Centos – Chroot with CentOS 5.3 + openssh 4.3p2

centoschrootsftpssh

OS: CentOS 5.3, with openssh 4.3p2

Trying to set 'chroot' in ssh shell, but openssh version prior to 4.8 doesn't take below settings. yum update openssh open up to version 4.3 which is quite old. Doesn't CentOS support openssh 4.8 or up? If that's the case, how to set chroot with openssh 4.3? or is it better to just using FTP? My purpose is limit SFTP or FTP access to certain folder, not root folder. Thanks!

Match group sftponly
         ChrootDirectory /home/%u
         X11Forwarding no
         AllowTcpForwarding no
         ForceCommand internal-sftp

Best Answer

If you want to use openssh's sftp you will need to update your openssh binaries. Centos doesn't provide an "official" repo with an 4.8> version, so you will have to compile/install it your self, or find a 3rd party repo that has it.

Related Solutions

Centos – the easiest and cleanest way to create a chrooted SFTP on Centos 5.4

I've found the following solution:

# yum install gcc
# yum install openssl-devel
# yum install pam-devel
# yum install rpm-build
# wget http://ftp.bit.nl/mirror/openssh/openssh-5.2p1.tar.gz
# wget http://ftp.bit.nl/mirror/openssh/openssh-5.2p1.tar.gz.asc
# wget  -O- http://ftp.bit.nl/mirror/openssh/DJM-GPG-KEY.asc | gpg –-import
# gpg openssh-5.2p1.tar.gz.asc
gpg: Signature made Mon 23 Feb 2009 01:18:28 AM CET using DSA key ID 86FF9C48
gpg: Good signature from “Damien Miller (Personal Key) ”
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 3981 992A 1523 ABA0 79DB FC66 CE8E CB03 86FF 9C48
# tar zxvf openssh-5.2p1.tar.gz
# cp openssh-5.2p1/contrib/redhat/openssh.spec /usr/src/redhat/SPECS/
# cp openssh-5.2p1.tar.gz /usr/src/redhat/SOURCES/
# cd /usr/src/redhat/SPECS
# perl -i.bak -pe ’s/^(%define no_(gnome|x11)_askpass)\s+0$/$1 1/’ > openssh.spec
# (I found this didn't work and I had to manually disable the two lines for gnome and x11 askpass by changing the 0 to 1)
# rpmbuild -bb openssh.spec
# cd /usr/src/redhat/RPMS/`uname -i`
# ls -l
-rw-r–r– 1 root root 275808 Feb 27 08:08 openssh-5.2p1-1.x86_64.rpm
-rw-r–r– 1 root root 439875 Feb 27 08:08
openssh-clients-5.2p1-1.x86_64.rpm
-rw-r–r– 1 root root 277714 Feb 27 08:08
openssh-server-5.2p1-1.x86_64.rpm
# rpm -Uvh openssh*rpm
Preparing… ########################################### [100%]
1:openssh ########################################### [ 33%]
2:openssh-clients ########################################### [ 67%]
3:openssh-server ########################################### [100%]
# service sshd restart

Ssh – How to enable the SFTP Subsystem in Redhat 5.2 Enterprise Linux

Your SSH is most likely version 4.2, all that SFTP stuff is in version 4.9 from what I can tell. You will need to compile a newer version. The 5.2 RHEL server here is showing 4.2 for the OpenSSH version.

Best Answer

Related Solutions

Centos – the easiest and cleanest way to create a chrooted SFTP on Centos 5.4

Ssh – How to enable the SFTP Subsystem in Redhat 5.2 Enterprise Linux

Related Topic