Hunter的大杂烩 技术学习笔记

2017-11-27

centos 6.5下开启openssh chroot

Filed under: 技术话题 — hunter @ 3:02 pm

给selinux搞死了,忙了一个下午

1. /etc/ssh/sshd_config
StrictModes no

PubkeyAuthentication yes
AuthorizedKeysFile      .ssh/authorized_keys
PasswordAuthentication no
#ChallengeResponseAuthentication

Match User backup
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no
ChrootDirectory /data/backup/

2. restorecon -r -vv /data/
3. chcon -R –type=ssh_home_t /data/backup/.ssh
4. chcon –type=chroot_user_t /data/backup
5. chown root:root /data/backup
6. chmod 755 /data/backup
7. chmod 755 -R /data/backup/.ssh
8. mkdir -p /data/backup/data/backup
mkdir -p /data/backup/upload
9. chown backup:backup -R /data/backup/upload
chown backup:backup -R /data/backup/data
10. chcon –type=chroot_user_t -R /data/backup/data
chcon –type=chroot_user_t -R /data/backup/upload

参考网址:

1.解决authorized_keys’: Permission denied

http://www.jianshu.com/p/35feb4ff79c5

https://stackoverflow.com/questions/24832082/centos-7-sshd-permission-denied-on-authorized-keys-if-the-users-home-folder-i

https://segmentfault.com/q/1010000000445726

2. 解决 bad ownership or modes for chroot directory component

https://serverfault.com/questions/584986/bad-ownership-or-modes-for-chroot-directory-component

https://askubuntu.com/questions/134425/how-can-i-chroot-sftp-only-ssh-users-into-their-homes

No Comments

No comments yet.

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress