SFTP access via chroot on CentOS

Install OpenSSH 5.6 to get chroot support:

rpm -qa | grep ssh 
yum -y install gcc automake autoconf libtool make openssl-devel pam-devel rpm-build 
wget http://ftp.halifax.rwth-aachen.de/openbsd/OpenSSH/portable/openssh-5.6p1.tar.gz 
wget http://ftp.halifax.rwth-aachen.de/openbsd/OpenSSH/portable/openssh-5.6p1.tar.gz.asc 
wget -O- http://ftp.halifax.rwth-aachen.de/openbsd/OpenSSH/portable/DJM-GPG-KEY.asc | gpg --import 
gpg openssh-5.6p1.tar.gz.asc 
tar zxvf openssh-5.6p1.tar.gz 
cp openssh-5.6p1/contrib/redhat/openssh.spec /usr/src/redhat/SPECS/ 
cp openssh-5.6p1.tar.gz /usr/src/redhat/SOURCES/ 
cd /usr/src/redhat/SPECS/ 
perl -i.bak -pe 's/^(%define no_(gnome|x11)_askpass)\s+0$/$1 1/' openssh.spec 
rpmbuild -bb openssh.spec 
cd /usr/src/redhat/RPMS/`uname -i` 
uname -i 
ls -l 
rpm -Uvh openssh*rpm 
/etc/init.d/sshd restart 

Validate that you have 5.6 installed:

rpm -qa | grep ssh 

Update /etc/ssh/sshd_config to have the following (comment out existing subsystem line)

Subsystem       sftp    internal-sftp 
Match Group sftponly 
        ChrootDirectory /var/chroot
        ForceCommand internal-sftp 
        X11Forwarding no 
        AllowTcpForwarding no 

Set the user’s home directory to be just USER when the chroot directory is /var/chroot/USER

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *