用于访问本地主机实例上的 SFTP 的“client_loop:发送断开连接:损坏的管道”

tag-icon tag-icon ssh sftp
用于访问本地主机实例上的 SFTP 的“client_loop:发送断开连接:损坏的管道”

我继承了 SFTP 的一个不寻常的配置,其中系统使用本地运行的 SFTP 实例加载 NFS 共享上的目录,该目录默认/var/sftp为符号链接,但当尝试使用 SFTP 库进行连接时,连接失败。

debug1: identity file /home/testuser/.ssh/id_ecdsa type -1
debug1: identity file /home/testuser/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4ubuntu0.9
debug1: SSH2_MSG_KEXINIT sent
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /home/testuser/.ssh/id_rsa
debug1: Will attempt key: /home/testuser/.ssh/id_dsa
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,[email protected],ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected]>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/testuser/.ssh/id_ecdsa_sk
debug1: Trying private key: /home/testuser/.ssh/id_ed25519
debug1: Trying private key: /home/testuser/.ssh/id_ed25519_sk
debug1: Trying private key: /home/testuser/.ssh/id_xmss
debug1: Next authentication method: password
testlab1@localhost's password:
debug1: Authentication succeeded (password).
Authenticated to localhost ([127.0.0.1]:22).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: pledge: network
client_loop: send disconnect: Broken pipe
Connection closed.
Connection closed

当使用 SFTP 命令进行测试时,它会终止,client_loop: send disconnect: Broken pipe如上所示。我的初步研究表明这是一个权限问题,我无法通过符号链接来控制。符号链接内的子目录设置为 0755,并且不属于父符号链接所在的同一用户,但属于sshd_config 中root使用 a 设置的 sftp 组的一部分。Match Group同样,ChrootDirectory在 sshd_config 中也设置为 %h。

$ ls -aluth
lrwxrwxrwx  1 root root   36 Dec 13 18:05 directory -> /mnt/nfs1/target-directory
drwxr-xr-x  3 root root 4.0K Dec 13 16:18 .
drwxr-xr-x 15 root root 4.0K Dec 12 20:05 ..

问题是否与此处的符号链接权限一样简单?如果是,是否有任何解决方法允许 SFTP 连接到此链接中的目录?

相关内容