服务器 ubuntu 18.04 上的 sftp 设置

Question 1

请执行以下操作

编辑/etc/ssh/sshd_config
确保创建 sftpuser 和 sftp 组
确保有一个具有 root 所有权的目录，您将将其用作 chroot 例如sftpdir
我附加了一个 SFTP 配置，允许通过端口 22 进行 SSH 和在随机端口进行 SFTP。它会阻止 SSH 访问，只允许对该端口进行 SFTP 访问sftpuser。秘诀在于使用 internal-sftp 子系统和Match子句。
重启 sshd 并检查状态

# This is the sshd server. Configured for SFTP access on a random port.
# See sshd_config(5) for more information.
Port 279
Port 22
PasswordAuthentication no
ChallengeResponseAuthentication no

# Cipher suite
KexAlgorithms +diffie-hellman-group1-sha1,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
Ciphers +3des-cbc,aes128-cbc,aes128-ctr,aes256-ctr
#+blowfish-cbc
#,
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
X11Forwarding no
PrintMotd no
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

# override default of no subsystems
Subsystem    sftp    internal-sftp
# Allow SSH over port 22 for Ubuntu but truncate SFTP.
Match User ubuntu  LocalPort 22
  ForceCommand "/bin/bash"
Match User ubuntu LocalPort 279
    ForceCommand exit
PermitTunnel no
AllowAgentForwarding no
X11Forwarding no
AllowTcpForwarding no
# Allow special feature on Random port 279
Match LocalPort 279 group sftp
  ChrootDirectory /home/sftpdir

Answer

请执行以下操作

编辑/etc/ssh/sshd_config
确保创建 sftpuser 和 sftp 组
确保有一个具有 root 所有权的目录，您将将其用作 chroot 例如sftpdir
我附加了一个 SFTP 配置，允许通过端口 22 进行 SSH 和在随机端口进行 SFTP。它会阻止 SSH 访问，只允许对该端口进行 SFTP 访问sftpuser。秘诀在于使用 internal-sftp 子系统和Match子句。
重启 sshd 并检查状态

# This is the sshd server. Configured for SFTP access on a random port.
# See sshd_config(5) for more information.
Port 279
Port 22
PasswordAuthentication no
ChallengeResponseAuthentication no

# Cipher suite
KexAlgorithms +diffie-hellman-group1-sha1,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
Ciphers +3des-cbc,aes128-cbc,aes128-ctr,aes256-ctr
#+blowfish-cbc
#,
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
X11Forwarding no
PrintMotd no
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

# override default of no subsystems
Subsystem    sftp    internal-sftp
# Allow SSH over port 22 for Ubuntu but truncate SFTP.
Match User ubuntu  LocalPort 22
  ForceCommand "/bin/bash"
Match User ubuntu LocalPort 279
    ForceCommand exit
PermitTunnel no
AllowAgentForwarding no
X11Forwarding no
AllowTcpForwarding no
# Allow special feature on Random port 279
Match LocalPort 279 group sftp
  ChrootDirectory /home/sftpdir

Question 2

我刚刚在构建我的 SFTP 服务器，遇到了您的问题。我已关注本文并且用户没有 shell 访问权限，只能访问自己的主目录。

Answer

我刚刚在构建我的 SFTP 服务器，遇到了您的问题。我已关注本文并且用户没有 shell 访问权限，只能访问自己的主目录。

服务器 ubuntu 18.04 上的 sftp 设置

答案1

答案2

相关内容