服务器:Ubuntu 18.04.1 LTS
固态硬盘:OpenSSH_7.6p1 Ubuntu-4, OpenSSL 1.0.2n
我创建了一个测试用户sftpuser和sftp组,尝试通过 WinSCP 客户端登录,作为开始。sshd_config最后我有以下块:
Subsystem sftp internal-sftp -f AUTH -l INFO
Match group sftp
ChrootDirectory /home/%u/www
X11Forwarding no
AllowAgentForwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
/home/sftpuser 中的我的权限的进一步示例:
drwxr-xr-x 4 root root 4096 Nov 2 08:47 ./
drwxr-xr-x 5 root root 4096 Nov 2 08:27 ../
drwx------ 2 sftpuser sftp 4096 Nov 2 08:33 .ssh/
drwx------ 2 root root 4096 Nov 2 08:47 www/
无论权限/所有权如何(即 root:sftp、sftpuser:sftp 等),当正确设置时,调试日志似乎什么都没有说,并且 WinSCP 客户端说“服务器已发送退出状态 1”,没有更多信息。
auth.log(带有 DEBUG 级别日志记录)
Nov 2 20:24:07 srv sshd[24104]: debug1: matching key found: file /home/sftpuser/.ssh/authorized_keys, line 1 RSA [snip]
Nov 2 20:24:07 srv sshd[24104]: debug1: restore_uid: 0/0
Nov 2 20:24:07 srv sshd[24104]: Accepted publickey for sftpuser from [snip] port 60326 ssh2: RSA [snip]
Nov 2 20:24:07 srv sshd[24104]: debug1: monitor_child_preauth: sftpuser has been authenticated by privileged process
Nov 2 20:24:07 srv sshd[24104]: debug1: monitor_read_log: child log fd closed
Nov 2 20:24:07 srv sshd[24104]: User child is on pid 24106
Nov 2 20:24:07 srv sshd[24106]: debug1: SELinux support disabled
Nov 2 20:24:26 srv sshd[23869]: debug1: server_input_channel_req: channel 0 request window-change reply 0
Nov 2 20:24:26 srv sshd[23869]: debug1: session_by_channel: session 0 channel 0
Nov 2 20:24:26 srv sshd[23869]: debug1: session_input_channel_req: session 0 req window-change
我怎么才能开始找出 internal-sftp 发生了什么?我也尝试了默认的未注释的 sftp 服务器,但无济于事。