CentOS7下配置锁定目录的SFTP

1.创建用户及密码;

用户名sky 密码123456

useradd  sky && echo "123456"|passwd --stdin sky

2.创建sftp的宿主目录及权限;

宿主目录的宿主组必须是root;

sftp宿主目录/data/sftp
mkdir -p /data/sftp
chown root:root /data/sftp

3.创建用户的宿主目录及权限;

用户sky的sftp目录为/data/sftp/sftp_sky

mkdir -p /data/sftp/sftp_sky
chmod 755 /data/sftp/sftp_sky
chown sky:sky /data/sftp/sftp_sky

4.修改ssh的配置

编辑/etc/ssh/sshd.conf添加内容

#Subsystem	sftp	/usr/libexec/openssh/sftp-server #此行注释
Subsystem sftp /usr/libexec/openssh/sftp-server -l INFO -f local5
LogLevel INFO

Match User sky # 用户名
	ChrootDirectory /data/sftp # 用户宿主目录
	X11Forwarding no
	AllowTcpForwarding no
	ForceCommand internal-sftp -l INFO -f local5

5.修改rsyslog的配置

编辑/etc/rsyslog.conf 添加到最后一行

auth,authpriv.*,local5.* #/var/log/sftp.log

6.重启服务

systemctl restart rsyslog
systemctl restart sshd

7.测试


tail -f /var/log/secure

Dec  4 14:57:39 vm7 sshd[2112]: Accepted password for sky from 172.17.1.6 port 49251 ssh2
Dec  4 14:57:39 vm7 sshd[2112]: pam_unix(sshd:session): session opened for user sky by (uid=0)
Dec  4 14:57:39 vm7 sshd[2112]: session opened for local user sky from [172.17.1.6] [postauth]
Dec  4 14:57:39 vm7 sshd[2112]: opendir "/" [postauth]
Dec  4 14:57:41 vm7 sshd[2112]: closedir "/" [postauth]
Dec  4 14:57:43 vm7 sshd[2112]: opendir "/sftp_sky" [postauth]
Dec  4 14:57:44 vm7 sshd[2112]: closedir "/sftp_sky" [postauth]
Dec  4 14:58:33 vm7 sshd[2112]: remove name "/sftp_sky/\\346\\227\\245\\345\\277\\227.xlsx" [postauth]
Dec  4 14:58:33 vm7 sshd[2112]: opendir "/sftp_sky" [postauth]
Dec  4 14:58:34 vm7 sshd[2112]: closedir "/sftp_sky" [postauth]
Dec  4 14:58:57 vm7 sshd[2112]: open "/sftp_sky/centos7.rtf" flags WRITE,CREATE,TRUNCATE mode 0666 [postauth]
Dec  4 14:58:57 vm7 sshd[2112]: close "/sftp_sky/centos7.rtf" bytes read 0 written 7 [postauth]
Dec  4 14:58:57 vm7 sshd[2112]: set "/sftp_sky/centos7.rtf" modtime 20181104-16:58:45 [postauth]
Dec  4 14:58:57 vm7 sshd[2112]: opendir "/sftp_sky" [postauth]
Dec  4 14:58:58 vm7 sshd[2112]: closedir "/sftp_sky" [postauth]
Dec  4 14:59:04 vm7 sshd[2112]: open "/centos7.rtf" flags WRITE,CREATE,TRUNCATE mode 0666 [postauth]
Dec  4 14:59:04 vm7 sshd[2112]: sent status Permission denied [postauth]
Dec  4 14:59:04 vm7 sshd[2112]: sent status No such file [postauth]
Dec  4 14:59:07 vm7 sshd[2112]: opendir "/" [postauth]
Dec  4 14:59:08 vm7 sshd[2112]: closedir "/" [postauth]
Dec  4 14:59:14 vm7 sshd[2112]: open "/sftp_sky/\\346\\227\\245\\345\\277\\227.xlsx" flags WRITE,CREATE,TRUNCATE mode 0666 [postauth]
Dec  4 14:59:14 vm7 sshd[2112]: close "/sftp_sky/\\346\\227\\245\\345\\277\\227.xlsx" bytes read 0 written 11597 [postauth]
Dec  4 14:59:14 vm7 sshd[2112]: set "/sftp_sky/\\346\\227\\245\\345\\277\\227.xlsx" modtime 20181014-09:16:57 [postauth]
Dec  4 14:59:14 vm7 sshd[2112]: opendir "/sftp_sky" [postauth]
Dec  4 14:59:15 vm7 sshd[2112]: closedir "/sftp_sky" [postauth]
posted @ 2020-12-04 15:09  PlayOn  阅读(718)  评论(0编辑  收藏  举报