Chroot SSH on CentOS 5
 

Hello,

I'm trying to jail a group of users (under sftp) to their home when they SSH/SFTP over to the server. I read somewhere I should add the following into the /etc/ssh/sshd_config but even after adding the first line, SSH couldn't start & error said bad configuration:

Match Group sftp
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no

Can anyone help me? Appreciate it!!

IIRC, CentOS 5 - which is of course based on RHEL5 - provides OpenSSH 4.3 in its standard repositories.

The features you are trying to use are not available until a later minor version of the OpenSSH 4.x branch (4.8, I think).

Hi

anomie is correct - openssh as in RHEL 5 / CentOS 5 will not support it.

Depending on your application; in terms of what your users will be ftp'ing (and whether over the internet or not) you may want to consider "normal" FTP (vsftpd/proFTPd) - I have set up chroot jails in RHEL 5 with vsftpd; for users on my internal network (which is secured from threats via firewalls etc).

Thank you anomie & alli yas. Didn't know that about RHEL5 :D

Great, that gives me another idea. I'll split into 2 hosts. Host 1 allows read/write by internal users (behind firewall) & another purely for downloading data (encrypted) over the internet. I'll cron those data in specified folder meant for access by members outside office.

Hi Kenichi

Hope that you mean separate machines though - if you're talking 2 VM's on the same machine I don't think that is a good idea security wise :)