Search Results

Search found 38288 results on 1532 pages for 'oracle linux partners'.

Page 596/1532 | < Previous Page | 592 593 594 595 596 597 598 599 600 601 602 603  | Next Page >

• How do I use the awesome window manager?

  - by Jason Baker

  I've installed awesome on my Ubuntu laptop, and I like it. But I feel kind of lost. I don't know any keyboard shortcuts and the man pages aren't really any help (for instance, what does Mod4 mean?). Is there any kind of brief introduction to awesome I can read?

  Read the article

• "setpci: command not found" in CentOS

  - by spoon16

  I'm trying to configure my Mac Mini running CentOS 5.5 to start automatically when power is restored after a power loss. I understand the following command has to be executed: setpci -s 0:1f.0 0xa4.b=0 When I run that command on my machine though I get bash: setpci: command not found. Is there a package I need to install via yum or something? I'm not seeing a clear answer via Google and I looked at the man page for setpci and it doesn't mention anything. Also, does this command need to be run every time the machine starts or just once?

  Read the article

• Introducing the ADF Desktop Integration Troubleshooting Guide

  - by Juan Camilo Ruiz

  Since the addition of ADF Desktop Integration to the ADF Framework, a number of customers internal and external, have started extending their applications in use cases around integration with MS Excel. In an effor to share the knowledge collected since the product came out, we are happy to launch the ADF Desktop Integration Troubleshooting Guide, where usera can find an active collection of best practices to figuring out how to best approach issues while using ADF Desktop Integration. Be sure to bookmark this link and make sure to check it out, plenty of scenarios are covered and more will be added as we continue identifying them. 

  Read the article

• Customize rsyslogd messages to show the sender of the message; not the receiver

  - by Nimmy Lebby

  I'm forwarding the WiFi router's log messages to our sysadmin box (sb3). This is the stanza in /etc/rsyslog.conf: # WiFi router log :fromhost-ip, isequal,'10.3.291.2' /var/log/wifi-router.log & ~ However, the log looks like this: Dec 23 10:41:58 sb3 dnsmasq-dhcp[253]: DHCPACK(br0) 10.3.292.133 xx:xx:xx:xx:xx:xx dg-ipad I want to customize so that anything logged to wifi-router.log does not mention sb3 but indicates the sender of the log message. How would I do this?

  Read the article

• Authentication required by wireless network.

  - by Roman

  I would like to use a wireless network from Ubuntu. In the network drop-down menu I select a network (this is a University network I have an account there). Then I get a windows with the following fields: Wireless Security: [WPA&WPA2 Enterprise] Authentication: [Tunneled TLS] Anonymous Identity: [] CA Certificate: [(None)] Inner Authentication: [some letters] User Name: [] Password: [] I put there my user name and password and do not change default value and leave "Anonymous Identity"blank. As a result of that I get "Authentication required by wireless network". How can I solve this problem? I think it is important to notice that our system administrator tried to find some files (which are probably needed to be used as "CA Certificate"). He said that he does not know where this file is located on Ubuntu (he support only Windows). So, probably this is direction I need to go. I need to find this file. But may be I am wrong. May be something else needs to be done. Could you pleas help me with that?

  Read the article

• Does Ubuntu 11.10 include MySQL 5.5?

  - by Jiho Kang

  I was told that Ubuntu 11.10 comes with MySQL 5.5 but it doesn't show up in the cache search. Did it not make it in to the latest release? root@ubuntu:/etc# cat lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=11.10 DISTRIB_CODENAME=oneiric DISTRIB_DESCRIPTION="Ubuntu 11.10" root@ubuntu:/etc# apt-cache search mysql-server mysql-server - MySQL database server (metapackage depending on the latest version) mysql-server-5.1 - MySQL database server binaries and system database setup mysql-server-core-5.1 - MySQL database server binaries auth2db - Powerful and eye-candy IDS logger, log viewer and alert generator cacti - Frontend to rrdtool for monitoring systems and services mysql-cluster-server - MySQL database server (metapackage depending on the latest version) mysql-cluster-server-5.1 - MySQL database server binaries torrentflux - web based, feature-rich BitTorrent download manager

  Read the article

• How to add an SSH user to my Ubuntu 12 server to upload PHP files

  - by user229209

  I have an Ubuntu 12 VPS and wanted to create a user account to upload and download my PHP code. So when logged in as root I created a user "chris" and then created a directory /var/www/chris I want "chris" to be able to upload and run files to the /var/www/chris directory. Permissions for the chris dir look like this: drwxrwxr-x 2 root chris 4096 Aug 20 03:35 chris As root I created a sample file called abc.php and put it in the chris dir. It worked fine when I test it in a browser. I logged in as chris and uploaded a file called 1234.php. That did not work. I just got a blank PHP page. The code was identical in both files. So it is not the code. The permissions now look like this: -rw-r--r-- 1 root chris 59 Aug 20 03:34 1234.php -rw-r--r-- 1 root root 49 Aug 20 03:21 abc.php How do I alow the "chris" user to upload files and get them to work?

  Read the article

• Don't let the mouse wake up displays from standby

  - by progo

  I like to put my displays to powersave/standby mode when I leave the computer for a while. It would be ok if it weren't for oversensitive mouse. Sometimes the driver reads in some movement that's not visible to the naked eye (the cursor, that is) and it breaks the power save. It would wait for another 10 minutes before going back to its standby. My workaround is the following script bound to C-S-q: xlock -startCmd 'xset dpms 2 2 2' -endCmd 'xset dpms 600 1200 1300' -mode blank -echokeys -timeelapsed +usefirst By using xset I set the values to 2 seconds each before going to standby. It's not nice, anyway. Sometimes there are cool fortunes that I want to read before typing in the password. I could keep the cursor moving but it's cludgy. (By the way, xlock's option mousemotion doesn't help -- it just hides the cursor but the displays fire up nevertheless.) So the question: is there a way to make displays go standby and stay there until a keyboard key is pressed? I'm running gentoo and recent Xorg, but I hope the answer doesn't have to be distro-specific. Basically the answer can be as simple as how to enable/disable mouse within command line? It think that would do the job if DPMS doesn't know the idea.

  Read the article

• Dvorak hotkey remapping in vim, worth it?

  - by Bryan Ward

  I've been trying to learn the dvorak keyboard layout of late and I have been making some good progress this time around. The trouble I am finding now is that all of my hotkeys are all in the wrong places. As a vim user this is particularly troubling. I have found good resources to switch the bindings back so that they are in the places in vim, but I wonder if this is worth it. I also use set -o vi in my ~/.zshrc file so that I can use the familiar bindings in the terminal as well. hjkl navigation is also featured in a number of other applications such as less. For those of you out there who have successfully made the switch, is it worth remapping things to be familiar again, or is it better in the long run to just deal with weirdly placed hotkeys?

  Read the article

• How can I automatically restart Apache and Varnish if can't fetch a file?

  - by Tyler

  I need to restart Apache and Varnish and email some logs when the script can't fetch robots.txt but I am getting an error ./healthcheck: 43 [[: not found My server is Ubuntu 12.04 64-bit #!/bin/sh # Check if can fetch robots.txt if not then restart Apache and Varnish # Send last few lines of logs with date via email PATH=/bin:/usr/bin THEDIR=/tmp/web-server-health [email protected] mkdir -p $THEDIR if ( wget --timeout=30 -q -P $THEDIR http://website.com/robots.txt ) then # we are up touch ~/.apache-was-up else # down! but if it was down already, don't keep spamming if [[ -f ~/.apache-was-up ]] then # write a nice e-mail echo -n "Web server down at " > $THEDIR/mail date >> $THEDIR/mail echo >> $THEDIR/mail echo "Apache Log:" >> $THEDIR/mail tail -n 30 /var/log/apache2/error.log >> $THEDIR/mail echo >> $THEDIR/mail echo "AUTH Log:" >> $THEDIR/mail tail -n 30 /var/log/auth.log >> $THEDIR/mail echo >> $THEDIR/mail # kick apache echo "Now kicking apache..." >> $THEDIR/mail /etc/init.d/varnish stop >> $THEDIR/mail 2>&1 killall -9 varnishd >> $THEDIR/mail 2>&1 /etc/init.d/varnish start >> $THEDIR/mail 2>&1 /etc/init.d/apache2 stop >> $THEDIR/mail 2>&1 killall -9 apache2 >> $THEDIR/mail 2>&1 /etc/init.d/apache2 start >> $THEDIR/mail 2>&1 # prepare the mail echo >> $THEDIR/mail echo "Good luck troubleshooting!" >> $THEDIR/mail # send the mail sendemail -o message-content-type=html -f [email protected] -t $EMAIL -u ALARM -m < $THEDIR/mail rm ~/.apache-was-up fi fi rm -rf $THEDIR

  Read the article

• What does NT_STATUS_BAD_NETWORK_NAME mean in Samba?

  - by Neil

  I set up a share like this: [global] security = user map to guest = Bad Password usershare allow guests = yes [vms] comment = VirtualBox Virtual Machines path = /home/neil/VirtualBox/HardDisks guest ok = yes read only = yes And when I access the share as myself, and type in my password, it works fine: $ smbclient //neil-ubuntu/vms -U neil Enter neil's password: Domain=[SHUTTERSTOCK] OS=[Unix] Server=[Samba 3.4.0] smb: \> But when I access it as guest, it doesn't work: $ smbclient //neil-ubuntu/vms -U guest Enter guest's password: Domain=[SHUTTERSTOCK] OS=[Unix] Server=[Samba 3.4.0] tree connect failed: NT_STATUS_BAD_NETWORK_NAME Regardless of what password I type in. Does anyone know why? Also, why does smbclient print such useless error messages?

  Read the article

• How to drop packets in a custom Intrusion Detection System

  - by tzoukos

  Hi there, I'm trying to build a custom Intrusion Detection and Prevention System (IDS/IPS). I found a great utility named ROPE which can scan the packet payload and drop the packet that doesn't follow the rules, set by a script. This serves my purpose completely, since what I want to do is check the payload for some specific text and then drop it or allow it ( the string feature in iptables wouldn't do me any good, because I want to check more than one string in tha payload, like usernames, id's, etc ). However, ROPE is really old and despite my many attempts I haven't managed to install it properly. Do you know any similar program that will help me drop packets in iptables depending on the payload? Any suggestion is greatly appreciated :)

  Read the article

• .htaccess to block by file name possible?

  - by Tiffany Walker

  I have a bunch of files that are secure_xxxxxx.php. Is there a way to use .htaccess to block access to all the secure_* php files based on IP? EDIT: I've tried but I get 500 errors <FilesMatch "^secure_.*\.php$"> order deny all deny from all allow from my ip here </FilesMatch> Don't see any errors in apache error logs either httpd -M Loaded Modules: core_module (static) authn_file_module (static) authn_default_module (static) authz_host_module (static) authz_groupfile_module (static) authz_user_module (static) authz_default_module (static) auth_basic_module (static) include_module (static) filter_module (static) log_config_module (static) logio_module (static) env_module (static) expires_module (static) headers_module (static) setenvif_module (static) version_module (static) proxy_module (static) proxy_connect_module (static) proxy_ftp_module (static) proxy_http_module (static) proxy_scgi_module (static) proxy_ajp_module (static) proxy_balancer_module (static) ssl_module (static) mpm_prefork_module (static) http_module (static) mime_module (static) dav_module (static) status_module (static) autoindex_module (static) asis_module (static) info_module (static) suexec_module (static) cgi_module (static) dav_fs_module (static) negotiation_module (static) dir_module (static) actions_module (static) userdir_module (static) alias_module (static) rewrite_module (static) so_module (static) fastinclude_module (shared) auth_passthrough_module (shared) bwlimited_module (shared) frontpage_module (shared) suphp_module (shared) Syntax OK

  Read the article

• FTPS SSH Host Key after IP Address Change

  - by David George

  I have a Secure FTP (FTPS) server that my remote sites to upload files to daily via scripted routines that run. I have had issues in the past when upgrading hardware and deploying new servers causing the RSA Fingerprint to change for that server. Then all my remote sites can't connect until I have the old key removed (usually via ssh_keygen -r myserver.com). I now have to change the IP address for myserver.com and I wondered if there is anyway to proactively generate new host keys so that when the server address changes all my FTPS client remote sites don't break?

