USB 폴더의 Ubuntu sftp chroot 감옥

USB 폴더의 Ubuntu sftp chroot 감옥

우분투의 USB에 저장된 폴더에 sftp chroot Jail을 구성하는 데 문제가 있습니다. fstabpath 를 통해 자동으로 마운트된 Toshiba 4TB 외장 하드 드라이브가 있습니다 /sftp.

UUID={UUID} /sftp ext4 auto,defaults,nofail,rw 0 0

SFTP 감옥을 구성하는 데 필요한 모든 단계를 따랐습니다.

sudo groupadd sftponly

sudo useradd -g sftponly -s /bin/false -m -d /sftp/backupsftp backupsftp

sudo passwd backupsftp

sudo chown root: /sftp/backupsftp

sudo chmod 755 /sftp/backupsftp

sudo mkdir /sftp/backupsftp/backup

sudo chmod 755 /sftp/backupsftp/backup

sudo chown backupsftp:sftponly /sftp/backupsftp/backup

/etc/ssh/sshd_config그런 다음 파일 맨 아래에 추가하십시오.

Match Group sftponly
  ChrootDirectory %h
  ForceCommand internal-sftp
  AllowTcpForwarding no
  X11Forwarding no
Match all

다음 값을 설정합니다(항상 /etc/ssh/sshd_config파일에 있음).

Subsystem sftp internal-sftp
Port 22
AddressFamily inet
ListenAddress 0.0.0.0
PermitRootLogin no
StrictModes yes

마지막으로 서비스를 다시 시작했습니다.

sudo systemctl restart ssh
sudo systemctl restart sshd

WinScp에 연결하려고 하면 다음 오류가 발생합니다. 스크린샷 오류

Linux syslogs:

Jun 24 14:46:53 bbserver systemd[1]: Created slice User Slice of backupsftp.
Jun 24 14:46:53 bbserver systemd[1]: Starting User Manager for UID 1005...
Jun 24 14:46:53 bbserver systemd[1]: Started Session 1350 of user backupsftp.
Jun 24 14:46:53 bbserver systemd[13303]: gpgconf: running /usr/bin/gpg-agent failed (exitcode=2): General error
Jun 24 14:46:53 bbserver systemd[13303]: gpgconf: fatal error (exit status 1)
Jun 24 14:46:53 bbserver systemd[13303]: Reached target Timers.
Jun 24 14:46:53 bbserver systemd[13303]: Listening on GnuPG network certificate management daemon.
Jun 24 14:46:53 bbserver systemd[13303]: Listening on GnuPG cryptographic agent and passphrase cache (access for web browsers).
Jun 24 14:46:53 bbserver systemd[13303]: Listening on REST API socket for snapd user session agent.
Jun 24 14:46:53 bbserver systemd[13303]: Listening on GnuPG cryptographic agent and passphrase cache (restricted).
Jun 24 14:46:53 bbserver systemd[13303]: Listening on GnuPG cryptographic agent (ssh-agent emulation).
Jun 24 14:46:53 bbserver systemd[13303]: Listening on GnuPG cryptographic agent and passphrase cache.
Jun 24 14:46:53 bbserver systemd[13303]: Reached target Sockets.
Jun 24 14:46:53 bbserver systemd[13303]: Reached target Paths.
Jun 24 14:46:53 bbserver systemd[13303]: Reached target Basic System.
Jun 24 14:46:53 bbserver systemd[13303]: Reached target Default.
Jun 24 14:46:53 bbserver systemd[13303]: Startup finished in 42ms.
Jun 24 14:46:53 bbserver systemd[1]: Started User Manager for UID 1005.
Jun 24 14:46:54 bbserver systemd[1]: Stopping User Manager for UID 1005...
Jun 24 14:46:54 bbserver systemd[13303]: Stopped target Default.
Jun 24 14:46:54 bbserver systemd[13303]: Stopped target Basic System.
Jun 24 14:46:54 bbserver systemd[13303]: Stopped target Timers.
Jun 24 14:46:54 bbserver systemd[13303]: Stopped target Sockets.
Jun 24 14:46:54 bbserver systemd[13303]: Closed GnuPG cryptographic agent (ssh-agent emulation).
Jun 24 14:46:54 bbserver systemd[13303]: Closed GnuPG cryptographic agent and passphrase cache.
Jun 24 14:46:54 bbserver systemd[13303]: Closed REST API socket for snapd user session agent.
Jun 24 14:46:54 bbserver systemd[13303]: Closed GnuPG network certificate management daemon.
Jun 24 14:46:54 bbserver systemd[13303]: Closed GnuPG cryptographic agent and passphrase cache (access for web browsers).
Jun 24 14:46:54 bbserver systemd[13303]: Closed GnuPG cryptographic agent and passphrase cache (restricted).
Jun 24 14:46:54 bbserver systemd[13303]: Stopped target Paths.
Jun 24 14:46:54 bbserver systemd[13303]: Reached target Shutdown.
Jun 24 14:46:54 bbserver systemd[13303]: Starting Exit the Session...
Jun 24 14:46:54 bbserver systemd[13303]: Received SIGRTMIN+24 from PID 13381 (kill).
Jun 24 14:46:54 bbserver systemd[1]: Stopped User Manager for UID 1005.
Jun 24 14:46:54 bbserver systemd[1]: Removed slice User Slice of backupsftp.

모든 것잘 작동만약에메인 디렉토리생성된 사용자는 USB가 아닌 메인 디스크에 상주합니다.

고쳐 쓰다:

/sftp폴더 권한:

drwxrwxr-x 4 root root 4096 Jun 30 14:15 sftp/

sshd logs:

Jun 30 14:25:24 bbserver sshd[2429]: Accepted password for backupsftp from 192.168.0.62 port 65380 ssh2
Jun 30 14:25:24 bbserver sshd[2429]: pam_unix(sshd:session): session opened for user backupsftp by (uid=0)
Jun 30 14:25:24 bbserver systemd-logind[1106]: New session 76758 of user backupsftp.
Jun 30 14:25:24 bbserver systemd: pam_unix(systemd-user:session): session opened for user backupsftp by (uid=0)
Jun 30 14:25:25 bbserver sshd[2559]: fatal: bad ownership or modes for chroot directory component "/sftp/"
Jun 30 14:25:25 bbserver sshd[2429]: pam_unix(sshd:session): session closed for user backupsftp
Jun 30 14:25:25 bbserver systemd-logind[1106]: Removed session 76758.

관련 정보