Good afternoon,
http://groups.google.com/group/comp.security.ssh/browse_thread/thread/ce30a1d9889dc2e2?pli=1
The tip above link to solve the problem. I had found this link, however
I was creating the log file in the dev directory of the chroot user.
With the command strace I noticed what was happening permission error
file access.
Effectively you need only create the dev directory, the Log Files
syslog-ng will automatically create. The log file is actually a socket
file that syslog-ng will create.
Solution:
My mistake was to manually create the log file in the dev directory of
the chroot user.
An example of directory is:
User: naira
Home directory: /var/www/naira.com.br
--> File sshd_config
Match Group customers
ChrootDirectory %h
ForceCommand internal-sftp-l VERBOSE f-AUTH
--> File syslog-ng.conf
source src {
unix-stream("/dev/log");
internal();
unix-stream("/var/www/naira.com.br/dev/log");
};
# ls -lah /var/www/naira.com.br/
drwxrwxr-x 13 root root 3.8K Mar 1 14:58 dev
Restart syslog-ng.
Thanks.
Naira Kaieski
Nucleo de Internet/Redes - Faccat
Linux Professional Institute - LPI000223834
Em 2/3/2011 14:05, Ivan Kharlamov escreveu:
2011/3/1 Naira Kaieski<na...@faccat.br>:
Good afternoon,
Staff set up openssh to direct users to a certain group members to a chroot
environment and these users will have access only to the server using sftp
protocol.
Put in the sshd_config file:
Match Group customers
ChrootDirectory% h
ForceCommand internal-sftp-l VERBOSE f-AUTH
Thus each user is directed to the chroot environment indicated in the
variable% h (home directory defined in / etc / passwd)
An example of directory is:
User: naira
Home directory: /var/www/naira.com.br
The problem is that I am not able to capture logs of the user group
"clients" that are targeted to the chroot environment. Access via
internal-sftp from other users who do not belong to the "client" I get the
logs in auth.log files.
I'm using syslog-ng.
Has anyone ever made this kind of setup?
Thanks,
--
Naira Kaieski
Nucleo de Internet/Redes - Faccat
Linux Professional Institute - LPI000223834
Hi!
Actually, I am incompetent at this area, but have you tried this?
http://groups.google.com/group/comp.security.ssh/browse_thread/thread/ce30a1d9889dc2e2
Best regards,
Ivan