RHEL 5.4 & Chrooted SFTP

According to release notes, RHEL 5.4 included an update to setup chrooted SFTP accounts natively. But from what I am seeing, it is all or nothing--This means that even root is chrooted if you go this route.

Has anybody used this successfully? How did you configure it so that you could still do sysadmin tasks, if root is chrooted?

Thanks-

Josh

Can you describe how you are going to set it up?

I am looking more for the configuration of the chroot + sftp setup than how to install openssh.

OpenSSH 4.9 and higher comes with builtin chroot-capability for sftp-server (and internal-sftp) which can be setup on a per-user basis. Since CentOS 5.4 comes with OpenSSH 4.3 you'd have to upgrade your OpenSSH installation if you do not want to use the patched chrooted SSH server which comes with your Linux distribution.

And BTW: you asked how to setup a recent version of OpenSSH in your comment to wzzrd's answer.

Just to be more clear, can you describe how you are going to setup sftp and chrooting for your users.

I'm enjoying a nice vacation atm, so I can't check, but it's in the lines of what is described here: debian-administration.org/articles/590. (I cannot do syntaxy stuff in a comment, so I Googled you a solution that works similar to mine).

Your solution requires OpenSSH 4.9 or higher which isn't available on RHEL 5.4 as an official package. There are also several other answers here pointing in that direction.

That's not correct. Red Hat partially backported the feature. See rhn.redhat.com/errata/RHSA-2009-1287.html

Instructions on how to build this: binblog.info/2009/02/27/packaging-openssh-on-centos

However, only the ChrootDirectory config option was backported by Red Hat (as of openssh-4.3p2-36.el5.i386.rpm and up); the other config option normally used here is Match which is still not available as of openssh-server-4.3p2-72.el5_7.5 - though it's marvelous and wonderful that any backporting is happening at all.