碼上快樂

相關內容    簡體    繁體

Centos創建用戶通過SFTP訪問指定目錄及權限設置的方法

本文轉載自   查看原文   2020-12-16 15:53   1054    Linux/ Centos

環境准備:兩台Linux服務 

系統版本:centos7.6 

IP:192.168.0.4 sftp 用戶
IP:192.168.0.3 驗證服務

1.查看openssh軟件版本,想sftp服務用戶只能訪問特定的文件目錄,版本需要4.8以上
[root@Slave tools]# rpm -qa | grep openssh
openssh-server-7.4p1-16.el7.x86_64
openssh-7.4p1-16.el7.x86_64
openssh-clients-7.4p1-16.el7.x86_64
You have new mail in /var/spool/mail/root
[root@Slave tools]#

2.新增用戶,限制用戶只能通過sftp訪問
[root@Slave tools]# useradd -m -d /opt/ftp/dave -s /sbin/nologin dave
useradd: cannot create directory /opt/ftp/dave
[root@Slave tools]# mkdir -p /opt/ftp/dave
You have new mail in /var/spool/mail/root
[root@Slave tools]# cd /opt/ftp/
[root@Slave ftp]# ll
total 0
drwxr-xr-x 2 root root 6 Dec 16 02:36 dave

3.用戶設置密碼
[root@Slave tools]# passwd dave
Changing password for user dave.
New password: 123789
BAD PASSWORD: The password is shorter than 8 characters
Retype new password: 123789
passwd: all authentication tokens updated successfully.
You have new mail in /var/spool/mail/root
[root@Slave tools]#

4.限制用戶通過sftp登錄進來時只能進入主目錄,修改/etc/ssh/sshd_config文件
[root@Slave tools]# cp /etc/ssh/sshd_config /etc/ssh/sshd_config_202012161522.bak
[root@Slave tools]# vi /etc/ssh/sshd_config
#Subsystem sftp /usr/libexec/openssh/sftp-server
Subsystem sftp internal-sftp
Match User dave
ChrootDirectory /opt/ftp/dave
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

5.重啟ssh
[root@Slave tools]# service sshd restart
Redirecting to /bin/systemctl restart sshd.service
You have new mail in /var/spool/mail/root
[root@Slave tools]#

4.測試訪問 IP:192.168.0.3
[root@Master tools]# sftp -oPort=22 dave@192.168.0.4
dave@192.168.0.4's password:
packet_write_wait: Connection to 192.168.0.4 port 22: Broken pipe
Couldn't read packet: Connection reset by peer
[root@Master tools]#

發現連接不上,查看日志
[root@Slave tools]# tail /var/log/messages
Dec 16 02:25:30 Slave systemd: Started OpenSSH server daemon.
Dec 16 02:25:53 Slave kubelet: W1216 02:25:53.090332 3421 conversion.go:110] Could not get instant cpu stats: cumulative stats decrease
Dec 16 02:29:33 Slave systemd: Starting Cleanup of Temporary Directories...
Dec 16 02:29:33 Slave systemd: Started Cleanup of Temporary Directories.
Dec 16 02:30:01 Slave systemd: Started Session 6 of user root.
Dec 16 02:32:00 Slave systemd: Created slice User Slice of dave.
Dec 16 02:32:00 Slave systemd: Started Session 7 of user dave.
Dec 16 02:32:00 Slave systemd-logind: New session 7 of user dave.
Dec 16 02:32:00 Slave systemd-logind: Removed session 7.
Dec 16 02:32:00 Slave systemd: Removed slice User Slice of dave.
[root@Slave tools]#

解決方法:
目錄權限設置上要遵循2點:
ChrootDirectory設置的目錄權限及其所有的上級文件夾權限,屬主和屬組必須是root;
ChrootDirectory設置的目錄權限及其所有的上級文件夾權限,只有屬主能擁有寫權限,權限最大設置只能是755。
如果不能遵循以上2點,即使是該目錄僅屬於某個用戶,也可能會影響到所有的SFTP用戶。

[root@Slave tools]# cd /opt/ftp/
[root@Slave ftp]# ll
total 0
drwxr-xr-x 2 root root 6 Dec 16 02:36 dave
[root@Slave ftp]# chown root:root dave
[root@Slave ftp]# chmod 755 dave
[root@Slave ftp]# ll
total 0
drwxr-xr-x 2 root root 6 Dec 16 02:36 dave

然后在測試通過 IP:192.168.0.3
[root@Master tools]# sftp -oPort=22 dave@192.168.0.4
dave@192.168.0.4's password:
Connected to 192.168.0.4.
sftp> ls
sftp> cd ..
sftp> ls
sftp>

IP:192.168.0.4
創建目錄、文本
[root@Slave test]# cd /opt/ftp/dave/
[root@Slave dave]# mkdir test
[root@Slave dave]# cd test/
[root@Slave test]# ll
total 0
[root@Slave test]# touch 1.txt

IP:192.168.0.3
測試查看:
[root@Master tools]# sftp -oPort=22 dave@192.168.0.4
dave@192.168.0.4's password:
Connected to 192.168.0.4.
sftp> ls
test
sftp> cd test/
sftp> ls
1.txt
sftp>


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 創建SFTP用戶並指定訪問目錄 Linux Linux創建用戶,SFTP只允許訪問指定目錄 Linux 創建sftp用戶並限制目錄權限 Linux設置SFTP服務用戶目錄權限 Linux設置SFTP服務用戶目錄權限 Linux - 設置SFTP服務用戶目錄權限 sftp 多用戶,多目錄不同權限設置 Sftp只允許用戶訪問指定的目錄,不能訪問其他目錄 Linux 創建用戶 限制SFTP用戶只能訪問某個目錄 sftp用戶權限設置
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM