以前在上海做过一次,那次是只允许sftp,但是不允许登录,我记得是用新版openssh的chroot来做的,今天也碰到同样情况,这次是允许scp,不允许登录,查了一下baidu,找到一个非常淫荡的方法,分享一下:
更改用户目录下面的.profile 文件(bash就改 .bash_profile)
第一行插入 exit
用户登录以后就自动执行该脚本并退出。。。一般用用就够了,哈哈。果然非常淫荡啊!
- Calendar:
-
December 2024 S M T W T F S 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
-
- Pages:
- 猪朋狗友
- Categories:
- Archives:
- December 2023
- February 2020
- May 2016
- February 2015
- January 2015
- December 2014
- November 2013
- October 2013
- August 2013
- June 2013
- May 2013
- October 2012
- September 2012
- August 2012
- July 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- January 2011
- November 2010
- August 2010
- June 2010
- April 2010
- March 2010
- February 2010
- December 2009
- November 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- May 2007
- April 2007
- March 2007
- February 2007
- December 2006
- September 2006
- August 2006
- July 2006
- June 2006
- March 2006
- January 2006
- December 2005
- Meta:
January 20th, 2012 14:54:22
强大~~
August 22nd, 2012 23:58:29
/etc/passwd里写/sbin/nologin比较标准吧? exit的话,如果用户通过scp覆盖掉这个文件呢?
August 31st, 2012 20:11:42
恩,说的也是,不过nologin的话,scp也运行不了,看来只放行scp也是比较麻烦啊,还是chroot来的安全。呵呵。