Create an RPM build environment
Posted: May 26, 2011 Filed under: CentOS, General Admin, IT Survival, Linux Leave a comment »I am trying to get the Java onto a Centos 5.5 server. The rpm install appears to work but when trying to get a particular app to install it fails.
I then came accross the Centos Wiki on how to install it.
The front end to this though is building an envronment to build the rpm.
NOTE: you will need another user for part of this process setup as rpmbuild should not be done as root.
The full instructions can be found here
As root
yum install -y rpm-build gcc gcc-c++ redhat-rpm-config
yum install jpackage-utils
As not root user
mkdir -p ~/rpmbuild/{SOURCES,SRPMS,SPECS,RPMS,tmp,BUILD}
This creates the build environment. See here for the java build but it will give you an idea of what is required.
Chroot SFTP connection
Posted: May 20, 2011 Filed under: CentOS, General Admin, IT Survival, Linux 1 Comment »With the new version of OPENSSH CHRoot has become was easier, with the user of ChrootDirectory
For this example we will user the following
username – sftpuser
group – sftponly
Ensure the latest OPENSSH is installed a guide can be found here
cd /etc/ssh
vi sshd_config
Navigate to the bottom
comment out any Subsytem lines and add the following
Subsystem sftp internal-sftp
Macth Group sftponly sftponly is the group name that you have allocated and want to limit access to
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no
My file looks like this
# override default of no subsystems
#Subsystem sftp /usr/local/libexec/sftp-server
Subsystem sftp internal-sftp
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server
Match Group sftponly
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
ChrootDirectory %h
Save and exit the file
groupadd sftponly
chown root:root /home
chmod 755 /home
useradd sftpuser
usermod -g sftponly sftpuser
usermod -s /bin/false sftpuser
usermod -d /home/sftpuser sftpuser
passwd sftpuser
To create the jail
chmod 755 /home/sftpuser
chown root:root /home/sftpuser
mkdir /home/sftpuser/xxxxx where xxxxx is a directory name of your choice
chown sftpuser:sftponly /home/sftpuser/xxxxx
to see if this works
ssh sftpuser@x.x.x.x
It will prompt for a password, it should allow the password and then close the session down
sftp sftpuser@x.x.x.x
It will prompt for a password and then take you to the home directory, you must cd into the directory created to put files.
You often need to have the user logon seamlessly from another system.
For this to happen make sure the same user is set up on the remote system
Then
ssh-keygen -t rsa
Press enter for the default option to storing the key in the home directory and do not enter a pass phrase
This key then needs to be copied to the server that has just beem CHROOTED
cat /home/xxxxx/.ssh/id_rsa.pub | ssh xxxx@server ‘cat >> /home/xxxxx/.ssh/authorized_keys’
cat /home/xxxxx/.ssh/id_rsa.pub | ssh xxxx@server ‘cat >> /home/xxxxx/.ssh/authorized_keys2′
Some system need the authorized_keys2 file, a good explanation of this process can be found here
This in one of the areas that can be a pain in the arse, drop me a line if you need help or have some more to add to this post. There are a lot of people out there wanting to do this based on the hits on this particular blog.
Installing OpenSSH 5.8 Centos 5.5
Posted: May 20, 2011 Filed under: CentOS, General Admin, IT Survival, Linux 3 Comments »Please look at the comments as well if you are copy and pasting some of the commands. The WordPress editor seems to change quotes and dashes so the syntax will be wrong. If you have any ideas on how to fix this please drop me a line.
I needed to CHroot an SFTP connection and wanted to use the latest OPENSSH package. I am running CentOS 5.5 and there is no rpm available.
So using the following instructions created my own. It appears that you may be able to do this with most sources. One thing to not is that you will need the prerequisites to install the rpm, so reading the readme or install instructions of the original source is a must.
The RPM creation was taken from the following site and works perfectly.
Download the relevant openshh source from which ever mirror site you want a list can be found here
I downloaded the 5.8p2 version which was the latest at the time
There are some prereques for an RPM build
yum install gcc
yum install openssl-devel
yum install pam-devel
yum install rpm-build
I then removed the older version of openssh. I am not sure if this is needed but I read on one blog that it was ???
yum erase openssh
Please note you will not be able to create a new ssh connection once this has been done
mkdir /software
cd /software
wget http://mirror.bytemark.co.uk/pub/OpenBSD/OpenSSH/portable/openssh-5.8p2.tar.gz
gzip -d openssh-5.8p2.tar.gz
tar -xvf openssh-5.8p2.tar.gz
cp openssh-5.8p2/contrib/redhat/openssh.spec /usr/src/redhat/SPECS/
gzip openssh-5.8p2.tar
cp openssh-5.2p1.tar.gz /usr/src/redhat/SOURCES/
cd /usr/src/redhat/SPECS
perl -i.bak -pe ‘s/^(%define no_(gnome|x11)_askpass)\s+0$/$1 1/’ openssh.spec
rpmbuild -bb openssh.spec
cd /usr/src/redhat/RPMS/`uname -i
ls -l should display 3 rpm files
OPENSSH relies on the following to be installed also zlib and openssl
zlib can be found here 1.2.5 was the latest release at the time of writing
cd /software
wget http://zlib.net/zlib-1.2.5.tar.gz
gzip -d zlib-1.2.5.tar.gz
tar -xvf zlib-1.2.5.tar
cd zlib-1.2.5.tar
./configure
make
make install
open ssl can be found here at the time of writing 0.9.8 was the latest release
wget http://www.openssl.org/source/openssl-0.9.8r.tar.gz
gzip – d openssl-0.9.8r.tar.gz
tar -xvf openssl-0.9.8r.tar
cd openssl-0.9.8r
./configure
make
make install
cd /usr/src/redhat/RPMS/`uname -i
rpm -Uvh openssh*rpm
This will install the latest ssh
service sshd restart
Will test if this has worked.
How to CHroot can be found here
