tutorial: building an OpenSSH chroot jail on CentOS 5.3


allow users to log into a CentOS 5.3 server via ssh, but then constrain their mobility by using the chroot support introduced in OpenSSH 4.8p1.


1) http://v2.robbyt.com/2008/howto/chrooted-sftp-with-openssh-5/

2) http://www.dotnux.com/?p=3

3) http://forums.fedoraforum.org/archive/index.php/t-30684.html


I followed the tutorial in resource 2 for the most part, but the rpm build will fail with an error if the “/usr/src/redhat/RPMS/i386” and “/usr/src/redhat/BUILD” directories are not made in advance, a step in resource 1.  

With these two tutorials, I was able to build and install OpenSSH 5.1, but then I ran into a couple hiccups.  When I tried to log in using a dummy account (“random1”) assigned to the “sshusers” group described in resource 1, ssh rejected my log in with an error: “Permission denied (publickey,gssapi-with-mic).”.  Looking in the ssh logs (“/var/log/secure”), I saw: “Authentication refused: bad ownership or modes for file “/home/random1/.ssh/authorized_keys”.  Referring to the details provided in resource 3, I changed the permissions on “random1/.ssh” and “random1/.ssh/authorized_users” to 700.  Then I was able to ssh in, but immediately I received the error “/bin/bash: No such file or directory”, and was bounced out.  I moved the ls and bash executables placed in “/usr/bin” in resource 2, to “/bin” and then all was good 🙂

Special thanks to robbyt, author of resource 1, for his assistance.