Linux | CentOS7 openssh - sftp jail, chroot, only sftp(ssh is protected)
페이지 정보
작성자 주인장 작성일2016. 07. 21. 16:28 조회20,980회 댓글0건관련링크
본문
CentOS7 openssh - sftp jail, chroot, only sftp(ssh is protected)
[root@localhost ~]# vi /etc/ssh/sshd_config
#Subsystem sftp /usr/libexec/openssh/sftp-server
Subsystem sftp internal-sftp
Match Group sftp_user
ChrootDirectory %h
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no
[root@localhost ~]# systemctl restart sshd
[root@localhost ~]# groupadd sftp_user
[root@localhost ~]# useradd -g sftp_user test
[root@localhost ~]# id test
uid=1001(test) gid=1002(sftp_user) groups=1002(sftp_user)
[root@localhost ~]# cd /home
[root@localhost home]# chown root test
[root@localhost home]# chmod 755 test
[root@localhost home]# mkdir test/public_html
[root@localhost home]# chown root test/public_html
[root@localhost home]# chmod 775 test/public_html
[root@localhost home]# mkdir test/mydata
[root@localhost home]# chown root test/mydata
[root@localhost home]# chmod 775 test/mydata
[root@localhost home]# pwd
/home
[root@localhost home]# ls -l | grep test
drwxr-xr-x 5 root sftp_user 105 7월 21 16:17 test
합계 0
drwxrwxr-x 2 root sftp_user 24 7월 21 16:17 mydata
drwxrwxr-x 2 root sftp_user 6 7월 21 16:17 public_html
[root@localhost home]#
===
[root@localhost ~]# sftp test@192.168.56.101
The authenticity of host '192.168.56.101 (192.168.56.101)' can't be established.
ECDSA key fingerprint is ed:a2:f1:fa:43:74:b9:20:37:01:e3:14:9f:23:34:de.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.56.101' (ECDSA) to the list of known hosts.
test@192.168.56.101's password:
Connected to 192.168.56.101.
sftp> ls -l
drwxrwxr-x 2 0 1002 24 Jul 21 07:17 mydata
drwxrwxr-x 2 0 1002 6 Jul 21 07:17 public_html
sftp>
댓글목록
등록된 댓글이 없습니다.