James B. Byrne wrote: > Note: I am digest subscriber so if you could copy me directly on any > reply to the list I would appreciate it very much. > <snip> > After a modest amount of research we decided that the > best answer was to use a more recent version of OpenSSH (5.3p1)that > supports chroot as a configurable option. > I've not tested it, but I believe the chroot stuff was backported some while ago: # rpm -q --changelog openssh | more * Tue Dec 01 2009 Jan F. Chadima <jchadima at redhat.com> - 4.3p2-40 - close error file descriptor before running external subsystem (#537348) * Tue Sep 15 2009 Jan F. Chadima <jchadima at redhat.com> - 4.3p2-36.2 - minimize chroot patch to be compatible with upstream (#522141) * Tue Jun 23 2009 Jan F. Chadima <jchadima at redhat.com> - 4.3p2-36 - tiny change in chroot sftp capability into openssh-server solve ls speed problem (#440240) * Tue May 26 2009 Jan F. Chadima <jchadima at redhat.com> - 4.3p2-35 - workaround to plaintext recovery attack against CBC ciphers CVE-2008-5161 (#502230) * Fri May 15 2009 Tomas Mraz <tmraz at redhat.com> - 4.3p2-34 - disable protocol 1 in the FIPS mode * Thu Apr 30 2009 Jan F. Chadima <jchadima at redhat.com> - 4.3p2-33 - fix scp hangup on exit (#454812) - call integrity checks only on binaries which are part of the OpenSSH FIPS modules * Mon Apr 20 2009 Tomas Mraz <tmraz at redhat.com> - 4.3p2-32 - log if FIPS mode is initialized (#492363) - check the integrity of the binaries in the FIPS mode (#467268) * Wed Apr 08 2009 Jan F. Chadima <jchadima at redhat.com> - 4.3p2-31 - fix ssh hangup on exit (#454812) * Fri Mar 27 2009 Jan F. Chadima <jchadima at redhat.com> - 4.3p2-30 - add chroot sftp capability into openssh-server (#440240)