
 
LVL 17

Author Comment

by:OmniUnlimited
ID: 39849309
The original copy of sshd_config is identical to what is there now with the exception of the commented out Subsystem and the last six lines of the file. SSH has never allowed Newuser to log in.  I tried recreating the user, I get a "Creating mailbox file: File exists" notice.  You would need to walk me through reinstallation of SSH if you feel that is absolutely necessary.

Here is the output you requested (the IP address has been blocked out for security purposes.)
# ssh -vvv -l Newuser xxx.xxx.xxx.xxx
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/identity-cert type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 960 bytes for a total of 981
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug3: Wrote 24 bytes for a total of 1005
debug2: dh_gen_key: priv key bits set: 133/256
debug2: bits set: 491/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: Wrote 144 bytes for a total of 1149
debug3: check_host_in_hostfile: host xxx.xxx.xxx.xxx filename /root/.ssh/known_hosts
debug3: check_host_in_hostfile: host xxx.xxx.xxx.xxx filename /root/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug1: Host 'xxx.xxx.xxx.xxx' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug2: bits set: 500/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: Wrote 16 bytes for a total of 1165
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug3: Wrote 48 bytes for a total of 1213
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /root/.ssh/identity ((nil))
debug2: key: /root/.ssh/id_rsa ((nil))
debug2: key: /root/.ssh/id_dsa ((nil))
debug3: Wrote 64 bytes for a total of 1277
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-keyex
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug2: we did not send a packet, disable method
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug3: Trying to reverse map address xxx.xxx.xxx.xxx.
debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_0' not found

debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_0' not found

debug1: Unspecified GSS failure.  Minor code may provide more information


debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_0' not found

debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug3: no such identity: /root/.ssh/identity
debug1: Trying private key: /root/.ssh/id_rsa
debug3: no such identity: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
Newuser@xxx.xxx.xxx.xxx's password:
debug3: packet_send2: adding 64 (len 58 padlen 6 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug3: Wrote 144 bytes for a total of 1421
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
Permission denied, please try again.
Newuser@xxx.xxx.xxx.xxx's password:

Open in new window

0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39850046
Is the username newuser or Newuser? Not sure if reinstall is necessary yet, your output looks fine.
0
 
LVL 17

Author Comment

by:OmniUnlimited
ID: 39850152
It is Newuser.  What about the Permission denied error at the end?  I have tried resetting the password many times.
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39850335
Not sure if it is a typo, your home directory have a different uername - /home/newuser, try recreating the user.

userdel -r Newuser
useradd Newuser
echo 'Newuser123'|passwd --stdin Newuser
ssh -vvv -l Newuser <server>

Open in new window

0
 
LVL 17

Author Comment

by:OmniUnlimited
ID: 39850579
Yey, that did it!  I was able to log in successfully under SSH with the user Newuser.  But now I have the problem that the user has full access to the server (that is, he can see all the files.)  How do I create a jailed environment for this user?  When I try and uncomment the lines in sshd_config, PuTTY gets a network error and aborts.
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39851202
What distro are you using? Are you able to login with either AllowGroup or MatchGroup?
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 17

Author Comment

by:OmniUnlimited
ID: 39851606
Ok, I think I am understanding a little as to what is going on here.  I am able to log in after having modified sshd_config with both AllowGroup and MatchGroup.  The problems arise when I try and set up the ChrootDirectory to something other than /home/<username>.  Is there a way to change this, or must ChrootDirectory be in the format "/home/<username>"?  (I am using a Centos 6.5 distro.)
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39852171
You are looking at an article to chroot sftp via centos 5.

Are you looking to chroot sftp or ssh?
0
 
LVL 17

Author Comment

by:OmniUnlimited
ID: 39852211
SSH.
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39852225
You were looking sftp, Take a look of the following for chroot ssh -

http://how-to.linuxcareer.com/how-to-automatically-chroot-jail-selected-ssh-user-logins
0
 
LVL 17

Author Comment

by:OmniUnlimited
ID: 39852344
This is the same link shared by Tintin earlier.  The problem is that I need to chroot a directory that is accessible via web (ex. /home/sitename/public_html/Newuser), not the /var/chroot directory as described in the article.  Is this possible?
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39852347
Try this on the sshd_config -

ChrootDirectory /home/sitename/pubic/html/%u 

Open in new window

0
 
LVL 17

Author Comment

by:OmniUnlimited
ID: 39852351
That goes back to what I said above:

The problems arise when I try and set up the ChrootDirectory to something other than /home/<username>.  Is there a way to change this, or must ChrootDirectory be in the format "/home/<username>"?
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39852357
It should set to %u if you want to jail the user in their perspective home directory. I can take a look of the lab machine tomorrow.

