openssh-server-5-xx or
openssh-server-6-xx
CentOS 6.3 has openssh-server-5-xx already.
Ok, assuming that above version has been aquired.
below are my process.. some process are based on results if you google sftp + chroot, just make my self a note to remember.
I am creating a user.sftp user account and sftpusers group as sample.
1. create a group named sftpusers -- groupadd sftpusers
2. mkdir /ftp/sftpusers ---------> this will be my users root home directory.
3. add a user to be used for sftp
useradd -g sftpusers -d /ftp/sftpusers/user.sftp -s /sbin/nologin user.sftp
4. edit the file /etc/ssh/sshd_config
comment out the line that contains:
Subsystem sftp /usr/libexec/openssh/sftp-server
and replaced with:
#----
#Subsystem sftp /usr/libexec/openssh/sftp-server
Subsystem sftp internal-sftp
#----
then append the Match Group entry.
#----
Match Group sftpusers
ChrootDirectory /ftp/sftpusers/%u
ForceCommand internal-sftp
#----
5. create a folder inside /ftp/sftpusers/user.sftp/ and name it anything, here, I named it upload_dir
mkdir /ftp/sftpusers/user.sftp/upload_dir
6. ownership
chown root /ftp/sftpusers/user.sftp
chmod go-w /ftp/sftpusers/user.sftp
chown user.sftp:sftpusers /ftp/sftpusers/user.sftp/upload_dir
chmod u+rwX /ftp/sftpusers/user.sftp
chmod g+rx /ftp/sftpusers/user.sftp
check the owner, should be
drwxr-xr-x. 3 root sftpusers 4096 Jun 17 21:45 user.sftp
7. restart sshd service
when user is able to login via sftp client, if he tries to travserve to other dir..
error will be like below.
ftp> cd /etc/
Couldn't canonicalise: No such file or directory
sftp> ls