  Read the article

• Running SSL locally on a hosts redirected domain name with Ubuntu and Apache

  - by Matthew Brown

  I recently made some changes to my Ubuntu computer so that a domain name resolved to my local copy of Apache. I edited /etc/hosts and added 127.0.0.1 thisbit.example.com Then set up a VirtualHost for the responses I wishes to create. That all works fine and my testing is now shooting on ahead without harm or risk tot he production server. Now for my next trick I need to test the authentication and so need to do this with HTTPS Basically https://auth.example.com needs to work on my PC without the SSL causing an issue which I imagine would be the case as I am clearly not the true https://auth.example.com but for the basis of this exercise I need to pretend that I am. Now it might be that the Apps I'm testing don't worry about checking the certificate. (Many are in Java which I'm no expert with). What gotchas am I likely to encounter and what is the best way of not letting my own hacks spoil my testing? I'm guessing the place to start is to enable SSL with Apcahe... I've never done that before as it has never come up before.

  Read the article

• How to know which block device maps to which physical drive

  - by Karolis T.

  I have a server with software RAID 1, two hot-swap sata disks. One hard drive started showing errors, I'm thinking about removing and replacing it, only problem is that I have no idea which of the two correspond to which devices. And I can't shut the server down to find out. I have /dev/sda and /dev/sdb, /dev/sda is the failing one. Thought about doing something along the lines # mdadm --manage /dev/md0 --remove /dev/sda1 then somehow stop/suspend the drive using tuning software and try to listen which of the two stopped, but that's not gonna work in a noisy server environment. Drive panels have no LEDs. Thanks for any ideas!

  Read the article

• Problems with kickstart script, partition info crashes deployment

  - by tore-

  Hi, Currently testing cobbler, but have problem with the kickstart script when the partition information is loaded. Here is my ks: http://pastebin.ca/1824343 I can't figure out what is the problem with the partsection at all. Without it, it works. I've even tried autopart. If the entry is removed, it works, but of course I have to provide the installer with partition information. Under the kickstart an python exception is raised. I get a Errno 2 No such file or directory. My Apache logs states: File does not exist: /var/www/cobbler/links/CentOS-5.3-x86_64/images/updates.img File does not exist: /var/www/cobbler/links/CentOS-5.3-x86_64/disc1 File does not exist: /var/www/cobbler/links/CentOS-5.3-x86_64/images/product.img But without the part information, no error occours. What am I not seeing? Cobbler 2.0.3, imported the CentOS 5.3 x86_64 DVD, PXE booting from a Xen guest.

  Read the article

• Article: Security Token Service and Identity Delegation with Metro

  - by OracleTechnologyNetwork

  Metro is a high performance, extensible, easy-to-use web services stack. This Java Enterprise Tech Tips shows how you can use the enhanced support for WS-Trust and WS-SecureConversation in Metro 2.0 to access a back-end resource through a chain of services. Includes a sample application.

  Read the article

• kmemsize problems in VPS even when there is about 500MB free mem

  - by Amer

  Hello, I have a site hosted on a Plesk VPS with 512MB memory and keep on getting kmemsize in "black zone" QoS errors. The soft limit of kmemsize is 12,288,832 and hard limit is 13,517,715. The definition Virtuozzo gives is: Size of unswappable memory, allocated by the operating system kernel. What's eating up the kmemsize? Is there any way to reconfigure and increase the kmemsize? The servers barely have any load or processing. Thanks for the help...

  Read the article

• Why does rsync spawn multiple processes for me?

  - by Yoga

  I am using the following cron statement to backup from one folder to another folder in the same machine: 19 21 * * * root rsync -ac --delete /source/folder /dest/folder When I use pstree, I see the cron forked three processes +-cron---cron---rsync---rsync---rsync And ps 9972 ? Ds 1:00 rsync -ac --delete /source/folder /dest/folder 9973 ? S 0:29 rsync -ac --delete /source/folder /dest/folder 9974 ? S 0:09 rsync -ac --delete /source/folder /dest/folder Why are three processes? Can I limit to only one?

  Read the article

• how to get gateway address

  - by brknl

  I am trying to get gateway address but when i call "route -n" I expect to see something like that Destination Gateway Genmask Flags 0.0.0.0 dnsip 0.0.0.0 UG 0 0 0 eth0 but I only see the flag U ones and gateway ip is 0.0.0.0. When i look /etc/sysconfig/network/routes i can see the gateway address. I can not use that file because not every versions of open suse have that file. So i need to use a common way to find out the gateway addres.

