아무도 같은 문제가 있었습니까?
나는 sshd에 chroot를 설정하고 있었다 (OpenSSH_6.7p1 Debian-5 + deb8u3, OpenSSL 1.0.1t 2016 년 5 월 3 일; Debian Jessie)
결과적으로 WinScp는 성공적으로 로그인하고 퍼티는 다음과 같은 오류로 닫힙니다. 홈 디렉토리 / home / USER에 chdir 할 수 없습니다. 해당 파일이나 디렉토리가 없습니다.
그러나 chroot dir에 emty 디렉토리 / home / USER를 만들었습니다.
sshd 로그 :
Jan 8 15:03:36 NAS sshd[30389]: Connection from 192.168.1.106 port 49939 on 192.168.1.99 port 22
Jan 8 15:03:38 NAS sshd[30389]: Postponed keyboard-interactive for USER from 192.168.1.106 port 49939 ssh2 [preauth]
Jan 8 15:03:44 NAS sshd[30389]: Postponed keyboard-interactive/pam for USER from 192.168.1.106 port 49939 ssh2 [preauth]
Jan 8 15:03:44 NAS sshd[30389]: Accepted keyboard-interactive/pam for USER from 192.168.1.106 port 49939 ssh2
Jan 8 15:03:44 NAS sshd[30389]: pam_unix(sshd:session): session opened for user USER by (uid=0)
Jan 8 15:03:44 NAS systemd[1]: Starting user-1000.slice.
Jan 8 15:03:44 NAS systemd[1]: Created slice user-1000.slice.
Jan 8 15:03:44 NAS systemd[1]: Starting User Manager for UID 1000...
Jan 8 15:03:44 NAS systemd-logind[467]: New session c113 of user USER.
Jan 8 15:03:44 NAS systemd[1]: Starting Session c113 of user USER.
Jan 8 15:03:44 NAS systemd[1]: Started Session c113 of user USER.
Jan 8 15:03:44 NAS systemd: pam_unix(systemd-user:session): session opened for user USER by (uid=0)
Jan 8 15:03:45 NAS systemd[30398]: Starting Paths.
Jan 8 15:03:45 NAS systemd[30398]: Reached target Paths.
Jan 8 15:03:45 NAS systemd[30398]: Starting Timers.
Jan 8 15:03:45 NAS systemd[30398]: Reached target Timers.
Jan 8 15:03:45 NAS systemd[30398]: Starting Sockets.
Jan 8 15:03:45 NAS systemd[30398]: Reached target Sockets.
Jan 8 15:03:45 NAS systemd[30398]: Starting Basic System.
Jan 8 15:03:45 NAS systemd[30398]: Reached target Basic System.
Jan 8 15:03:45 NAS systemd[30398]: Starting Default.
Jan 8 15:03:45 NAS systemd[30398]: Reached target Default.
Jan 8 15:03:45 NAS systemd[30398]: Startup finished in 383ms.
Jan 8 15:03:45 NAS systemd[1]: Started User Manager for UID 1000.
Jan 8 15:03:45 NAS sshd[30389]: User child is on pid 30407
Jan 8 15:03:45 NAS sshd[30407]: Changed root directory to "/home/USER"
Jan 8 15:03:45 NAS sshd[30389]: pam_unix(sshd:session): session closed for user USER
Jan 8 15:03:45 NAS systemd-logind[467]: Removed session c113.
Jan 8 15:03:45 NAS systemd[1]: Stopping User Manager for UID 1000...
Jan 8 15:03:45 NAS systemd[30398]: Stopping Default.
Jan 8 15:03:45 NAS systemd[30398]: Stopped target Default.
Jan 8 15:03:45 NAS systemd[30398]: Stopping Basic System.
Jan 8 15:03:45 NAS systemd[30398]: Stopped target Basic System.
Jan 8 15:03:45 NAS systemd[30398]: Stopping Paths.
Jan 8 15:03:45 NAS systemd[30398]: Stopped target Paths.
Jan 8 15:03:45 NAS systemd[30398]: Stopping Timers.
Jan 8 15:03:45 NAS systemd[30398]: Stopped target Timers.
Jan 8 15:03:45 NAS systemd[30398]: Stopping Sockets.
Jan 8 15:03:45 NAS systemd[30398]: Stopped target Sockets.
Jan 8 15:03:45 NAS systemd[30398]: Starting Shutdown.
Jan 8 15:03:45 NAS systemd[30398]: Reached target Shutdown.
Jan 8 15:03:45 NAS systemd[30398]: Starting Exit the Session...
Jan 8 15:03:45 NAS systemd[30398]: Received SIGRTMIN+24 from PID 30419 (kill).
Jan 8 15:03:45 NAS systemd: pam_unix(systemd-user:session): session closed for user USER
Jan 8 15:03:45 NAS systemd[1]: Stopped User Manager for UID 1000.
Jan 8 15:03:45 NAS systemd[1]: Stopping user-1000.slice.
Jan 8 15:03:45 NAS systemd[1]: Removed slice user-1000.slice.
이것이 chroot를 만든 방법입니다.
mkdir -p /DataVolume/USER/{dev,etc,lib,usr,bin}
mkdir -p /DataVolume/USER/usr/bin
mknod -m 666 /DataVolume/USER/dev/null c 1 3
cd /DataVolume/USER/etc
cp /etc/ld.so.cache .
cp /etc/ld.so.conf .
cp /etc/nsswitch.conf .
cp /etc/hosts .
cd /DataVolume/USER/usr/bin
cp /bin/ls .
cp /bin/bash .
cd /sbin
wget -O l2chroot http://www.cyberciti.biz/files/lighttpd/l2chroot.txt
chmod +x l2chroot
chown root: /DataVolume/USER &&
chmod 755 /DataVolume/USER
mkdir -p /home/USER
mount -o bind /DataVolume/USER /home/USER
sshd 설정 :
Subsystem sftp internal-sftp -f AUTH -l VERBOSE
Match user USER
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no
PermitTunnel no
AllowAgentForwarding no
X11Forwarding no
사용자:
USER:x:1000:1003::/home/USER:/bin/rbash
"ForceCommand internal-sftp"라고 주석을 달아도 winscp가 연결되지 않습니다. chrooting 사용자에게는이 모드가 필요하다는 것을 알고 있습니다.
—
OddStan
그 외에도 "서브 시스템 sftp internal-sftp -f AUTH -l VERBOSE"는 USER에 대한 특정 구성이 아니기 때문에 어떤 영향도 미치지 않습니다. ). chroot되지 않은 다른 사용자는 퍼티와 연결됩니다
—
OddStan
ForceCommand internal-sftp이것은 사용자를 SFTP로 제한합니다. 사용자가 명령 행 세션을 열게하려면이 행을 그대로 두어야합니다. 이것이 유일한 문제인지 모르겠습니다.