Linux限制只能用sftp访问固定目录

发表于 更新于 分类于 Waline: 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
#添加用户
sudo useradd -d /home/exxk/shared_bikes_html -m -s /bin/bash bikesfe
#创建修改密码
sudo passwd bikesfe
#添加bikesfe用户只能使用sftp
sudo vim /etc/ssh/sshd_config
Match User bikesfe
     ChrootDirectory /home/exxk/shared_bikes_html
     ForceCommand internal-sftp
     AllowTcpForwarding no
     X11Forwarding no
#修改/home/exxk/shared_bikes_html目录及上层目录权限
sudo chmod 755 /home/exxk
sudo chmod 755 /home/exxk/shared_bikes_html
sudo chown root:root /home/exxk/shared_bikes_html
sudo chown root:root /home/exxk
#测试
#sftp登录成功
sftp bikesfe@172.16.10.2
#ssh登录失败
ssh bikesfe@172.16.10.2

常见问题:

  1. 不修改目录及上级目录权限会提示如下错误:
1
2
3
4
5
6
Jan 08 14:24:26 ubuntu sshd[2677787]: Accepted password for bikesfe from 172.16.30.210 port 52532 ssh2
Jan 08 14:24:26 ubuntu sshd[2677787]: pam_unix(sshd:session): session opened for user bikesfe(uid=1001) by (uid=0)
Jan 08 14:24:26 ubuntu systemd[2677793]: Listening on GnuPG cryptographic agent (ssh-agent emulation).
Jan 08 14:24:26 ubuntu sshd[2677897]: fatal: bad ownership or modes for chroot directory component "/home/hcytech/"
Jan 08 14:24:26 ubuntu sshd[2677787]: pam_unix(sshd:session): session closed for user bikesfe
Jan 08 14:24:37 ubuntu systemd[2677793]: Closed GnuPG cryptographic agent (ssh-agent emulation).