  Read the article

• Ethernet interface number changed, and old one does not exist, but does not leave IP address

  - by Sagar

  I have a virtual machine with Mandriva 2007.0 (yes, old - unfortunately we do not have a choice here). Anyway, the problem: Before reboot: active network interface = eth0. No other interfaces present, and network manager confirms this. Static IP address set to 172.31.2.22. No issues, everything working properly, routing et al. -------Reboot--------- After reboot: active network interface = eth1, with a DHCP address. Network manager shows eth0 as disconnected, and not connectable. When I try to set eth1 up with the static IP address (same one), it says "In Use". I then tried ifconfig eth0 172.31.2.29 just to free it up from the eth0 interface so I could use it with eth1 (since this is connected). Result: ifconfig eth0 172.31.2.29 SIOCSIFADDR: No such device eth0: unknown interface: No such device Nothing else changed. Any ideas what could be happening, or at least how I can get my IP address back?

  Read the article

• MemCache-repcached compile error

  - by Ramy Allam

  I'm trying to install [memcached-1.2.8-repcached-2.2.1]( http://sourceforge.net/projects/repcached/files/latest/download?source=files) And I have the following error after running the make command: make all-recursive make[1]: Entering directory `/usr/local/src/pro/memcached-1.2.8-repcached-2.2.1' Making all in doc make[2]: Entering directory `/usr/local/src/pro/memcached-1.2.8-repcached-2.2.1/doc' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/usr/local/src/pro/memcached-1.2.8-repcached-2.2.1/doc' make[2]: Entering directory `/usr/local/src/pro/memcached-1.2.8-repcached-2.2.1' gcc -DHAVE_CONFIG_H -I. -DNDEBUG -g -O2 -MT memcached-memcached.o -MD -MP -MF .d eps/memcached-memcached.Tpo -c -o memcached-memcached.o test -f 'memcached.c' || echo './'memcached.c memcached.c: In function ‘add_iov’: memcached.c:697: error: ‘IOV_MAX’ undeclared (first use in this function) memcached.c:697: error: (Each undeclared identifier is reported only once memcached.c:697: error: for each function it appears in.) make[2]: * [memcached-memcached.o] Error 1 make[2]: Leaving directory `/usr/local/src/pro/memcached-1.2.8-repcached-2.2.1' make[1]: * [all-recursive] Error 1 make[1]: Leaving directory `/usr/local/src/pro/memcached-1.2.8-repcached-2.2.1' make: * [all] Error 2 OS : Centos5.7 64bit gcc-4.1.2-51.el5 gcc-c++-4.1.2-51.el5 libgcc-4.1.2-51.el5 Note : Memcached and memcache extension for php are already installed root@server[~]# memcached -h memcached 1.4.5 php ext http://pecl.php.net/get/memcache-2.2.6.tgz

  Read the article

• iptable CLUSTERIP won't work

  - by Rad Akefirad

  We have some requirements which explained here. We tried to satisfy them without any success as described. Here is the brief information: Here are requirements: 1. High Availability 2. Load Balancing Current Configuration: Server #1: one static (real) IP for each 10.17.243.11 Server #2: one static (real) IP for each 10.17.243.12 Cluster (virtual and shared among all servers) IP: 10.17.243.15 I tried to use CLUSTERIP to have the cluster IP by the following: on the server #1 iptables -I INPUT -i eth0 -d 10.17.243.15 -j CLUSTERIP --new --hashmode sourceip --clustermac 01:00:5E:00:00:20 --total-nodes 2 --local-node 1 on the server #2 iptables -I INPUT -i eth0 -d 10.17.243.15 -j CLUSTERIP --new --hashmode sourceip --clustermac 01:00:5E:00:00:20 --total-nodes 2 --local-node 2 When we try to ping 10.17.243.15 there is no reply. And the web service (tomcat on port 8080) is not accessible either. However we managed to get the packets on both servers by using TCPDUMP. Some useful information: iptable roules (iptables -L -n -v): Chain INPUT (policy ACCEPT 21775 packets, 1470K bytes) pkts bytes target prot opt in out source destination 0 0 CLUSTERIP all -- eth0 * 0.0.0.0/0 10.17.243.15 CLUSTERIP hashmode=sourceip clustermac=01:00:5E:00:00:20 total_nodes=2 local_node=1 hash_init=0 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 14078 packets, 44M bytes) pkts bytes target prot opt in out source destination Log messages: ... kernel: [ 7.329017] e1000e: eth3 NIC Link is Up 100 Mbps Full Duplex, Flow Control: None ... kernel: [ 7.329133] e1000e 0000:05:00.0: eth3: 10/100 speed: disabling TSO ... kernel: [ 7.329567] ADDRCONF(NETDEV_CHANGE): eth3: link becomes ready ... kernel: [ 71.333285] ip_tables: (C) 2000-2006 Netfilter Core Team ... kernel: [ 71.341804] nf_conntrack version 0.5.0 (16384 buckets, 65536 max) ... kernel: [ 71.343168] ipt_CLUSTERIP: ClusterIP Version 0.8 loaded successfully ... kernel: [ 108.456043] device eth0 entered promiscuous mode ... kernel: [ 112.678859] device eth0 left promiscuous mode ... kernel: [ 117.916050] device eth0 entered promiscuous mode ... kernel: [ 140.168848] device eth0 left promiscuous mode TCPDUMP while pinging: tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 12:11:55.335528 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) 10.17.243.1 > 10.17.243.15: ICMP echo request, id 16162, seq 2390, length 64 12:11:56.335778 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) 10.17.243.1 > 10.17.243.15: ICMP echo request, id 16162, seq 2391, length 64 12:11:57.336010 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) 10.17.243.1 > 10.17.243.15: ICMP echo request, id 16162, seq 2392, length 64 12:11:58.336287 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) 10.17.243.1 > 10.17.243.15: ICMP echo request, id 16162, seq 2393, length 64 And there is no ping reply as I said. Does anyone know which part I missed? Thanks in advance.

