Configure SFTP server

Create a group for collaborative users.

[root@fileserver-01 ~]# groupadd -g 1501 dev

Create 3 collaborative users with supplementary group of dev and login shell as /sbin/nologin to restrict shell access by the user.

[root@fileserver-01 ~]# useradd -u 1001 -G dev –s /sbin/nologin ahmer

[root@fileserver-01 ~]# useradd -u 1002 -G dev –s /sbin/nologin mansoor

[root@fileserver-01 ~]# useradd -u 1003 -G dev –s /sbin/nologin danish

Set the home directories of these users as /common.

[root@fileserver-01 ~]# usermod -d /common ahmer

[root@fileserver-01 ~]# usermod -d /common mansoor

[root@fileserver-01 ~]# usermod -d /common danish

Set passwords for the users.

[root@fileserver-01 ~]# echo 123 | passwd ahmer --stdin

Changing password for user ahmer.

passwd: all authentication tokens updated successfully.

[root@fileserver-01 ~]# echo 123 | passwd mansoor --stdin

Changing password for user mansoor.

passwd: all authentication tokens updated successfully.

[root@fileserver-01 ~]# echo 123 | passwd danish --stdin

Changing password for user danish.

passwd: all authentication tokens updated successfully.

[root@fileserver-01 ~]#

Create a directory for collaboration and adjust permissions on it according to the requirement.

[root@fileserver-01 ~]# mkdir -p /chroot/sftp

[root@fileserver-01 ~]# chmod 555 /chroot/sftp

[root@fileserver-01 ~]# mkdir /chroot/sftp/common/

[root@fileserver-01 ~]# chgrp dev /chroot/sftp/common/

[root@fileserver-01 ~]# chmod 2775 /chroot/sftp/common/

Configure sshd service to handle the collaborative users.

[root@fileserver-01 ~]# vi /etc/ssh/sshd_config

Search and Comment the following line.

#Subsystem       sftp    /usr/libexec/openssh/sftp-server

Add following lines at the end of the /etc/ssh/sshd_config.

Subsystem       sftp    internal-sftp

Match Group dev

 X11Forwarding no

 AllowTCPForwarding no

 ChrootDirectory /chroot/sftp/

 ForceCommand internal-sftp –u 007

We have set the user mask as 007 to restrict the other users from accessing our files.

Subscription add in Redhat linux

• SSH / Get console of the shell of the desired Red Hat system you want to subscribe with the subscription
• run subscription-manager register command andsubscription-manager attach --pool=<POOL_ID>, the pool id can be found using subscription-manager list --available, this pool-ID is the unique ID respective to your subscription
• Internet connectivity to the system is required as the system will get authentication of the subscription from access.redhat.com
• verify the subscription is current/invalid from subscription-manager status command, If the output says  " Current " means the system is registered with proper subscription, anything other than this will come as an output saying "Invalid "
• The subscription can be attached to any Red Hat system, where the environment is started from RHEL 5.7 to the latest (7.5) one
• If the system had any previously attached subscription, please run these two commands one-by-one subscription-manager clean ; subscription-manager refresh at the system to clear out the previous metadata
• If the system had any previously added repository manually (not through Red Hat subscription) please run these command rm -fr /etc/yum.repos.d/* to delete any Repository configuration file which're not attached through a valid Red Hat subscription.
• You can also see the system attached to the subscription from your purchase account at access.redhat.com where the subscription will be shown attached to which system, the Hostname/ UUID.  
•  
•  

  Resolution

  If you continue to see applicable errata displayed in RHSM, it can mean one of a couple of things that need to be addressed:
  
• The system has not checked in recently, and there is a discrepancy between what you see in the Customer Portal and what is actually installed on your system. In this case, you may want to check which errata are available on your system and force a check in and run yum update again:

# yum update
# rm -f /var/lib/rhsm/packages/packages.json
# service rhsmcertd stop 
# rhsmcertd --now

Note: After forcing your system to check in again, please wait up to four hours for the errata data on RHSM to update to their correct data.