UbuntuのUSBに保存されているフォルダにsftp chroot Jailを設定するのに問題があります。fstab
pathを介して自動的にマウントされた東芝4TB外付けハードドライブがあります/sftp
。
UUID={UUID} /sftp ext4 auto,defaults,nofail,rw 0 0
SFTP刑務所を構成するために必要なすべての手順に従いました。
sudo groupadd sftponly
sudo useradd -g sftponly -s /bin/false -m -d /sftp/backupsftp backupsftp
sudo passwd backupsftp
sudo chown root: /sftp/backupsftp
sudo chmod 755 /sftp/backupsftp
sudo mkdir /sftp/backupsftp/backup
sudo chmod 755 /sftp/backupsftp/backup
sudo chown backupsftp:sftponly /sftp/backupsftp/backup
/etc/ssh/sshd_config
次に、ファイルの一番下に追加します。
Match Group sftponly
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no
Match all
次の値を設定します(常に/etc/ssh/sshd_config
ファイルにあります)。
Subsystem sftp internal-sftp
Port 22
AddressFamily inet
ListenAddress 0.0.0.0
PermitRootLogin no
StrictModes yes
最後にサービスを再起動しました。
sudo systemctl restart ssh
sudo systemctl restart sshd
WinScpに接続しようとすると、次のエラーが発生します。
Linux syslogs
:
Jun 24 14:46:53 bbserver systemd[1]: Created slice User Slice of backupsftp.
Jun 24 14:46:53 bbserver systemd[1]: Starting User Manager for UID 1005...
Jun 24 14:46:53 bbserver systemd[1]: Started Session 1350 of user backupsftp.
Jun 24 14:46:53 bbserver systemd[13303]: gpgconf: running /usr/bin/gpg-agent failed (exitcode=2): General error
Jun 24 14:46:53 bbserver systemd[13303]: gpgconf: fatal error (exit status 1)
Jun 24 14:46:53 bbserver systemd[13303]: Reached target Timers.
Jun 24 14:46:53 bbserver systemd[13303]: Listening on GnuPG network certificate management daemon.
Jun 24 14:46:53 bbserver systemd[13303]: Listening on GnuPG cryptographic agent and passphrase cache (access for web browsers).
Jun 24 14:46:53 bbserver systemd[13303]: Listening on REST API socket for snapd user session agent.
Jun 24 14:46:53 bbserver systemd[13303]: Listening on GnuPG cryptographic agent and passphrase cache (restricted).
Jun 24 14:46:53 bbserver systemd[13303]: Listening on GnuPG cryptographic agent (ssh-agent emulation).
Jun 24 14:46:53 bbserver systemd[13303]: Listening on GnuPG cryptographic agent and passphrase cache.
Jun 24 14:46:53 bbserver systemd[13303]: Reached target Sockets.
Jun 24 14:46:53 bbserver systemd[13303]: Reached target Paths.
Jun 24 14:46:53 bbserver systemd[13303]: Reached target Basic System.
Jun 24 14:46:53 bbserver systemd[13303]: Reached target Default.
Jun 24 14:46:53 bbserver systemd[13303]: Startup finished in 42ms.
Jun 24 14:46:53 bbserver systemd[1]: Started User Manager for UID 1005.
Jun 24 14:46:54 bbserver systemd[1]: Stopping User Manager for UID 1005...
Jun 24 14:46:54 bbserver systemd[13303]: Stopped target Default.
Jun 24 14:46:54 bbserver systemd[13303]: Stopped target Basic System.
Jun 24 14:46:54 bbserver systemd[13303]: Stopped target Timers.
Jun 24 14:46:54 bbserver systemd[13303]: Stopped target Sockets.
Jun 24 14:46:54 bbserver systemd[13303]: Closed GnuPG cryptographic agent (ssh-agent emulation).
Jun 24 14:46:54 bbserver systemd[13303]: Closed GnuPG cryptographic agent and passphrase cache.
Jun 24 14:46:54 bbserver systemd[13303]: Closed REST API socket for snapd user session agent.
Jun 24 14:46:54 bbserver systemd[13303]: Closed GnuPG network certificate management daemon.
Jun 24 14:46:54 bbserver systemd[13303]: Closed GnuPG cryptographic agent and passphrase cache (access for web browsers).
Jun 24 14:46:54 bbserver systemd[13303]: Closed GnuPG cryptographic agent and passphrase cache (restricted).
Jun 24 14:46:54 bbserver systemd[13303]: Stopped target Paths.
Jun 24 14:46:54 bbserver systemd[13303]: Reached target Shutdown.
Jun 24 14:46:54 bbserver systemd[13303]: Starting Exit the Session...
Jun 24 14:46:54 bbserver systemd[13303]: Received SIGRTMIN+24 from PID 13381 (kill).
Jun 24 14:46:54 bbserver systemd[1]: Stopped User Manager for UID 1005.
Jun 24 14:46:54 bbserver systemd[1]: Removed slice User Slice of backupsftp.
すべてうまくいくもしメインディレクトリ作成されたユーザーは、USBではなくメインディスクに常駐します。
修正する:
/sftp
フォルダ権限:
drwxrwxr-x 4 root root 4096 Jun 30 14:15 sftp/
sshd logs:
Jun 30 14:25:24 bbserver sshd[2429]: Accepted password for backupsftp from 192.168.0.62 port 65380 ssh2
Jun 30 14:25:24 bbserver sshd[2429]: pam_unix(sshd:session): session opened for user backupsftp by (uid=0)
Jun 30 14:25:24 bbserver systemd-logind[1106]: New session 76758 of user backupsftp.
Jun 30 14:25:24 bbserver systemd: pam_unix(systemd-user:session): session opened for user backupsftp by (uid=0)
Jun 30 14:25:25 bbserver sshd[2559]: fatal: bad ownership or modes for chroot directory component "/sftp/"
Jun 30 14:25:25 bbserver sshd[2429]: pam_unix(sshd:session): session closed for user backupsftp
Jun 30 14:25:25 bbserver systemd-logind[1106]: Removed session 76758.