추적 wget dnsever cloudflare tar lsb

차이

문서의 선택한 두 판 사이의 차이를 보여줍니다.

차이 보기로 링크

양쪽 이전 판이전 판
다음 판		이전 판
tech:ssh_sftp_jail [2013/04/30 01:03] V_Ltech:ssh_sftp_jail [2016/12/22 09:03] (현재) – [711퍼미션] V_L
줄 1: 줄 1:
 +{{tag>ssh sftp jail chroot server}}
 +======Ssh Sftp Jail======
 +
 + 
 + 
 +
 +
 +=====711퍼미션=====
 +
 + 퍼미션을 711로 변경하여
 +루트만 접근이 가능하도록 해준다.
 +
 + 
 +<file>
 +sudo chmod 711 /
 +sudo chmod 711 /bin
 +sudo chmod 711 /boot
 +sudo chmod 711 /dev
 +sudo chmod 711 /etc
 +sudo chmod 711 /home
 +sudo chmod 711 /mnt
 +sudo chmod 711 /opt
 +#sudo chmod 711 /proc
 +sudo chmod 711 /usr
 +sudo chmod 711 /usr/local
 +sudo chmod 711 /var
 +</file>
 +
 +=====chroot=====
 +
 +버전확인
 +  ssh -ver
 +  OpenSSH_5.9p1 Debian-5ubuntu1.1, OpenSSL 1.0.1 14 Mar 2012
 +
 +  
 +문제점은 이렇게 설정한 유저는 ssh 에 접속이 안된다.
 +
 +==== 방법====
 +Release:
 +RedHat Enterprise Linux
 +Openssh 5.6P1
 +
 +Problem:
 +Configure the sftp-server on a per-user-basis (restrict users to their individual home directory) using chroot() jail in RedHat Enterprise Linux
 +
 +Solution:
 +
 +  - Install the OpenSSH latest version that must support the chroot() function
 +  -  Configure Openssh to use its internal sftp subsystem by editing the sshd_config file
 +
 +   nano /etc/ssh/sshd_config
 +
 +Replace
 +  Subsystem sftp /usr/local/libexec/sftp-server
 +by
 +  Subsystem sftp internal-sftp
 +
 +  -  Now configure the chroot() by using match rule, add the below entries in the end of the sshd_config file
 +
 +  nano /etc/ssh/sshd_config
 +
 +  Match group sftponly
 +  ChrootDirectory /home/%u
 +  X11Forwarding no
 +  AllowTcpForwarding no
 +  ForceCommand internal-sftp
 +
 +Note: Here %u represents username, that means all the users in the sftponly group home directories are chrooted. Also chroot directory must be owned by root.
 +
 +4)      Add one new group named as sftponly
 +
 +   groupadd sftponly
 +
 +5)      Create a new user to use retricted sftp. First create a user's home directory after that add the user
 +
 +   mkdir /home/test
 +   useradd -g sftponly test
 +   usermod -d / test
 +
 +Note: In here, create a home directory as a root user, while adding the user one warning comes like this, "useradd: warning: the home directory already exists"
 +
 +6)      Now test the configuration from client side
 +
 +[root@server Desktop]   sftp [email protected]
 +Connecting to 192.168.1.7...
 +[email protected]'s password:
 +sftp> ls
 +IN
 +sftp> cd IN
 +sftp> ls
 +sftp> mput 1.png
 +Uploading 1.png to /IN/1.png
 +1.png 100% 90KB 90.4KB/s 00:00
 +sftp> ls
 +1.png
 +sftp> bye
 +
 +7)      Test the SFTP-Server function from the windows client use the “WinSCP” or “Filezilla”  
 +
 +
 +  * [[http://studyforus.tistory.com/243|SFTP 퍼미션 조정 및 Chroot 설정으로
 +상위폴더 접근 제한하기]]
 +  * [[http://linuxnextgen.blogspot.kr/2010/12/configure-sftp-server-using-chroot-jail.html|sftp-server-using-chroot-jail]]
 +  * [[http://quickhowto.blogspot.kr/2013/03/setup-chroot-jail-for-ssh-sftp-in-ubuntu.html|]]
 +  * [[http://rc.quest.com/man.php?id=sshd_config(5)|sshd_config 설명(영문)]]
 +
 +
 +^  누구나 수정하실 수 있습니다. [[http://vaslor.net/syntax|위키 사용법]] 참고하세요.  ^
 +
 +