Just for the reference if you want to keep SELINUX enabled and create a new instance of sshd (with the stock CentOS 5.4 sshd) with sftp only you can do the following: -create a copy of /etc/ssh/sshd_config e.g. cp /etc/ssh/sshd_config /etc/ssh/sftpd_config -chage /add the following lines in sftpd_config Port 1234 ChrootDirectory %h Subsystem sftp internal-sftp AllowUsers externaluser -let SELINUX know that port 1234 (or whatever you put in your sftpd_config) is of type ssh_port_t semanage port -a -t ssh_port_t -p tcp -n 1234 -make sure that the sftp user's home directory respects the requirements of ChrootDirectory sshd_config directive : This path, and all its components, must be root-owned directories that are not writable by any other user or group. For file transfer sessions using “sftp”, no additional configuration of the environment is necessary if the in-process sftp server is used chown root /home/externaluser chmod g-w /home/externaluser -create a directory in which externaluser will be able to write mkdir /home/externaluser/upload chown externaluser /home/externaluser/upload - create a copy of /etc/init.d/sshd init script cp /etc/init.d/sshd /etc/init.d/sftpd - modify it to reflect the sftpd_config config file and a new pid file - make it start automatically chkconfig sftpd --add sftp Radu