sftp_chroot
Differences
This shows you the differences between two versions of the page.
| — |
sftp_chroot [2018/05/10 16:05] (current) kyxap created |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | {{tag>ftp ssh sftp chroot}} | ||
| + | ====== Использование chroot для sftp подключений ====== | ||
| + | |||
| + | # mkdir -p /srv/ssh/chroot | ||
| + | # mkdir -p /etc/ssh/authorized_keys /srv/ssh/chroot | ||
| + | # groupadd sftponly | ||
| + | # useradd -G www-data -g sftponly -s /usr/sbin/nologin -d /srv/ssh -N USERNAME | ||
| + | # find /var/www/static -type d -print0 | xargs -0 chmod g+xwr | ||
| + | # find /var/www/static -type f -print0 | xargs -0 chmod g+wr | ||
| + | # chmod 775 /var/www/static /srv/ssh/chroot | ||
| + | # mount -o bind /var/www/static /srv/ssh/chroot | ||
| + | |||
| + | <file sshdconfig /etc/ssh/sshd_config> | ||
| + | Subsystem sftp internal-sftp -u 0002 | ||
| + | AuthorizedKeysFile /etc/ssh/authorized_keys/%u %h/.ssh/authorized_keys .ssh/authorized_keys | ||
| + | Match Group sftponly | ||
| + | ChrootDirectory %h | ||
| + | ForceCommand internal-sftp -u 0002 | ||
| + | AllowTcpForwarding no | ||
| + | X11Forwarding no | ||
| + | PasswordAuthentication no | ||
| + | </file> | ||
| + | |||
| + | <file fstab /etc/fstab> | ||
| + | LABEL=cloudimg-rootfs / ext4 defaults,discard 0 0 | ||
| + | /var/www/static /srv/ssh/chroot none bind 0 0 | ||
| + | </file> | ||
| + | |||
sftp_chroot.txt · Last modified: 2018/05/10 16:05 by kyxap
