sftp chroot selinux centos 6.2 - tested working

If yo want to configure secure FTP server where user cannot get out of there home directories (ie chroot environment). Please follow below steps to achieve this.

Steps for setting sftp with chroot on centos 6.

We have to create a sftpgroup first and add these users to be part of this group. All these users will be part of sftpgroup.


cp -p /etc/ssh/sshd_config /etc/ssh/sshd_config-original

vim /etc/ssh/sshd_config

*** Comment out line ---
Subsystem      sftp    /usr/libexec/openssh/sftp-server

Add these lines --- considering group name will be sftpgroup and users home directories as /home


Subsystem sftp internal-sftp

Match Group sftpgroup
ChrootDirectory /home/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

-------

groupadd sftpgroup

/etc/init.d/sshd restart

useradd -g sftpgroup -s /sbin/false amit

mkdir /home/amit/upload

chown root:root /home/amit

chmod 755 /home/amit

chown amit:sftpgroup /home/amit/upload

if you are running SE LINUX , you need give below command for all this to work.

setsebool -P ssh_chroot_rw_homedirs on

If you want user upload should go on storage below option on solve this issue.

Where /storage/home/amit is on storage box.
and /home/amit is will be a mount point.

mount -o bind /storage/home/amit /home/amit

----------------

Some part of this is learned from

http://bachradsusi.livejournal.com/2239.html