This shows you the differences between two versions of the page.
— |
sftp_chroot [2018/05/10 16:05] (current) kyxap created |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | {{tag>ftp ssh sftp chroot}} | ||
+ | ====== Использование chroot для sftp подключений ====== | ||
+ | |||
+ | # mkdir -p /srv/ssh/chroot | ||
+ | # mkdir -p /etc/ssh/authorized_keys /srv/ssh/chroot | ||
+ | # groupadd sftponly | ||
+ | # useradd -G www-data -g sftponly -s /usr/sbin/nologin -d /srv/ssh -N USERNAME | ||
+ | # find /var/www/static -type d -print0 | xargs -0 chmod g+xwr | ||
+ | # find /var/www/static -type f -print0 | xargs -0 chmod g+wr | ||
+ | # chmod 775 /var/www/static /srv/ssh/chroot | ||
+ | # mount -o bind /var/www/static /srv/ssh/chroot | ||
+ | |||
+ | <file sshdconfig /etc/ssh/sshd_config> | ||
+ | Subsystem sftp internal-sftp -u 0002 | ||
+ | AuthorizedKeysFile /etc/ssh/authorized_keys/%u %h/.ssh/authorized_keys .ssh/authorized_keys | ||
+ | Match Group sftponly | ||
+ | ChrootDirectory %h | ||
+ | ForceCommand internal-sftp -u 0002 | ||
+ | AllowTcpForwarding no | ||
+ | X11Forwarding no | ||
+ | PasswordAuthentication no | ||
+ | </file> | ||
+ | |||
+ | <file fstab /etc/fstab> | ||
+ | LABEL=cloudimg-rootfs / ext4 defaults,discard 0 0 | ||
+ | /var/www/static /srv/ssh/chroot none bind 0 0 | ||
+ | </file> | ||
+ | |||