问题
I'm trying to set up a client SFTP space on an EC2 ubuntu server, with access restricted to just that user's home directory. There's only about six thousand other threads on this, and I've got most of them open in other tabs. It would appear to be straightforward.
I've done:
$ sudo groupadd loginsftp
$ sudo groupadd loginssh
$ sudo adduser sftpuser
$ sudo gpasswd -a sftpuser loginsftp
$ sudo chown root:root home/sftpuser
$ sudo su sftpuser
$ groups
> sftpuser loginsftp
The bottom of my /etc/ssh/sshd_config looks like:
#Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp
UsePAM yes
Match Group loginssh
PasswordAuthentication no
Match Group loginsftp
PasswordAuthentication yes
ChrootDirectory /home/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
.. and I've restarted ssh service.
But I don't seem to be able to restrict that user login. I can still (from my local machine):
$ sftp sftpuser@ec2-server.amazonaws.com
sftpuser@ec2-server.amazonaws.com's password:
Connected to ec2-server.amazonaws.com.
sftp> pwd
Remote working directory: /home/sftpuser
sftp> cd /var/www
sftp> ls -la
What have I overlooked?
回答1:
Bah. I'm an idiot and should make sure that when I think I've restarted ssh, I have actually restarted ssh.
来源:https://stackoverflow.com/questions/24575033/restricting-sftp-user-to-home-directory