USBフォルダのUbuntu sftp chroot刑務所

USBフォルダのUbuntu sftp chroot刑務所

UbuntuのUSBに保存されているフォルダにsftp chroot Jailを設定するのに問題があります。fstabpathを介して自動的にマウントされた東芝4TB外付けハードドライブがあります/sftp

UUID={UUID} /sftp ext4 auto,defaults,nofail,rw 0 0

SFTP刑務所を構成するために必要なすべての手順に従いました。

sudo groupadd sftponly

sudo useradd -g sftponly -s /bin/false -m -d /sftp/backupsftp backupsftp

sudo passwd backupsftp

sudo chown root: /sftp/backupsftp

sudo chmod 755 /sftp/backupsftp

sudo mkdir /sftp/backupsftp/backup

sudo chmod 755 /sftp/backupsftp/backup

sudo chown backupsftp:sftponly /sftp/backupsftp/backup

/etc/ssh/sshd_config次に、ファイルの一番下に追加します。

Match Group sftponly
  ChrootDirectory %h
  ForceCommand internal-sftp
  AllowTcpForwarding no
  X11Forwarding no
Match all

次の値を設定します(常に/etc/ssh/sshd_configファイルにあります)。

Subsystem sftp internal-sftp
Port 22
AddressFamily inet
ListenAddress 0.0.0.0
PermitRootLogin no
StrictModes yes

最後にサービスを再起動しました。

sudo systemctl restart ssh
sudo systemctl restart sshd

WinScpに接続しようとすると、次のエラーが発生します。 スクリーンショットエラー

Linux syslogs:

Jun 24 14:46:53 bbserver systemd[1]: Created slice User Slice of backupsftp.
Jun 24 14:46:53 bbserver systemd[1]: Starting User Manager for UID 1005...
Jun 24 14:46:53 bbserver systemd[1]: Started Session 1350 of user backupsftp.
Jun 24 14:46:53 bbserver systemd[13303]: gpgconf: running /usr/bin/gpg-agent failed (exitcode=2): General error
Jun 24 14:46:53 bbserver systemd[13303]: gpgconf: fatal error (exit status 1)
Jun 24 14:46:53 bbserver systemd[13303]: Reached target Timers.
Jun 24 14:46:53 bbserver systemd[13303]: Listening on GnuPG network certificate management daemon.
Jun 24 14:46:53 bbserver systemd[13303]: Listening on GnuPG cryptographic agent and passphrase cache (access for web browsers).
Jun 24 14:46:53 bbserver systemd[13303]: Listening on REST API socket for snapd user session agent.
Jun 24 14:46:53 bbserver systemd[13303]: Listening on GnuPG cryptographic agent and passphrase cache (restricted).
Jun 24 14:46:53 bbserver systemd[13303]: Listening on GnuPG cryptographic agent (ssh-agent emulation).
Jun 24 14:46:53 bbserver systemd[13303]: Listening on GnuPG cryptographic agent and passphrase cache.
Jun 24 14:46:53 bbserver systemd[13303]: Reached target Sockets.
Jun 24 14:46:53 bbserver systemd[13303]: Reached target Paths.
Jun 24 14:46:53 bbserver systemd[13303]: Reached target Basic System.
Jun 24 14:46:53 bbserver systemd[13303]: Reached target Default.
Jun 24 14:46:53 bbserver systemd[13303]: Startup finished in 42ms.
Jun 24 14:46:53 bbserver systemd[1]: Started User Manager for UID 1005.
Jun 24 14:46:54 bbserver systemd[1]: Stopping User Manager for UID 1005...
Jun 24 14:46:54 bbserver systemd[13303]: Stopped target Default.
Jun 24 14:46:54 bbserver systemd[13303]: Stopped target Basic System.
Jun 24 14:46:54 bbserver systemd[13303]: Stopped target Timers.
Jun 24 14:46:54 bbserver systemd[13303]: Stopped target Sockets.
Jun 24 14:46:54 bbserver systemd[13303]: Closed GnuPG cryptographic agent (ssh-agent emulation).
Jun 24 14:46:54 bbserver systemd[13303]: Closed GnuPG cryptographic agent and passphrase cache.
Jun 24 14:46:54 bbserver systemd[13303]: Closed REST API socket for snapd user session agent.
Jun 24 14:46:54 bbserver systemd[13303]: Closed GnuPG network certificate management daemon.
Jun 24 14:46:54 bbserver systemd[13303]: Closed GnuPG cryptographic agent and passphrase cache (access for web browsers).
Jun 24 14:46:54 bbserver systemd[13303]: Closed GnuPG cryptographic agent and passphrase cache (restricted).
Jun 24 14:46:54 bbserver systemd[13303]: Stopped target Paths.
Jun 24 14:46:54 bbserver systemd[13303]: Reached target Shutdown.
Jun 24 14:46:54 bbserver systemd[13303]: Starting Exit the Session...
Jun 24 14:46:54 bbserver systemd[13303]: Received SIGRTMIN+24 from PID 13381 (kill).
Jun 24 14:46:54 bbserver systemd[1]: Stopped User Manager for UID 1005.
Jun 24 14:46:54 bbserver systemd[1]: Removed slice User Slice of backupsftp.

すべてうまくいくもしメインディレクトリ作成されたユーザーは、USBではなくメインディスクに常駐します。

修正する:

/sftpフォルダ権限:

drwxrwxr-x 4 root root 4096 Jun 30 14:15 sftp/

sshd logs:

Jun 30 14:25:24 bbserver sshd[2429]: Accepted password for backupsftp from 192.168.0.62 port 65380 ssh2
Jun 30 14:25:24 bbserver sshd[2429]: pam_unix(sshd:session): session opened for user backupsftp by (uid=0)
Jun 30 14:25:24 bbserver systemd-logind[1106]: New session 76758 of user backupsftp.
Jun 30 14:25:24 bbserver systemd: pam_unix(systemd-user:session): session opened for user backupsftp by (uid=0)
Jun 30 14:25:25 bbserver sshd[2559]: fatal: bad ownership or modes for chroot directory component "/sftp/"
Jun 30 14:25:25 bbserver sshd[2429]: pam_unix(sshd:session): session closed for user backupsftp
Jun 30 14:25:25 bbserver systemd-logind[1106]: Removed session 76758.

関連情報