SFTP 服务器不工作

SFTP 服务器不工作

我对 Linux 有点缺乏经验,所以我将在这里保留我使用的所有命令,以在 Ubuntu 18.04 Server 上设置 SFTP 服务器。

我的目标是创建一个 SFTP 服务器,符合以下标准:

  • 所有 SFTP 用户都位于“sftp_users”组中。
  • 全部用户不要有自己的文件夹。
  • 所有用户都有权访问仅有的到 1 个公用文件夹 (/data/sftp)。
  • 任何 SFTP 用户都可以读取、写入、执行(也称为上传、下载、删除等)此公共文件夹中的任何文件。

我用来设置服务器的命令

apt update
apt install openssh-server
mkdir -p /data/sftp
chmod 701 /data
groupadd sftp_users
useradd -g sftp_users -d /data/sftp -s /sbin/nologin sftptest
passwd sftptest
chown -R root:sftp_users /data/sftp
chown -R sftptest:sftp_users /data/sftp
nano /etc/ssh/sshd_config

在文件末尾添加此行

Match Group sftp_users
ChrootDirectory /data/sftp
ForceCommand internal-sftp

并且做到了

systemctl restart sshd

当我尝试通过 SFTP 连接到服务器时WinSCP,它给了我错误

Authentication log (see session log for details):
Using username "sftptest".

Authentication failed.

完整日志:

