Red HatThis forum is for the discussion of Red Hat Linux.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I found several articles/walk through tutorials
that supposedly allow to set-up the built-in sftp
chroot jail of openssh in more recent versions
on the OSes mentioned above. While I managed to
compile and install the version with minor issues,
and also created a jail following instructions
that lets me connect via sftp into my jail, I
can't do anything in terms of file up-/download,
cd, ls ... all just gives me a permission denied.
I verified that SELinux is working but not stopping
the jailed user; from my perspective the ownerships
and perms on the jail directory are correct (only
root:root & 700), and the home under the jail owned
by the respective user.
Has anyone managed to get this to play? Would they
be willing to share the procedure?
Did you manually upgrade openssh - I know the standard openssh version on RHEL 5.5 (4.3 I think it is) doesn't support chroot jails - I've seen another thread where a user had a similar problem on CentOS 5.
I did indeed. While the 4.8 available on EPEL supposedly
does have chroot jails it lacks a few features that can't
have been backported.
However, as far as I'm concerned the issue is resolved.
After weeks of farting around with it I stumbled upon one
tutorial that DIDN'T say the perms on the base chroot dir
need to be 0700, but 0755, and voila, it all works. *sigh*
Would you mind posting a few links to a few of the tutorials you used to set this up? I'd love to give it a shot - I'm hoping RHEL 6 is released with openssh 5 - and I'd then implement across the board on my servers.