大佬教程收集整理的这篇文章主要介绍了linux – sftp chroot目录下的公钥授权,大佬教程大佬觉得挺不错的,现在分享给大家,也给大家做个参考。
debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/test/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet,wait for reply debug1: Authentications that can conTinue: publickey debug2: we did not send a packet,disable method debug1: No more authentication methods to try. Permission denied (publickey). Couldn't read packet: Connection reset by peer
Chroot有效,因为可以使用密码进行授权.
我在没有chroot的主机上有其他帐户,它可以使用此密钥.
我尝试了很多次,但它仍然不起作用.
在auth.log中的服务器上只有:
连接由xxx@L_874_2@[preauth]
这是我的目录:
ls -laR /sftp/ /sftp/: @R_587_10586@l 12 drwxr-xr-x 3 root root 4096 May 3 16:55 . drwxr-xr-x 23 root root 4096 May 3 14:46 .. drwxr-xr-x 3 root root 4096 May 3 16:45 BACkup /sftp/BACkup: @R_587_10586@l 12 drwxr-xr-x 3 root root 4096 May 3 16:45 . drwxr-xr-x 3 root root 4096 May 3 16:55 .. drwxr-xr-x 3 BACkup sftpusers 4096 May 3 16:55 incoming /sftp/BACkup/incoming: @R_587_10586@l 12 drwxr-xr-x 3 BACkup sftpusers 4096 May 3 16:55 . drwxr-xr-x 3 root root 4096 May 3 16:45 .. drwx------ 2 BACkup sftpusers 4096 May 3 21:06 .ssh /sftp/BACkup/incoming/.ssh: @R_587_10586@l 12 drwx------ 2 BACkup sftpusers 4096 May 3 21:06 . drwxr-xr-x 3 BACkup sftpusers 4096 May 3 16:55 .. -rw------- 1 BACkup sftpusers 391 May 3 21:06 authorized_keys
我的用户:
BACkup:x:1002:1003::/incoming:/usr/sbin/nologin
我的ssh配置:
@H_918_16@match Group sftpusers ChrootDirectory /sftp/%u AuthorizedKeysFile /sftp/BACkup/incoming/.ssh/authorized_keys ForceCommand internal-sftp AllowTcpForWARDing no X11ForWARDing no请帮忙.
/etc/ssh/sshd_config line 153: Directive 'AuthorizedKeysFile' is not allowed within a Match block
(RHel 6.6,openssh 5.3p1-104)
SOLUTION:authorized_keys文件(和用户的.ssh目录)必须存在于/ etc / passwd定义的主目录位置,在chroot目录之外.
例如(使用OP用户名/ uids):
/ etc / passwd中:
BACkup:x:1002:1003::/home/BACkup:/sbin/nologin
创建由root拥有的目录/ home / BACkup
创建目录/home/BACkup/.ssh,将所有权更改为备份,chmod 700 /home/BACkup/.ssh
将authorized_keys文件复制到/home/BACkup/.ssh,chmod 400 authorized_keys
ls -laR /home /home: @R_587_10586@l 12 drwxr-xr-x 3 root root 4096 Jul 9 12:25 . drwxr-xr-x 3 root root 4096 Sep 22 2014 .. drwxr-xr-x 3 root root 4096 Jul 9 12:25 BACkup /home/BACkup: @R_587_10586@l 12 drwxr-xr-x 3 root root 4096 Jul 9 12:25 . drwxr-xr-x 3 root root 4096 Jul 9 12:25 .. drwx------ 3 BACkup sftpusers 4096 Jul 9 12:28 .ssh /home/BACkup/.ssh: @R_587_10586@l 12 drwx------ 3 BACkup sftpusers 4096 Jul 9 12:28 . drwxr-xr-x 3 root root 4096 Jul 9 12:25 .. -r-------- 3 BACkup sftpusers 391 Jul 9 12:29 authorized_keys
/ etc / ssh / sshd_config变为:
@H_918_16@match Group sftpusers ChrootDirectory /sftp/%u ForceCommand internal-sftp AllowTcpForWARDing no X11ForWARDing nochroot目录结构是:
ls -laR /sftp/ /sftp/: @R_587_10586@l 12 drwxr-xr-x 3 root root 4096 May 3 16:55 . drwxr-xr-x 23 root root 4096 May 3 14:46 .. drwxr-xr-x 3 root root 4096 May 3 16:45 BACkup /sftp/BACkup: @R_587_10586@l 12 drwxr-xr-x 3 root root 4096 May 3 16:45 . drwxr-xr-x 3 root root 4096 May 3 16:55 .. drwxr-xr-x 3 BACkup sftpusers 4096 May 3 16:55 incoming drwxr-xr-x 3 root root 4096 May 3 16:55 home /sftp/BACkup/incoming: @R_587_10586@l 12 drwxr-xr-x 3 BACkup sftpusers 4096 May 3 16:55 . drwxr-xr-x 3 root root 4096 May 3 16:45 .. /sftp/BACkup/home: @R_587_10586@l 12 drwxr-xr-x 3 root root 4096 May 3 16:55 . drwxr-xr-x 3 root root 4096 May 3 16:45 .. drwx------ 2 BACkup sftpusers 4096 May 3 21:06 BACkup /sftp/BACkup/home/BACkup: @R_587_10586@l 12 drwx------ 3 BACkup sftpusers 4096 May 3 21:06 . drwxr-xr-x 3 root root 4096 May 3 16:55 ..
注意:/ sftp / BACkup / home / BACkup是空的,它只提供一个看起来像非chroot / home / BACkup的路径 – .ssh目录是/home/BACkup/.ssh not / sftp /备份/家庭/备份/的.ssh
以上是大佬教程为你收集整理的linux – sftp chroot目录下的公钥授权全部内容,希望文章能够帮你解决linux – sftp chroot目录下的公钥授权所遇到的程序开发问题。
如果觉得大佬教程网站内容还不错,欢迎将大佬教程推荐给程序员好友。
本图文内容来源于网友网络收集整理提供,作为学习参考使用,版权属于原作者。
如您有任何意见或建议可联系处理。小编QQ:384754419,请注明来意。