Dear All,
I am centos 5.5 user. Now my problem I would like to give login for remote user both via ssh and sftp. So when this particular user login just would like them to see a particular number of folder and limit their access. Any idea I have read and google on chroot etc but I am confuse how to setup in centos 5.5?

well what are you *SPECIFICALLY* confused about? http://erikeldridge.wordpress.com/20...on-centos-5-3/

Dear Kewpie,
I have visited this links n many more others. I am confuse what is difference between chroot and openssh. Chroot is techique or tool? Then how does openssh play its roles. I know centos 5.5 does now have the latest openssh so I must upgrade first rite?

Based upon the questions you are asking, I think that this free PDF book may be beneficial to you: http://ftacademy.org/materials/fsm/13 It covers a lot of ground regarding Linux systems and will help you to rapidly come up to speed on subject like Linux file permissions and basic networking tools like SSH.

To answer your question directly, chroot (change-root) is both a technique and a tool to fork off a process and make a directory it's root file system. This can be done to both contain the process and to create a distinct environment for it to operate. OpenSSH is an SSH, Secure SHell application that allows remote users to login to the system and give them a shell prompt. Via this shell, users will have the same access as if they opened a shell prompt from the system keyboard. Their ability to see files will depend upon the file permissions.

chroot is a tool used to lock a user into a certain subdirectory, and you just configre ssh to call it as part of the login process. There is no need to specifically upgrade anything to achieve what you want, but naturally things should be kept up to date, especially when security is involved.

Dear Noway2,
Now I am getting a clearer picture what this chroot is all about. Correct me here normally when we login we get to the root. So when this user log in their root is what that have been changed rite. So now my confusion is why a lot of article out there talks about upgrading openssh to version 5++ etc before can do chroot.

Dear Kewpie,
I was confuse all these way cause all the article talks about openssh upgrade and some even talks on rssh. So now you told me there is no need to upgrade then how am I going to do it any link or steps for me to follow? Thank you.

they aren't "upgrading", they are just installing from source, ignore those bits and just look at the bits relevant to sshd_config.

Dear Kewpie,
So you want me to get working on my /etc/ssh/ssh_config is it? So what you want me to update there?

i want you to read a document and see for yourself, it's not exactly hard. http://v2.robbyt.com/2008/howto/chro...ith-openssh-5/

Dear Kewpie,
The article is talking about openssh >4.9 but mine I have checked
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008. So you ask me to concentrate sshd_config? Should I follow that article to upgrade or not?

That is a good article that Acid_kewpie is referencing!

You are using a relatively outdated version. Per the documentation, this feature works with OpenSSH 4.9 and later, which you are not using. As of today, the current version of OpenSSH is 5.9 and many distributions, even those with slower releases are in the mid 5.x series. My honest recommendation is that you upgrade to a more recent system as you probably have many un-patched vulnerabilities. If you are a subscriber to Red Hat, you should have upgrades. If you are not, you should consider using Cent OS instead of RHEL for this reason. You could try to update your OpenSSH, but with a base system ~3 years old, you will undoubtedly have library and other dependency conflicts.

Dear Noway2,
I am on a centos platform. So I should go n update my openssh first rite. So you doubt it could be updates is it? If I really can not find an update so what is your next advice? Upgrade the OS is it? Ok let me try to update and see if I can do it.

shall I say AGAIN that you don't need to upgrade?? If the changes in the config file work, then they work. Why are you so keen to make one number the same as another number? that's just the version they happened to use in their guide. if you want to upgrade, then do so, nothing stopping you, but either way, just move on.

Acid_kewpie, I am not so sure this is correct. The OP is stating that they are using Open SSH revision 4.3p2, which actually dates to 2006. The open SSL libraries date to 2008. According to the OpenSSH release notes this feature was not included until version 4.9.

newbie14, activating the desired feature is a matter of changing the configuration. Normally, in any sort of current version of SSH, it is not necessary to upgrade. Try making the configuration changes and if this feature doesn't work, THEN confirm the version of SSH you are using. You should be able to do this with the command ssh -V