퍼미션을 711로 변경하여 루트만 접근이 가능하도록 해준다.

sudo chmod 711 /
sudo chmod 711 /bin
sudo chmod 711 /boot
sudo chmod 711 /dev
sudo chmod 711 /etc
sudo chmod 711 /home
sudo chmod 711 /mnt
sudo chmod 711 /opt
#sudo chmod 711 /proc
sudo chmod 711 /usr
sudo chmod 711 /usr/local
sudo chmod 711 /var

버전확인

ssh -ver
OpenSSH_5.9p1 Debian-5ubuntu1.1, OpenSSL 1.0.1 14 Mar 2012

문제점은 이렇게 설정한 유저는 ssh 에 접속이 안된다.

Release: RedHat Enterprise Linux Openssh 5.6P1

Problem: Configure the sftp-server on a per-user-basis (restrict users to their individual home directory) using chroot() jail in RedHat Enterprise Linux

Solution:

1. Install the OpenSSH latest version that must support the chroot() function
2. Configure Openssh to use its internal sftp subsystem by editing the sshd_config file

 nano /etc/ssh/sshd_config

Replace

Subsystem sftp /usr/local/libexec/sftp-server

by

Subsystem sftp internal-sftp

1. Now configure the chroot() by using match rule, add the below entries in the end of the sshd_config file

nano /etc/ssh/sshd_config

Match group sftponly
ChrootDirectory /home/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

Note: Here %u represents username, that means all the users in the sftponly group home directories are chrooted. Also chroot directory must be owned by root.

4) Add one new group named as sftponly

 groupadd sftponly

5) Create a new user to use retricted sftp. First create a user's home directory after that add the user

 mkdir /home/test
 useradd -g sftponly test
 usermod -d / test

Note: In here, create a home directory as a root user, while adding the user one warning comes like this, "useradd: warning: the home directory already exists"

6) Now test the configuration from client side

[root@server Desktop] sftp [email protected] Connecting to 192.168.1.7… [email protected]'s password: sftp> ls IN sftp> cd IN sftp> ls sftp> mput 1.png Uploading 1.png to /IN/1.png 1.png 100% 90KB 90.4KB/s 00:00 sftp> ls 1.png sftp> bye

7) Test the SFTP-Server function from the windows client use the “WinSCP” or “Filezilla”

• SFTP 퍼미션 조정 및 Chroot 설정으로 상위폴더 접근 제한하기
• sftp-server-using-chroot-jail
• http://quickhowto.blogspot.kr/2013/03/setup-chroot-jail-for-ssh-sftp-in-ubuntu.html
• sshd_config 설명(영문)