SFTP连接失败
我想为现有的apache拥有的目录/ var / www / webiste配置用户ftpuser到sftp
我将其添加为新用户并将/ var / www / webiste作为其主目录,
useradd -md /var/www/website -s /bin/bash ftpuser
在sshd_config中 :
Subsystem sftp internal-sftp Match User ftpuser ChrootDirectory /var/www/website X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp
该目录现在由root拥有,并具有对www-data用户的acl权限:
# ls -ltr drwxrwx---+ 5 root root 4096 Nov 8 2012 website # getfacl website/ # file: website/ # owner: root # group: root user::rwx user:www-data:rwx group::rwx group:www-data:rwx
但每当我尝试连接SFTP时,我都会收到以下调试错误:
ftpuser@ftp_server's password: debug3: packet_send2: adding 32 (len 80 padlen 16 extra_pad 64) debug2: we sent a password packet, wait for reply debug1: Authentication succeeded (password). Authenticated to ftp_server ([ftp_server]:22). debug2: fd 4 setting O_NONBLOCK debug3: fd 5 is O_NONBLOCK debug1: channel 0: new [client-session] debug3: ssh_session2_open: channel_new: 0 debug2: channel 0: send open debug1: Requesting no-more-sessions@openssh.com debug1: Entering interactive session. debug1: channel 0: free: client-session, nchannels 1 debug3: channel 0: status: The following connections are open: #0 client-session (t3 r-1 i0/0 o0/0 fd 4/5 cc -1) debug1: fd 0 clearing O_NONBLOCK debug3: fd 1 is not O_NONBLOCK Connection to 104.237.139.76 closed by remote host. Transferred: sent 2408, received 2020 bytes, in 0.0 seconds Bytes per second: sent 627244.1, received 526176.5 debug1: Exit status -1 Couldn't read packet: Connection reset by peer
有什么想法解决这个问题?
编辑:
来自/ var / log / authz :
fatal: bad ownership or modes for chroot directory component "/var/www/"
在sshd_config
使用ChrootDirectory
选项需要对书面文本有一些基本的了解。
这是sshd_config(5)
手册页的快照:
ChrootDirectory
指定
chroot(2)
到身份validation后的目录的路径名。 路径名的所有组件必须是根目录的目录,这些目录不能被任何其他用户或组写入。 在chroot之后,sshd(8)
将工作目录更改为用户的主目录。
这是您的错误日志:
fatal: bad ownership or modes for chroot directory component "/var/www/"
当您添加一个和一个时,您将理解,不仅/var/www/webiste
需要由root拥有,还需要/var/www
和/var
目录,如此处多次提到的那样。