CentOS7下配置锁定目录的SFTP
1.创建用户及密码;
用户名sky 密码123456
useradd sky && echo "123456"|passwd --stdin sky
2.创建sftp的宿主目录及权限;
宿主目录的宿主组必须是root;
sftp宿主目录/data/sftp
mkdir -p /data/sftp
chown root:root /data/sftp
3.创建用户的宿主目录及权限;
用户sky的sftp目录为/data/sftp/sftp_sky
mkdir -p /data/sftp/sftp_sky
chmod 755 /data/sftp/sftp_sky
chown sky:sky /data/sftp/sftp_sky
4.修改ssh的配置
编辑/etc/ssh/sshd.conf添加内容
#Subsystem sftp /usr/libexec/openssh/sftp-server #此行注释
Subsystem sftp /usr/libexec/openssh/sftp-server -l INFO -f local5
LogLevel INFO
Match User sky # 用户名
ChrootDirectory /data/sftp # 用户宿主目录
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp -l INFO -f local5
5.修改rsyslog的配置
编辑/etc/rsyslog.conf 添加到最后一行
auth,authpriv.*,local5.* #/var/log/sftp.log
6.重启服务
systemctl restart rsyslog
systemctl restart sshd
7.测试
tail -f /var/log/secure
Dec 4 14:57:39 vm7 sshd[2112]: Accepted password for sky from 172.17.1.6 port 49251 ssh2
Dec 4 14:57:39 vm7 sshd[2112]: pam_unix(sshd:session): session opened for user sky by (uid=0)
Dec 4 14:57:39 vm7 sshd[2112]: session opened for local user sky from [172.17.1.6] [postauth]
Dec 4 14:57:39 vm7 sshd[2112]: opendir "/" [postauth]
Dec 4 14:57:41 vm7 sshd[2112]: closedir "/" [postauth]
Dec 4 14:57:43 vm7 sshd[2112]: opendir "/sftp_sky" [postauth]
Dec 4 14:57:44 vm7 sshd[2112]: closedir "/sftp_sky" [postauth]
Dec 4 14:58:33 vm7 sshd[2112]: remove name "/sftp_sky/\\346\\227\\245\\345\\277\\227.xlsx" [postauth]
Dec 4 14:58:33 vm7 sshd[2112]: opendir "/sftp_sky" [postauth]
Dec 4 14:58:34 vm7 sshd[2112]: closedir "/sftp_sky" [postauth]
Dec 4 14:58:57 vm7 sshd[2112]: open "/sftp_sky/centos7.rtf" flags WRITE,CREATE,TRUNCATE mode 0666 [postauth]
Dec 4 14:58:57 vm7 sshd[2112]: close "/sftp_sky/centos7.rtf" bytes read 0 written 7 [postauth]
Dec 4 14:58:57 vm7 sshd[2112]: set "/sftp_sky/centos7.rtf" modtime 20181104-16:58:45 [postauth]
Dec 4 14:58:57 vm7 sshd[2112]: opendir "/sftp_sky" [postauth]
Dec 4 14:58:58 vm7 sshd[2112]: closedir "/sftp_sky" [postauth]
Dec 4 14:59:04 vm7 sshd[2112]: open "/centos7.rtf" flags WRITE,CREATE,TRUNCATE mode 0666 [postauth]
Dec 4 14:59:04 vm7 sshd[2112]: sent status Permission denied [postauth]
Dec 4 14:59:04 vm7 sshd[2112]: sent status No such file [postauth]
Dec 4 14:59:07 vm7 sshd[2112]: opendir "/" [postauth]
Dec 4 14:59:08 vm7 sshd[2112]: closedir "/" [postauth]
Dec 4 14:59:14 vm7 sshd[2112]: open "/sftp_sky/\\346\\227\\245\\345\\277\\227.xlsx" flags WRITE,CREATE,TRUNCATE mode 0666 [postauth]
Dec 4 14:59:14 vm7 sshd[2112]: close "/sftp_sky/\\346\\227\\245\\345\\277\\227.xlsx" bytes read 0 written 11597 [postauth]
Dec 4 14:59:14 vm7 sshd[2112]: set "/sftp_sky/\\346\\227\\245\\345\\277\\227.xlsx" modtime 20181014-09:16:57 [postauth]
Dec 4 14:59:14 vm7 sshd[2112]: opendir "/sftp_sky" [postauth]
Dec 4 14:59:15 vm7 sshd[2112]: closedir "/sftp_sky" [postauth]