I had a need to have users SFTP into my current FTP server. I needed them to be chrooted in their own home directory. I needed them to not have any shell access.
The site that helped me the most was ttp://freshmeat.net/articles/view/1576/ I searched over and over and googled myself to death over this one. I found a lot of info that all went in different directions. This is the one that I found worked the best.
1. SFTP was the way to go. Fully encrypted with no username/passwords in clear text as with standard FTP.
2. I didn't want the users to have access to an ssh shell.
3. With this setup the way I have it you have to edit your rssh.conf each time you add a user to add their chroot.
1. Install OpenSSH
2. Edit /etc/ssh/sshd_config
LoginGraceTime 1m # only need 1 minute to allow login time
PermitRootLogin no # do not allow root login
#StrictModes yes # default is yes – this should stay
MaxAuthTries 3 # set max tries to 3 (default is 6)
3. Start ssh by running 'rcsshd start'
4. Run 'chkconfig --add sshd' to ensure ssh starts on boot.
5. Test the sftp connection by logging in as a user of the system. If you do not have a user created on the system other than root, create one now.
$ sftp joeblow@localhost
RSA keyfingerprint is ***********************.
Are you sure you want to continue connecting (yes/no)?
After you have said "yes" to the above, your sftp connection will be established, and you will have the following prompt waiting:
6. Install RSSH
7. After installation, you need to add rssh to the list of allowed shells.
$ echo /usr/bin/rssh >> /etc/shells
8. Edit the /etc/rssh.conf file to allow chrooting and sftp:
logfacility = LOG_USER
umask = 022
9. You may, as I needed to, set the chroot for each user.
Format is user="username":"umask":"service":"chroot dir"
10. Build a chroot for the home of your chroot.
11. You can find the dependacies of a file by using the ldd command.
12. Edit your user and set their shell to /usr/bin/rssh.