chroot sftp in AWS with likewise / pbis 7.5+
Oh the humanity! Configuring chrooted sftp always seems like a chore when you combine it with an out side authentication like winbind or pbis (Power Broker Identity Services).
So configuring /etc/ssh/sshd_config is straight forward. All you need to change is:
http://en.wikibooks.org/wiki/OpenSSH/Cookbook/SFTP
But I kept seeing errors in /var/log/secure that said denied access because they are not in the ‘require membership of’ list and [lsass-pam] [module:pam_lsass]pam_sm_authenticate error [login:domain.local\user][error code:40158]
Finally figured out that you can adjust this so that they are allowed performing the following commands (need to be root or have sudo access):
/opt/pbis/bin/config --list
/opt/pbis/bin/config --details RequireMembershipOf
/opt/pbis/bin/config RequireMembershipOf "domain.local\\account1" "domain.local\\user2"Just don’t change something major like
sudo /opt/pbis/bin/config AssumeDefaultDomain trueThat will just lock you out.
You may also like
Denyhosts on CentOS
October 18, 2016
Ubuntu SNMP config for Zabbix and Checkpoint
February 4, 2016
Build bitcoind from source Fedora 22
October 30, 2015
Archives
Calendar
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| 1 | ||||||
| 2 | 3 | 4 | 5 | 6 | 7 | 8 |
| 9 | 10 | 11 | 12 | 13 | 14 | 15 |
| 16 | 17 | 18 | 19 | 20 | 21 | 22 |
| 23 | 24 | 25 | 26 | 27 | 28 | 29 |
| 30 | 31 | |||||
Leave a Reply