Jun 25 2009

SFTP and ChrootDirectory

Category: 技术ssmax @ 15:41:42

如果想只开放一个sftp服务器给用户,用openssh 5.0以上的版本很容易做到

openssh 新版自带一个自己实现的sftp server




Subsystem       sftp    internal-sftp

Match User sftpuser
    ChrootDirectory /home/sftpuser
    X11Forwarding no
    AllowTcpForwarding no
    ForceCommand internal-sftp

chown root.root  /home/sftpuser
key验证可以正常放在/home/sftpuser/.ssh 里面即可。


             The ChrootDirectory must contain the necessary files and directories to support the users’ session.  For an interactive session this
             requires at least a shell, typically sh(1), and basic /dev nodes such as null(4), zero(4), stdin(4), stdout(4), stderr(4), arandom(4) and
             tty(4) devices.  For file transfer sessions using “sftp”, no additional configuration of the environment is necessary if the in-process sftp
             server is used (see Subsystem for details).

Leave a Reply