[CentOS] Chroot'ed SSH

Filipe Brandenburger filbranden at gmail.com
Sat Jun 7 03:49:32 UTC 2008


Is anyone chrooting users that connect through SSH?

I looked for it on Google and I basically saw several methods:
- OpenSSH 5 supports ChrootDirectory (FC9 apparently has RPMs that
probably could be rebuilt under CentOS 5)
- There seem to be several patches for OpenSSH 4.x to do the chroot,
the most popular seems to be http://chrootssh.sf.net/
- There appears to be a pam_chroot
- There are solutions based on setting the user's shell to a
script/binary that does the chroot

By quickly looking at yum list, it doesn't seem like neither RHEL nor
CentOS directly support any of those, at least I didn't find any RPMs
for any of those.

If anyone is doing it, I would like to know what were your experiences
and if you would recommend doing it or not.

I'm specially interested in anything that doesn't involve replacing
the OpenSSH that comes with CentOS, after all, that's what CentOS is
all about, if you start replacing the pieces, what's the point...

Thanks a lot!

More information about the CentOS mailing list