  Read the article

• Can't get Passwordless (SSH provided) SFTP working

  - by Shoaibi

  I have chrooted sftp setup as below. # Package generated configuration file # See the sshd_config(5) manpage for details # What ports, IPs and protocols we listen for Port 22 # Use these options to restrict which interfaces/protocols sshd will bind to #ListenAddress :: #ListenAddress 0.0.0.0 Protocol 2 # HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key #Privilege Separation is turned on for security UsePrivilegeSeparation yes # Lifetime and size of ephemeral version 1 server key KeyRegenerationInterval 3600 ServerKeyBits 768 # Logging SyslogFacility AUTH LogLevel INFO # Authentication: LoginGraceTime 120 PermitRootLogin without-password StrictModes yes AllowGroups admins clients RSAAuthentication yes PubkeyAuthentication yes #AuthorizedKeysFile %h/.ssh/authorized_keys # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes # To enable empty passwords, change to yes (NOT RECOMMENDED) PermitEmptyPasswords no # Change to yes to enable challenge-response passwords (beware issues with # some PAM modules and threads) ChallengeResponseAuthentication no # Change to no to disable tunnelled clear text passwords #PasswordAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosGetAFSToken no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes X11Forwarding yes X11DisplayOffset 10 PrintMotd no PrintLastLog yes TCPKeepAlive yes #UseLogin no #MaxStartups 10:30:60 #Banner /etc/issue.net # Allow client to pass locale environment variables AcceptEnv LANG LC_* #Subsystem sftp /usr/lib/openssh/sftp-server # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass # the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. UsePAM yes Subsystem sftp internal-sftp Match group clients ChrootDirectory /var/chroot-home X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp a dummy user root:~# tail -n1 /etc/passwd david:x:1000:1001::/david:/bin/sh Now in this case david can sftp using say filezilla client and he is chrooted to /var/chroot-home/david/. But what if i was to setup a passwordless auth? I have tried pasting his key in /var/chroot-home/david/.ssh/authorized_keys but no use, tried ssh'ing as david to the box and it just stops at "debug1: Sending env LC_CTYPE = C" after i supply it password and there is nothing shown in auth.log, may be because it can't find the homedir. If i do "su - david" as root i see "No directory, logging in with HOME=/" which makes sense. Symlink doesn't help either. I have also tried with: Match group clients ChrootDirectory /var/chroot-home/%u X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp a dummy user root:~# tail -n1 /etc/passwd david:x:1000:1001::/var/chroot-home/david:/bin/sh This way if i don't change /var/chroot-home/david to root:root sshd complains about bad ownership or permission modes, and if i do, david can no longer upload/delete anything directly in his home while using sftp from filezilla.

  Read the article

< Previous Page | 592 593 594 595 596 597 598 599 600 601 602 603  | Next Page >