. 2019-08-10 23:49:45.266 --------------------------------------------------------------------------
. 2019-08-10 23:49:45.266 WinSCP Version 5.15.3 (Build 9730) (OS 10.0.17134 - Windows 10 Enterprise)
. 2019-08-10 23:49:45.267 Configuration: HKCU\Software\Martin Prikryl\WinSCP 2\
. 2019-08-10 23:49:45.267 Log level: Normal
. 2019-08-10 23:49:45.267 Local account: %PCNAME%
. 2019-08-10 23:49:45.267 Working directory: C:\Program Files (x86)\WinSCP
. 2019-08-10 23:49:45.267 Process ID: 5780
. 2019-08-10 23:49:45.267 Command-line: "C:\Program Files (x86)\WinSCP\WinSCP.exe" 
. 2019-08-10 23:49:45.275 Time zone: Current: GMT+3, Standard: GMT+2 (FLE Standard Time), DST: GMT+3 (FLE Daylight Time), DST Start: 31.03.2019, DST End: 27.10.2019
. 2019-08-10 23:49:45.275 Login time: 10 August 2019 y. 23:49:45
. 2019-08-10 23:49:45.275 --------------------------------------------------------------------------
. 2019-08-10 23:49:45.275 Session name: sftptest@%INTERNALIP% (Ad-Hoc site)
. 2019-08-10 23:49:45.275 Host name: %INTERNALIP% (Port: 22)
. 2019-08-10 23:49:45.275 User name: sftptest (Password: Yes, Key file: No, Passphrase: No)
. 2019-08-10 23:49:45.275 Tunnel: No
. 2019-08-10 23:49:45.275 Transfer Protocol: SFTP (SCP)
. 2019-08-10 23:49:45.275 Ping type: Off, Ping interval: 30 sec; Timeout: 15 sec
. 2019-08-10 23:49:45.275 Disable Nagle: No
. 2019-08-10 23:49:45.275 Proxy: None
. 2019-08-10 23:49:45.275 Send buffer: 262144
. 2019-08-10 23:49:45.275 SSH protocol version: 2; Compression: No
. 2019-08-10 23:49:45.275 Bypass authentication: No
. 2019-08-10 23:49:45.275 Try agent: Yes; Agent forwarding: No; TIS/CryptoCard: No; KI: Yes; GSSAPI: Yes
. 2019-08-10 23:49:45.275 GSSAPI: Forwarding: No; Libs: gssapi32,sspi,custom; Custom: 
. 2019-08-10 23:49:45.276 Ciphers: aes,chacha20,blowfish,3des,WARN,arcfour,des; Ssh2DES: No
. 2019-08-10 23:49:45.276 KEX: ecdh,dh-gex-sha1,dh-group14-sha1,rsa,WARN,dh-group1-sha1
. 2019-08-10 23:49:45.276 SSH Bugs: Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto
. 2019-08-10 23:49:45.276 Simple channel: Yes
. 2019-08-10 23:49:45.276 Return code variable: Autodetect; Lookup user groups: Auto
. 2019-08-10 23:49:45.276 Shell: default
. 2019-08-10 23:49:45.276 EOL: LF, UTF: Auto
. 2019-08-10 23:49:45.276 Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes; Follow directory symlinks: No
. 2019-08-10 23:49:45.276 LS: ls -la, Ign LS warn: Yes, Scp1 Comp: No; Exit code 1 is error: No
. 2019-08-10 23:49:45.276 SFTP Bugs: Auto,Auto
. 2019-08-10 23:49:45.276 SFTP Server: default
. 2019-08-10 23:49:45.276 Local directory: default, Remote directory: home, Update: Yes, Cache: Yes
. 2019-08-10 23:49:45.276 Cache directory changes: Yes, Permanent: Yes
. 2019-08-10 23:49:45.276 Recycle bin: Delete to: No, Overwritten to: No, Bin path: 
. 2019-08-10 23:49:45.276 DST mode: Unix
. 2019-08-10 23:49:45.276 --------------------------------------------------------------------------
. 2019-08-10 23:49:45.317 Looking up host "%INTERNALIP%" for SSH connection
. 2019-08-10 23:49:45.317 Connecting to %INTERNALIP% port 22
. 2019-08-10 23:49:45.349 We claim version: SSH-2.0-WinSCP_release_5.15.3
. 2019-08-10 23:49:45.380 Server version: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
. 2019-08-10 23:49:45.380 Using SSH protocol version 2
. 2019-08-10 23:49:45.381 Doing ECDH key exchange with curve Curve25519 and hash SHA-256
. 2019-08-10 23:49:45.784 Server also has ecdsa-sha2-nistp256/ssh-rsa host keys, but we don't know any of them
. 2019-08-10 23:49:45.785 Host key fingerprint is:
. 2019-08-10 23:49:45.785 ssh-ed25519 256 %FINGERPRINT% %KEY%
. 2019-08-10 23:49:45.816 Asking user:
. 2019-08-10 23:49:45.816 **Continue connecting to an unknown server and add its host key to a cache?**
. 2019-08-10 23:49:45.816 
. 2019-08-10 23:49:45.816 The server's host key was not found in the cache. You have no guarantee that the server is the computer you think it is.
. 2019-08-10 23:49:45.816 
. 2019-08-10 23:49:45.816 The server's Ed25519 key details are:
. 2019-08-10 23:49:45.816 
. 2019-08-10 23:49:45.816     Algorithm:    ssh-ed25519 256
. 2019-08-10 23:49:45.816     SHA-256:  %KEY%
. 2019-08-10 23:49:45.816     MD5:  %FINGERPRINT%
. 2019-08-10 23:49:45.816 
. 2019-08-10 23:49:45.816 If you trust this host, press Yes. To connect without adding host key to the cache, press No. To abandon the connection press Cancel. ()
. 2019-08-10 23:49:47.215 Initialised AES-256 SDCTR client->server encryption
. 2019-08-10 23:49:47.215 Initialised HMAC-SHA-256 client->server MAC algorithm
. 2019-08-10 23:49:47.215 Initialised AES-256 SDCTR server->client encryption
. 2019-08-10 23:49:47.215 Initialised HMAC-SHA-256 server->client MAC algorithm
! 2019-08-10 23:49:47.259 Using username "sftptest".
. 2019-08-10 23:49:47.291 Server offered these authentication methods: publickey,password
. 2019-08-10 23:49:47.291 Prompt (password, "SSH password", <no instructions>, "&Password: ")
. 2019-08-10 23:49:47.291 Using stored password.
. 2019-08-10 23:49:47.297 Sent password
. 2019-08-10 23:49:47.310 Access granted
. 2019-08-10 23:49:47.310 Opening session as main channel
. 2019-08-10 23:49:48.472 Network error: Software caused connection abort
* 2019-08-10 23:49:48.549 (EFatal) Network error: Software caused connection abort
* 2019-08-10 23:49:48.550 Authentication log (see session log for details):
* 2019-08-10 23:49:48.550 Using username "sftptest".
* 2019-08-10 23:49:48.550 
* 2019-08-10 23:49:48.550 Authentication failed.

答案1

好的,评论中的建议对我很有帮助。技巧执行了下一个命令

chown root /data
chmod go-w /data
chown sftptest:sftp_users /data/sftp
chmod ug+rwX /data/sftp
chmod 755 /data

还编辑了sshd_config。改变了

ChrootDirectory /data/sftp

ChrootDirectory /data

相关内容