我有一台来自 dlink 的 NAS DNS-320L,运行原始固件 +有趣的插头使 NAS 能够接收 ssh 连接。我可以使用该用户里卡多通过ssh登录服务器。
[ricardo@crudo:~]$ ssh [email protected]
[email protected]'s password:
Last login: Sat Oct 17 16:23:30 2015 from 192.168.1.112
BusyBox v1.20.2 (2013-11-27 15:54:37 CST) built-in shell (ash)
Enter 'help' for a list of built-in commands.
~ $ uname -a
Linux HipoteNAS 2.6.31.8 #1 Wed Aug 22 16:55:05 CST 2012 armv5tel GNU/Linux
但是,当我尝试将文件从服务器复制到本地计算机时,我收到一条Permission denied
消息。像那样:
[ricardo@crudo:~]$ scp -v ricardo@hipotenusab9:/mnt/HD/HD_a2/ricardo/test .
Executing: program /usr/bin/ssh host hipotenusab9, user ricardo, command scp -v -f /mnt/HD/HD_a2/ricardo/test
OpenSSH_7.1p1, OpenSSL 1.0.2d 9 Jul 2015
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to hipotenusab9 [192.168.1.140] port 22.
debug1: Connection established.
debug1: identity file /home/ricardo/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ricardo/.ssh/id_rsa-cert type -1
debug1: identity file /home/ricardo/.ssh/id_dsa type 2
debug1: key_load_public: No such file or directory
debug1: identity file /home/ricardo/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ricardo/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ricardo/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ricardo/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ricardo/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9
debug1: match: OpenSSH_5.9 pat OpenSSH_5* compat 0x0c000000
debug1: Authenticating to hipotenusab9:22 as 'ricardo'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr [email protected] none
debug1: kex: client->server aes128-ctr [email protected] none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:2di8KzkN9fsQT1KBqP5f3GrMp5CA+Gctuvl87yFJEag
debug1: Host 'hipotenusab9' is known and matches the ECDSA host key.
debug1: Found key in /home/ricardo/.ssh/known_hosts:32
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/ricardo/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Skipping ssh-dss key /home/ricardo/.ssh/id_dsa for not in PubkeyAcceptedKeyTypes
debug1: Trying private key: /home/ricardo/.ssh/id_ecdsa
debug1: Trying private key: /home/ricardo/.ssh/id_ed25519
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
ricardo@hipotenusab9's password:
debug1: Authentication succeeded (password).
Authenticated to hipotenusab9 ([192.168.1.140]:22).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: Sending command: scp -v -f /mnt/HD/HD_a2/ricardo/test
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype [email protected] reply 0
sh: scp: Permission denied
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
debug1: fd 1 clearing O_NONBLOCK
Transferred: sent 2808, received 1808 bytes, in 0.0 seconds
Bytes per second: sent 187813.6, received 120928.4
debug1: Exit status 127
我确实有权访问该目录,如下所示。
[ricardo@crudo:~]$ ssh [email protected]
[email protected]'s password:
Last login: Sat Oct 17 16:44:08 2015 from 192.168.1.112
BusyBox v1.20.2 (2013-11-27 15:54:37 CST) built-in shell (ash)
Enter 'help' for a list of built-in commands.
~ $ ls -la /mnt/HD/HD_a2/
drwxrwxrwx 15 root root 4096 Oct 11 21:02 .
drwxrwx--- 3 root root 4096 Jun 8 2014 .!@$mmc
drwxr-xr-x 3 root root 1024 Oct 11 21:04 ..
drwx------ 9 root root 4096 Oct 26 2014 .systemfile
drwxrwx--- 4 root root 4096 Jun 12 2014 Nas_Prog
drwxrwxrwx 5 root root 4096 Jun 22 2014 P2P
drwxr-xr-x 15 root root 4096 Jun 10 2014 ffp
-rw------- 1 root root 30049 Oct 11 21:05 ffp.log
-rwxrwx--- 1 root root 1942 Jun 9 2014 fun_plug
drwx------ 2 root root 16384 Jun 8 2014 lost+found
drwxrwxrwx 219 nobody allaccou 12288 Oct 25 2014 music
drwxrwxrwx 3 nobody allaccou 4096 Aug 23 2014 photo
drwxrwxrwx 19 ricardo media 4096 Oct 11 21:35 ricardo
drwxrwxrwx 52 nobody allaccou 4096 Aug 17 06:56 video
~ $ ls -la /mnt/HD/HD_a2/ricardo/
drwxrwxrwx 19 ricardo media 4096 Oct 11 21:35 .
drwxrwxrwx 15 root root 4096 Oct 11 21:02 ..
drwxrwxrwx 16 ricardo media 4096 Jun 20 2014 Engenharia
drwxrwxrwx 75 ricardo media 4096 Jul 5 2014 Fotos
drwxrwxrwx 7 ricardo media 4096 Oct 7 18:50 Outros
drwxrwxrwx 9 ricardo media 4096 Jun 19 2014 Projetos
drwxrwxrwx 14 ricardo media 4096 Jun 19 2014 SENAI
-rwxrwxrwx 1 ricardo media 0 Oct 11 21:35 test
我可以使用复制文件根用户。知道会发生什么吗?
已编辑。
以下是服务器端的文件权限:
[ricardo@crudo:~]$ ssh ricardo@hipotenusab9
ricardo@hipotenusab9's password:
BusyBox v1.20.2 (2013-11-27 15:54:37 CST) built-in shell (ash)
Enter 'help' for a list of built-in commands.
~ $ scp
-sh: scp: Permission denied
~ $ echo $PATH
/usr/bin:/bin:/usr/sbin:/sbin:/ffp/bin
~ $ ls -la /mnt/HD/HD_a2/ffp/bin/scp
-rwxr-xr-x 1 root root 56200 Dec 29 2011 /mnt/HD/HD_a2/ffp/bin/scp
~ $ ls -la /ffp
lrwxrwxrwx 1 root root 17 Oct 18 22:23 /ffp -> /mnt/HD/HD_a2/ffp
作为根用户:
[ricardo@crudo:~]$ ssh root@hipotenusab9
root@HipoteNAS:~# find / -name scp
/mnt/HD/HD_a2/ffp/bin/scp
root@HipoteNAS:~#
答案1
scp: Permission denied
scp
通过调用scp
远程端的可执行文件来工作。显然远程安装存在一些问题:scp
存在但只能由 root 执行。检查可执行文件的权限scp
(通常/usr/bin/scp
是 或/usr/local/bin/scp
)(此外,还检查通向该可执行文件的所有目录及其加载程序的权限,但考虑到其他程序正在运行,这些权限可能没问题)。