将SFTP用户限制为主目录 [英] Restricting SFTP user to home directory

问题描述

我正在尝试在EC2 ubuntu服务器上设置客户端SFTP空间，并且访问仅限于该用户的主目录.这个上只有大约六千个其他线程，而我大多数都在其他选项卡中打开.看起来很简单.

I'm trying to set up a client SFTP space on an EC2 ubuntu server, with access restricted to just that user's home directory. There's only about six thousand other threads on this, and I've got most of them open in other tabs. It would appear to be straightforward.

我已经完成:

$ sudo groupadd loginsftp
$ sudo groupadd loginssh
$ sudo adduser sftpuser
$ sudo gpasswd -a sftpuser loginsftp
$ sudo chown root:root home/sftpuser


$ sudo su sftpuser
$ groups
> sftpuser loginsftp

我的/etc/ssh/sshd_config的底部看起来像:

The bottom of my /etc/ssh/sshd_config looks like:

#Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp

UsePAM yes

Match Group loginssh
  PasswordAuthentication no

Match Group loginsftp
  PasswordAuthentication yes
  ChrootDirectory /home/%u
  X11Forwarding no
  AllowTcpForwarding no
  ForceCommand internal-sftp

..并且我已经重新启动了ssh服务.

.. and I've restarted ssh service.

但是我似乎无法限制该用户登录.我仍然可以(从本地计算机上):

But I don't seem to be able to restrict that user login. I can still (from my local machine):

$ sftp sftpuser@ec2-server.amazonaws.com
sftpuser@ec2-server.amazonaws.com's password:
Connected to ec2-server.amazonaws.com.
sftp> pwd
Remote working directory: /home/sftpuser
sftp> cd /var/www
sftp> ls -la

我忽略了什么?

推荐答案

B.我是个白痴，应该确保当我认为重新启动ssh时，实际上已经重新启动ssh.

Bah. I'm an idiot and should make sure that when I think I've restarted ssh, I have actually restarted ssh.

这篇关于将SFTP用户限制为主目录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！