CentOS7下配置鎖定目錄的SFTP
阿新 • • 發佈:2020-12-04
1.建立使用者及密碼;
使用者名稱sky 密碼123456
useradd sky && echo "123456"|passwd --stdin sky
2.建立sftp的宿主目錄及許可權;
宿主目錄的宿主組必須是root;
sftp宿主目錄/data/sftp
mkdir -p /data/sftp
chown root:root /data/sftp
3.建立使用者的宿主目錄及許可權;
使用者sky的sftp目錄為/data/sftp/sftp_sky
mkdir -p /data/sftp/sftp_sky chmod 755 /data/sftp/sftp_sky chown sky:sky /data/sftp/sftp_sky
4.修改ssh的配置
編輯/etc/ssh/sshd.conf新增內容
#Subsystem sftp /usr/libexec/openssh/sftp-server #此行註釋 Subsystem sftp /usr/libexec/openssh/sftp-server -l INFO -f local5 LogLevel INFO Match User sky # 使用者名稱 ChrootDirectory /data/sftp # 使用者宿主目錄 X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp -l INFO -f local5
5.修改rsyslog的配置
編輯/etc/rsyslog.conf 新增到最後一行
auth,authpriv.*,local5.* #/var/log/sftp.log
6.重啟服務
systemctl restart rsyslog
systemctl restart sshd
7.測試
tail -f /var/log/secure Dec 4 14:57:39 vm7 sshd[2112]: Accepted password for sky from 172.17.1.6 port 49251 ssh2 Dec 4 14:57:39 vm7 sshd[2112]: pam_unix(sshd:session): session opened for user sky by (uid=0) Dec 4 14:57:39 vm7 sshd[2112]: session opened for local user sky from [172.17.1.6] [postauth] Dec 4 14:57:39 vm7 sshd[2112]: opendir "/" [postauth] Dec 4 14:57:41 vm7 sshd[2112]: closedir "/" [postauth] Dec 4 14:57:43 vm7 sshd[2112]: opendir "/sftp_sky" [postauth] Dec 4 14:57:44 vm7 sshd[2112]: closedir "/sftp_sky" [postauth] Dec 4 14:58:33 vm7 sshd[2112]: remove name "/sftp_sky/\\346\\227\\245\\345\\277\\227.xlsx" [postauth] Dec 4 14:58:33 vm7 sshd[2112]: opendir "/sftp_sky" [postauth] Dec 4 14:58:34 vm7 sshd[2112]: closedir "/sftp_sky" [postauth] Dec 4 14:58:57 vm7 sshd[2112]: open "/sftp_sky/centos7.rtf" flags WRITE,CREATE,TRUNCATE mode 0666 [postauth] Dec 4 14:58:57 vm7 sshd[2112]: close "/sftp_sky/centos7.rtf" bytes read 0 written 7 [postauth] Dec 4 14:58:57 vm7 sshd[2112]: set "/sftp_sky/centos7.rtf" modtime 20181104-16:58:45 [postauth] Dec 4 14:58:57 vm7 sshd[2112]: opendir "/sftp_sky" [postauth] Dec 4 14:58:58 vm7 sshd[2112]: closedir "/sftp_sky" [postauth] Dec 4 14:59:04 vm7 sshd[2112]: open "/centos7.rtf" flags WRITE,CREATE,TRUNCATE mode 0666 [postauth] Dec 4 14:59:04 vm7 sshd[2112]: sent status Permission denied [postauth] Dec 4 14:59:04 vm7 sshd[2112]: sent status No such file [postauth] Dec 4 14:59:07 vm7 sshd[2112]: opendir "/" [postauth] Dec 4 14:59:08 vm7 sshd[2112]: closedir "/" [postauth] Dec 4 14:59:14 vm7 sshd[2112]: open "/sftp_sky/\\346\\227\\245\\345\\277\\227.xlsx" flags WRITE,CREATE,TRUNCATE mode 0666 [postauth] Dec 4 14:59:14 vm7 sshd[2112]: close "/sftp_sky/\\346\\227\\245\\345\\277\\227.xlsx" bytes read 0 written 11597 [postauth] Dec 4 14:59:14 vm7 sshd[2112]: set "/sftp_sky/\\346\\227\\245\\345\\277\\227.xlsx" modtime 20181014-09:16:57 [postauth] Dec 4 14:59:14 vm7 sshd[2112]: opendir "/sftp_sky" [postauth] Dec 4 14:59:15 vm7 sshd[2112]: closedir "/sftp_sky" [postauth]