Configure sftp under Red Hat 4.8.5 and restrict users to access directories
1. Create users and set groups
groupadd ftp
useradd nnftp
passwd nnftp
usermod nnftp -g ftp
mkdir -p /data/ftpdata/nnftp
usermod nnftp -d /data/ftpdata/nnftp
2. Modify the configuration file /etc/ssh/sshd_config, and add the following content at the end of the file:
1) Comment out this line
#Subsystem sftp /usr/libexec/openssh/sftp-server
2)文件末尾增加以下内容
Subsystem sftp internal-sftp
# This section must be placed at the very end of sshd_config
Match Group ftp
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no
3. Execute the following command to restart the service
systemctl restart sshd
4. Try SFTP login
sftp -oPort=22 [email protected]
After entering the FTP user password, the connection is closed, prompting: packet_write_wait: Connection to 10.0.3.23 port 22: Broken pipe
5. Check the system log
tail -300 /var/log/secure
See the following error in the SFTP login information:
fatal: bad ownership or modes for chroot directory component “/data/ftpdata/nnftp/” [postauth]
Judging that it may be a directory permission problem, execute the following command:
chown root:ftp /data/ftpdata/nnftp
Try SFTP login again successfully!
Remarks
There are two points to be followed in setting directory permissions:
the owner and group must be root for the directory permission set by ChrootDirectory and all its upper-level folder permissions;
only the owner of the directory permission set by ChrootDirectory and all its upper-level folder permissions Can have write permission, the maximum permission setting can only be 755.