linux – sftp chroot目录下的公钥授权

前端之家收集整理的这篇文章主要介绍了linux – sftp chroot目录下的公钥授权前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我想将公钥授权添加到我的sftp chroot目录,但我总是得到:
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/test/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet,wait for reply
debug1: Authentications that can continue: publickey
debug2: we did not send a packet,disable method
debug1: No more authentication methods to try.
Permission denied (publickey).
Couldn't read packet: Connection reset by peer

Chroot有效,因为可以使用密码进行授权.
我在没有chroot的主机上有其他帐户,它可以使用此密钥.
我尝试了很多次,但它仍然不起作用.

在auth.log中的服务器上只有:
连接由xxx关闭[preauth]

这是我的目录:

ls -laR /sftp/
/sftp/:
total 12
drwxr-xr-x  3 root root 4096 May  3 16:55 .
drwxr-xr-x 23 root root 4096 May  3 14:46 ..
drwxr-xr-x  3 root root 4096 May  3 16:45 backup

/sftp/backup:
total 12
drwxr-xr-x 3 root     root      4096 May  3 16:45 .
drwxr-xr-x 3 root     root      4096 May  3 16:55 ..
drwxr-xr-x 3 backup sftpusers 4096 May  3 16:55 incoming

/sftp/backup/incoming:
total 12
drwxr-xr-x 3 backup sftpusers 4096 May  3 16:55 .
drwxr-xr-x 3 root     root      4096 May  3 16:45 ..
drwx------ 2 backup sftpusers 4096 May  3 21:06 .ssh

/sftp/backup/incoming/.ssh:
total 12
drwx------ 2 backup sftpusers 4096 May  3 21:06 .
drwxr-xr-x 3 backup sftpusers 4096 May  3 16:55 ..
-rw------- 1 backup sftpusers  391 May  3 21:06 authorized_keys

我的用户

backup:x:1002:1003::/incoming:/usr/sbin/nologin

我的ssh配置:

Match Group sftpusers
  ChrootDirectory /sftp/%u
  AuthorizedKeysFile  /sftp/backup/incoming/.ssh/authorized_keys
  ForceCommand internal-sftp
  AllowTcpForwarding no
  X11Forwarding no

请帮忙.

解决方法

我尝试了这个解决方案(将AuthorizedKeysFile放入Match块)和sshd -T抱怨:
/etc/ssh/sshd_config line 153: Directive 'AuthorizedKeysFile' is not allowed within a Match block

(RHEL 6.6,openssh 5.3p1-104)

SOLUTION:authorized_keys文件(和用户的.ssh目录)必须存在于/ etc / passwd定义的主目录位置,在chroot目录之外.

例如(使用OP用户名/ uids):
/ etc / passwd中:

backup:x:1002:1003::/home/backup:/sbin/nologin

创建由root拥有的目录/ home / backup
创建目录/home/backup/.ssh,将所有权更改为备份,chmod 700 /home/backup/.ssh
将authorized_keys文件复制到/home/backup/.ssh,chmod 400 authorized_keys

ls -laR /home

/home:
total 12
drwxr-xr-x 3 root     root      4096 Jul  9 12:25 .
drwxr-xr-x 3 root     root      4096 Sep 22 2014  ..
drwxr-xr-x 3 root     root      4096 Jul  9 12:25 backup

/home/backup:
total 12
drwxr-xr-x 3 root     root      4096 Jul  9 12:25 .
drwxr-xr-x 3 root     root      4096 Jul  9 12:25 ..
drwx------ 3 backup   sftpusers 4096 Jul  9 12:28 .ssh

/home/backup/.ssh:
total 12
drwx------ 3 backup   sftpusers 4096 Jul  9 12:28 .
drwxr-xr-x 3 root     root      4096 Jul  9 12:25 ..
-r-------- 3 backup   sftpusers 391  Jul  9 12:29 authorized_keys

/ etc / ssh / sshd_config变为:

Match Group sftpusers
  ChrootDirectory /sftp/%u
  ForceCommand internal-sftp
  AllowTcpForwarding no
  X11Forwarding no

chroot目录结构是:

ls -laR /sftp/
/sftp/:
total 12
drwxr-xr-x  3 root root 4096 May  3 16:55 .
drwxr-xr-x 23 root root 4096 May  3 14:46 ..
drwxr-xr-x  3 root root 4096 May  3 16:45 backup

/sftp/backup:
total 12
drwxr-xr-x 3 root     root      4096 May  3 16:45 .
drwxr-xr-x 3 root     root      4096 May  3 16:55 ..
drwxr-xr-x 3 backup   sftpusers 4096 May  3 16:55 incoming
drwxr-xr-x 3 root     root      4096 May  3 16:55 home

/sftp/backup/incoming:
total 12
drwxr-xr-x 3 backup sftpusers 4096 May  3 16:55 .
drwxr-xr-x 3 root     root      4096 May  3 16:45 ..

/sftp/backup/home:
total 12
drwxr-xr-x 3 root     root      4096 May  3 16:55 .
drwxr-xr-x 3 root     root      4096 May  3 16:45 ..
drwx------ 2 backup   sftpusers 4096 May  3 21:06 backup

/sftp/backup/home/backup:
total 12
drwx------ 3 backup   sftpusers 4096 May  3 21:06 .
drwxr-xr-x 3 root     root      4096 May  3 16:55 ..

注意:/ sftp / backup / home / backup是空的,它只提供一个看起来像非chroot / home / backup的路径 – .ssh目录是/home/backup/.ssh not / sftp /备份/家庭/备份/的.ssh

猜你在找的Linux相关文章