Exactly what problem are you referring to?
0
 
LVL 17

Author Comment

by:OmniUnlimited
ID: 39852405
The problem where PuTTY blows up with a "Network error: Software caused connection abort" error.
0
 
LVL 8

Assisted Solution

by:Surrano
Surrano earned 50 total points
ID: 39852549
I believe PuTTY "blows up" because sshd answers the call but right afterwards it chroots so it can no longer access its binaries.
0
 
LVL 17

Author Comment

by:OmniUnlimited
ID: 39857444
@Surrano:  Sorry for the delay in responding.  I've been playing around with the system trying to overcome the issue you described and have had no luck.  Do you have any ideas as to what I can do to achieve my goal?
0
 
LVL 21

Accepted Solution

by:
Mazdajai earned 400 total points
ID: 39857878
It sounds like you have not copy all the required binaries to start a shell.

Try create a new user, the following has been tested working.

groupadd sshonly
useradd -G sshonly -c "Restricted User 1" -M ruser1
echo ruser123|passwd --stdin ruser123

Open in new window


%u was not needed in sshd_config, only the chroot directory is needed.
Match Group sshonly
ChrootDirectory /chroot
AllowTcpForwarding no
X11Forwarding no

Open in new window


Create the home directory and set permission. Turn off selinux and copy the binary to the chroot directory.
mkdir -p /chroot/home/ruser1
chown ruser1.ruser1 /chroot/home/ruser1
chmod 700 /chroot/home/ruser1
setenforce 0
mkdir /chroot/{dev,bin,lib64}
cp -p /bin/bash /chroot/bin

Open in new window


ldd /bin/bash

Open in new window

   linux-vdso.so.1 =>  (0x00007fffc477d000)
    libtinfo.so.5 => /lib64/libtinfo.so.5 (0x00007f5aafc4f000)
    libdl.so.2 => /lib64/libdl.so.2 (0x00007f5aafa4b000)
    libc.so.6 => /lib64/libc.so.6 (0x00007f5aaf6b7000)
    /lib64/ld-linux-x86-64.so.2 (0x00007f5aafe77000)

Copy the library files to /chroot/lib64 directory. Next, check the binary with ldd. It should point to the libraries. Finally, restart ssh.
cp -p /lib64/libtinfo.so.5 /lib64/libdl.so.2 /lib64/libc.so.6 /lib64/ld-linux-x86-64.so.2 /chroot/lib64
ldd /chroot/bin/bash
service sshd restart

Open in new window

0
 
LVL 17

Author Comment

by:OmniUnlimited
ID: 39857954
Hi Mazdajai!

Thanks for coming back to my assistance.  I was getting worried there.

Listen, this is the problem I am facing:

I have a website directory, let's call it /home/account/public_html/sitename.  I want to make this folder the jailed directory.  Is this possible?  (Note there is no mention of the username)
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39858032
It is possible, all you need to do is change the user home directory in /etc/passwd to what you desire.

If you are trying to do something else than below then I would suggest you to open a new thread instead.

What I am trying to do is to limit SSH access of this user to just his directory under the /home directory, which in this case is /home/newuser.
0
 
LVL 17

Author Closing Comment

by:OmniUnlimited
ID: 39858076
Circumstances changed.  What you proposed is the solution to the current question.

Please see new question at http://www.experts-exchange.com/OS/Linux/Q_28364681.html
0
 
LVL 17

Author Comment

by:OmniUnlimited
ID: 39860822
Hey Mazdajai, aren't you going to help me anymore?  You have yet to post on the new question (the one you suggested I open.)
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39862229
You have not forgotten. :)

I see other experts have already responded but I have add few lines as well.
0
 
LVL 17

Author Comment

by:OmniUnlimited
ID: 39878734
Hey Mazdajai, got another question if you are interested:

http://www.experts-exchange.com/OS/Linux/Q_28371494.html
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Using 'screen' for session sharing, The Simple Edition Step 1: user starts session with command: screen Step 2: other user (logged in with same user account) connects with command: screen -x Done. Both users are connected to the same CLI sessio…
SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now