Ssh Sftp Jail - 기술

문서의 이전 판을 선택했습니다! 저장하면 이 자료로 새 판을 만듭니다.

{{tag>ssh sftp jail chroot server}}
======Ssh Sftp Jail======
=====711퍼미션=====

퍼미션을 711로 변경했으면 하는 추천 목록입니다.

<file>
chmod 711 /
chmod 711 /bin
chmod 711 /boot
chmod 711 /dev
chmod 711 /etc
chmod 711 /home
chmod 711 /mnt
chmod 711 /opt
chmod 711 /proc
chmod 711 /usr
chmod 711 /usr/local
chmod 711 /var
</file>

=====chroot=====

버전확인
  ssh -ver
  OpenSSH_5.9p1 Debian-5ubuntu1.1, OpenSSL 1.0.1 14 Mar 2012

==== 방법====
Release:
RedHat Enterprise Linux
Openssh 5.6P1

Problem:
Configure the sftp-server on a per-user-basis (restrict users to their individual home directory) using chroot() jail in RedHat Enterprise Linux

Solution:

- Install the OpenSSH latest version that must support the chroot() function
  -  Configure Openssh to use its internal sftp subsystem by editing the sshd_config file

nano /etc/ssh/sshd_config

Replace
  Subsystem sftp /usr/local/libexec/sftp-server
by
  Subsystem sftp internal-sftp

-  Now configure the chroot() by using match rule, add the below entries in the end of the sshd_config file

nano /etc/ssh/sshd_config

Match group sftponly
  ChrootDirectory /home/%u
  X11Forwarding no
  AllowTcpForwarding no
  ForceCommand internal-sftp

Note: Here %u represents username, that means all the users in the sftponly group home directories are chrooted. Also chroot directory must be owned by root.

4)      Add one new group named as sftponly

groupadd sftponly

5)      Create a new user to use retricted sftp. First create a user's home directory after that add the user

mkdir /home/test
   useradd -g sftponly test
   usermod -d / test

Note: In here, create a home directory as a root user, while adding the user one warning comes like this, "useradd: warning: the home directory already exists"

6)      Now test the configuration from client side

[root@server Desktop]   sftp test@192.168.1.7
Connecting to 192.168.1.7...
test@192.168.1.7's password:
sftp> ls
IN
sftp> cd IN
sftp> ls
sftp> mput 1.png
Uploading 1.png to /IN/1.png
1.png 100% 90KB 90.4KB/s 00:00
sftp> ls
1.png
sftp> bye

7)      Test the SFTP-Server function from the windows client use the “WinSCP” or “Filezilla”

* [[http://linuxnextgen.blogspot.kr/2010/12/configure-sftp-server-using-chroot-jail.html|sftp-server-using-chroot-jail]]
  * [[http://quickhowto.blogspot.kr/2013/03/setup-chroot-jail-for-ssh-sftp-in-ubuntu.html|]]
  * [[http://rc.quest.com/man.php?id=sshd_config(5)|sshd_config 설명(영문)]]

^  누구나 수정하실 수 있습니다. [[http://vaslor.net/syntax|위키 사용법]] 참고하세요.  ^

2+1? 이 필드는 비어 있도록 유지하세요:

편집 요약

참고: 이 문서를 편집하면 내용은 다음 라이선스에 따라 배포하는 데 동의하는 것으로 간주합니다: CC Attribution-Noncommercial-Share Alike 4.0 International