sftp 限制用户登陆指定目录(家目录)

本文源地址http://blog.chinaunix.net/uid-42741-id-3069880.html

即限制 sftp 用户登陆后,只能在家目录下活动,不能到其他或上级目录

该功能需要4.8以上版本

[[email protected] ~]# ssh -V

OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb2013

 

以下操作都是在root

[[email protected] ~]# cp/etc/ssh/sshd_config{,.old}

[[email protected] ~]# vim /etc/ssh/sshd_config

……

#Subsystem      sftp   /usr/libexec/openssh/sftp-server  <===注释这一行

增加下面4

Subsystem sftp internal-sftp

Match Group chroot

ChrootDirectory /chroot/%u

ForceCommand internal-sftp

 sftp 限制用户登陆指定目录(家目录)

[[email protected] ~]# cd /

[[email protected] /]# mkdir chroot

[[email protected] /]# groupadd chroot

[[email protected] /]# useradd -d /chroot/work -gchroot -s /bin/false work

[[email protected] /]# echo 123456|passwd --stdinwork

更改用户 work 的密码

passwd所有的身份验证令牌已经成功更新。

[[email protected] /]# chown root /chroot/work

[[email protected] /]# chmod 750 /chroot/work

[[email protected] /]# ll /chroot/work -d

drwxr-x--- 2 root chroot 4096 5   8 22:50 /chroot/work

[[email protected] /]# /etc/init.d/sshd restart

停止 sshd                                               [确定]

正在启动 sshd                                            [确定]


以上都是在服务端

下面是客户端测试

[[email protected] ~]# sftp [email protected]

Connecting to 172.16.1.41...

[email protected]'s password:

sftp> ls

123 

sftp> cd /tmp

Couldn't canonicalise: No such file ordirectory

sftp> get /etc/hosts

Couldn't stat remote file: No such file ordirectory

File "/etc/hosts" not found.

sftp> lls

anaconda-ks.cfg  install.log install.log.syslog

sftp> put /etc/hosts

Uploading /etc/hosts to /hosts

Couldn't get handle: Permission denied

sftp>

sftp 限制用户登陆指定目录(家目录)