jpuyy的网志

Think before you speak, read before you think.

sftp chroot

by

jpuyy
in 
# cat /etc/ssh/sshd_config  | grep -vE '^#|^$'
AuthorizedKeysCommand /usr/bin/google_authorized_keys
AuthorizedKeysCommandUser root
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
SyslogFacility AUTHPRIV
PermitRootLogin no
AuthorizedKeysFile      .ssh/authorized_keys
PasswordAuthentication no
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
UsePAM yes
X11Forwarding yes
ClientAliveInterval 420
UseDNS no
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
Subsystem sftp internal-sftp
Match User user1
   ChrootDirectory /data/chroot/%u
   ForceCommand internal-sftp
   AllowTcpForwarding no
   X11Forwarding no

https://serverfault.com/a/656756

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *