The post SFTP access via chroot on CentOS appeared first on Justin Silver.
]]>Install OpenSSH 5.6 to get chroot support:
rpm -qa | grep ssh yum -y install gcc automake autoconf libtool make openssl-devel pam-devel rpm-build wget http://ftp.halifax.rwth-aachen.de/openbsd/OpenSSH/portable/openssh-5.6p1.tar.gz wget http://ftp.halifax.rwth-aachen.de/openbsd/OpenSSH/portable/openssh-5.6p1.tar.gz.asc wget -O- http://ftp.halifax.rwth-aachen.de/openbsd/OpenSSH/portable/DJM-GPG-KEY.asc | gpg --import gpg openssh-5.6p1.tar.gz.asc tar zxvf openssh-5.6p1.tar.gz cp openssh-5.6p1/contrib/redhat/openssh.spec /usr/src/redhat/SPECS/ cp openssh-5.6p1.tar.gz /usr/src/redhat/SOURCES/ cd /usr/src/redhat/SPECS/ perl -i.bak -pe 's/^(%define no_(gnome|x11)_askpass)\s+0$/$1 1/' openssh.spec rpmbuild -bb openssh.spec cd /usr/src/redhat/RPMS/`uname -i` uname -i ls -l rpm -Uvh openssh*rpm /etc/init.d/sshd restart
Validate that you have 5.6 installed:
rpm -qa | grep ssh
Update /etc/ssh/sshd_config to have the following (comment out existing subsystem line)
Subsystem sftp internal-sftp
Match Group sftponly
ChrootDirectory /var/chroot
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no
Set the user’s home directory to be just USER when the chroot directory is /var/chroot/USER
The post SFTP access via chroot on CentOS appeared first on Justin Silver.
]]>