sshd_config 中的 chroot 指令无法排除用户

Question

您需要Match group sftp位于要应用于该组的行之前。没有任何内容应用于该组，sftp因为它后面没有关键字！或者更确切地说，在这种情况下，关键字将应用于每个人，因为您直到它们之后才指定要匹配的组。

引用自man sshd_config

Match   Introduces  a conditional block.  If all of the criteria on the
        Match line  are satisfied, the keywords on the following lines
        override those set  in the global section of the config file,
        until either another Match  line or the end of the file.  If a
        keyword appears in  multiple Match blocks that are satisified,
        only the first instance of the keyword is applied.

尝试类似的方法：

Subsystem sftp internal-sftp

UsePAM yes

GatewayPorts no
AllowTcpForwarding no
KeepAlive yes
IgnoreUserKnownHosts no

Match group sftp
  ChrootDirectory %h
  ForceCommand internal-sftp

Answer 1

您需要Match group sftp位于要应用于该组的行之前。没有任何内容应用于该组，sftp因为它后面没有关键字！或者更确切地说，在这种情况下，关键字将应用于每个人，因为您直到它们之后才指定要匹配的组。

引用自man sshd_config

Match   Introduces  a conditional block.  If all of the criteria on the
        Match line  are satisfied, the keywords on the following lines
        override those set  in the global section of the config file,
        until either another Match  line or the end of the file.  If a
        keyword appears in  multiple Match blocks that are satisified,
        only the first instance of the keyword is applied.

尝试类似的方法：

Subsystem sftp internal-sftp

UsePAM yes

GatewayPorts no
AllowTcpForwarding no
KeepAlive yes
IgnoreUserKnownHosts no

Match group sftp
  ChrootDirectory %h
  ForceCommand internal-sftp

sshd_config 中的 chroot 指令无法排除用户

答案1

相关内容