Tuesday, October 5, 2010

OpenSSH SFTP with ChrootDirectory step by step

1- Cài đặt các gói hổ trợ
yum install --exclude=*.i386 gcc openssl-devel pam-devel rpm-build
2- Download các gói và import key
wget http://ftp.bit.nl/mirror/openssh/openssh-5.2p1.tar.gz
wget http://mirror.anl.gov/openssh/portable/openssh-5.2p1.tar.gz
wget http://mirror.anl.gov/openssh/portable/openssh-5.2p1.tar.gz.asc
wget -O- http://mirror.anl.gov/openssh/portable/DJM-GPG-KEY.asc | gpg --import
gpg openssh-5.2p1.tar.gz.asc


3- Tiến hành build rpm file
tar zxvf openssh-5.2p1.tar.gz
cp openssh-5.2p1/contrib/redhat/openssh.spec /usr/src/redhat/SPECS/
cp openssh-5.2p1.tar.gz /usr/src/redhat/SOURCES/
cd /usr/src/redhat/SPECS
 perl -i.bak -pe 's/^(%define no_(gnome|x11)_askpass)\s+0$/$1 1/' openssh.spec
rpmbuild -bb openssh.spec
cd /usr/src/redhat/RPMS/`uname -i`
4- Cài đặt các gói
openssh-5.2p1-1.x86_64.rpm
openssh-clients-5.2p1-1.x86_64.rpm
openssh-debuginfo-5.2p1-1.x86_64.rpm
openssh-server-5.2p1-1.x86_64.rpm
5-Cấu hình openssh
Edit file /etc/ssh/sshd_config
Subsystem sftp internal-sftp
Match group sftp
ChrootDirectory /home/%u
         X11Forwarding no
         AllowTcpForwarding no
         ForceCommand internal-sftp
6- Add group, user và restart lại sshd vậy là xong.
<Kim Sách>
Posted by at
Labels:

1 comment:

  1. UnknownApril 6, 2012 at 2:43 AM

    Installation by source code

    cd openssh-5.9p1
    ./configure --exec-prefix= --prefix=/usr --sysconfdir=/etc/ssh
    make
    make install
    KS

    ReplyDelete

Subscribe to: Post Comments (Atom)