创建用户,设置密码
1
2
3
4
5
6
7
8
| sudo groupadd sftp-grp
sudo useradd -s /bin/false -m -G sftp-grp,www-data sftpuser
sudo chpasswd <<< "sftpuser:123456"
#设置密钥,密钥密码为空,可选项
sudo -u sftpuser ssh-keygen -f ~sftpuser/.ssh/id_rsa -t rsa -N ''
sudo cat ~sftpuser/.ssh/id_rsa.pub | sudo -u sftpuser tee -a ~sftpuser/.ssh/authorized_keys
sudo chmod 600 ~sftpuser/.ssh/authorized_keys
|
修改sshd_config文件,ChrootDirectory配置的目录属主必须是root:root且权限是0755
1
| sudo sed -ri 's%(Subsystem[[:blank:]]sftp[[:blank:]]/usr/lib/openssh/sftp-server)%#\1\nSubsystem\tsftp\tinternal-sftp%' /etc/ssh/sshd_config
|
1
2
3
4
5
6
7
8
| sudo tee -a /etc/ssh/sshd_config << EOF
Match Group sftp-grp
#ChrootDirectory %h
ChrootDirectory /srv
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no
EOF
|
1
| sudo systemctl reload ssh
|
