linux – chrooting用户在使用sftp时会导致“连接已关闭”消息

概述首先,我是一个 linux新手,所以请不要假设太多知识.我正在使用CentOS 5.8(最终版)并使用OpenSSH版本5.8p1. 我做了一个用户playwithbits,我试图chroot到目录home / nginx / domains / playwithbits / public 我在sshd_config文件中使用以下匹配语句： Match group web-root-locked 首先,我是一个 linux新手,所以请不要假设太多知识.我正在使用CentOS 5.8(最终版)并使用OpenSSH版本5.8p1.

我做了一个用户playwithbits,我试图chroot到目录home / Nginx / domains / playwithbits / public

我在sshd_config文件中使用以下匹配语句：

Match group web-root-locked         ChrootDirectory /home/Nginx/domains/%u/public         X11Forwarding no         AllowTcpForwarding no         ForceCommand /usr/libexec/openssh/sftp-server

#ID playwithbits返回：uID = 504(playwithbits)gID = 504(playwithbits)groups = 504(playwithbits),507(web-root-locked)

我已将用户的主目录更改为：home / Nginx / domains / playwithbits / public

现在,当我尝试使用此用户时,我立即收到消息：连接已关闭

有谁知道我做错了什么？

编辑：根据@Dennis Williamson的建议我已经在调试模式下连接(我认为……如果我错了,请纠正我).

通过使用chmod将所有文件的递归权限直接设置为700,我取得了一些进展.现在,当我尝试登录时仍然收到以下消息(仍然连接被拒绝)：

Connection from [My ip address] port 38737deBUG1: ClIEnt protocol version 2.0; clIEnt software version OpenSSH_5.6deBUG1: match: OpenSSH_5.6 pat OpenSSH*deBUG1: Enabling compatibility mode for protocol 2.0deBUG1: Local version string SSH-2.0-OpenSSH_5.8deBUG1: permanently_set_uID: 74/74deBUG1: List_hostkey_types: ssh-rsa,ssh-dssdeBUG1: SSH2_MSG_KEXINIT sentdeBUG1: SSH2_MSG_KEXINIT receiveddeBUG1: kex: clIEnt->server aes128-ctr hmac-md5 nonedeBUG1: kex: server->clIEnt aes128-ctr hmac-md5 nonedeBUG1: SSH2_MSG_KEX_DH_GEX_REQUEST receiveddeBUG1: SSH2_MSG_KEX_DH_GEX_GROUP sentdeBUG1: expecting SSH2_MSG_KEX_DH_GEX_INITdeBUG1: SSH2_MSG_KEX_DH_GEX_REPLY sentdeBUG1: SSH2_MSG_NEWKEYS sentdeBUG1: expecting SSH2_MSG_NEWKEYSdeBUG1: SSH2_MSG_NEWKEYS receiveddeBUG1: KEX donedeBUG1: userauth-request for user playwithbits service ssh-connection method nonedeBUG1: attempt 0 failures 0deBUG1: user playwithbits matched group List web-root-locked at line 91deBUG1: PAM: initializing for "playwithbits"deBUG1: PAM: setting PAM_RHOST to [My host info]deBUG1: PAM: setting PAM_TTY to "ssh"deBUG1: userauth-request for user playwithbits service ssh-connection method passworddeBUG1: attempt 1 failures 0deBUG1: PAM: password authentication accepted for playwithbitsdeBUG1: do_pam_account: calledAccepted password for playwithbits from [My ip address] port 38737 ssh2deBUG1: monitor_child_preauth: playwithbits has been authenticated by privileged processdeBUG1: SElinux support DisableddeBUG1: PAM: establishing credentialsUser child is on pID 3942deBUG1: PAM: establishing credentialsChanged root directory to "/home/Nginx/domains/playwithbits/public"deBUG1: permanently_set_uID: 504/504deBUG1: Entering interactive session for SSH2.deBUG1: server_init_dispatch_20deBUG1: server_input_channel_open: ctype session rchan 0 win 2097152 max 32768deBUG1: input_session_requestdeBUG1: channel 0: new [server-session]deBUG1: session_new: session 0deBUG1: session_open: channel 0deBUG1: session_open: session 0: link with channel 0deBUG1: server_input_channel_open: confirm sessiondeBUG1: server_input_global_request: rtype [email protected] want_reply 0deBUG1: server_input_channel_req: channel 0 request env reply 0deBUG1: session_by_channel: session 0 channel 0deBUG1: session_input_channel_req: session 0 req envdeBUG1: server_input_channel_req: channel 0 request subsystem reply 1deBUG1: session_by_channel: session 0 channel 0deBUG1: session_input_channel_req: session 0 req subsystemsubsystem request for sftp by user playwithbitsdeBUG1: subsystem: cannot stat /usr/libexec/openssh/sftp-server: Permission denIEddeBUG1: subsystem: exec() /usr/libexec/openssh/sftp-serverdeBUG1: Forced command (config) '/usr/libexec/openssh/sftp-server'deBUG1: session_new: session 0deBUG1: Received SIGCHLD.deBUG1: session_by_pID: pID 3943deBUG1: session_exit_message: session 0 channel 0 pID 3943deBUG1: session_exit_message: release channel 0deBUG1: session_by_channel: session 0 channel 0deBUG1: session_close_by_channel: channel 0 child 0deBUG1: session_close: session 0 pID 0deBUG1: channel 0: free: server-session,nchannels 1Received disconnect from [My ip address]: 11: disconnected by userdeBUG1: do_cleanupdeBUG1: do_cleanupdeBUG1: PAM: cleanupdeBUG1: PAM: closing sessiondeBUG1: PAM: deleting credentials

解决方法 从服务器端调试时,这些问题总是更容易.我建议在调试模式下启动第二台服务器,例如/usr/sbin / sshd -p 2222 -d.然后,您可以使用sftp -P 2222 user @ remotehost从您的客户端连接,并期望服务器告诉您它为什么断开连接.很可能存在权限问题,我的猜测是您不满足主目录由root拥有的要求. 总结

以上是内存溢出为你收集整理的linux – chrooting用户在使用sftp时会导致“连接已关闭”消息全部内容，希望文章能够帮你解决linux – chrooting用户在使用sftp时会导致“连接已关闭”消息所遇到的程序开发问题。

如果觉得内存溢出网站内容还不错，欢迎将内存溢出网站推荐给程序员好友。