Table of Contents

, , ,

Использование chroot для sftp подключений

# mkdir -p /srv/ssh/chroot
# mkdir -p /etc/ssh/authorized_keys /srv/ssh/chroot
# groupadd sftponly
# useradd -G www-data -g sftponly -s /usr/sbin/nologin -d /srv/ssh -N USERNAME
# find /var/www/static -type d -print0 | xargs -0 chmod g+xwr
# find /var/www/static -type f -print0 | xargs -0 chmod g+wr
# chmod 775 /var/www/static /srv/ssh/chroot
# mount -o bind /var/www/static /srv/ssh/chroot
/etc/ssh/sshd_config
Subsystem sftp internal-sftp -u 0002
AuthorizedKeysFile /etc/ssh/authorized_keys/%u %h/.ssh/authorized_keys .ssh/authorized_keys
Match Group sftponly
  ChrootDirectory %h
  ForceCommand internal-sftp -u 0002
  AllowTcpForwarding no
  X11Forwarding no
  PasswordAuthentication no
/etc/fstab
LABEL=cloudimg-rootfs   /               ext4  defaults,discard  0 0
/var/www/static         /srv/ssh/chroot none  bind              0 0