SFTP와 함께 사용하기 위해 proftpd를 구성하고 가상 사용자와 함께 사용하려고 시도하지만 몇 가지 방법을 시도한 후에 가상 사용자와 작동하지 않습니다. 만 시스템 사용자Proftpd : 가상 사용자가 ssh 키를 사용하여 SFTP를 통해 액세스 설정
아래 문제에 대한 일부 설정의 상대, 여기에 전체 proftpd.conf
AuthUserFile /etc/proftpd/passwd.vhosts
<IfModule mod_tls.c>
TLSEngine on
TLSRequired on
TLSRSACertificateFile /etc/ftpd-rsa.pem
TLSRSACertificateKeyFile /etc/ftpd-rsa-key.pem
TLSVerifyClient off
TLSCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
TLSOptions NoSessionReuseRequired
TLSProtocol TLSv1 TLSv1.1 TLSv1.2
</IfModule>
SFTPEngine on
SFTPAuthMethods publickey
SFTPAuthorizedUserKeys file:/etc/proftpd/sftp.passwd.keys/%u
SFTPLog /var/log/proftpd/sftp.log
TransferLog /var/log/proftpd/sftp-xferlog
테스트의 목적을 위해, 나는 castris 시스템 사용자와 관련된 가상 사용자 castrislegio를 만든 작동
castris:PASSWORD_HASH:1004:1004::/home/castris:/usr/libexec/openssh/sftp-server
castrislegio+castris.com:PASSWORD_HASH2:1004:1004:castris:/home/castris/user2:/bin/ftpsh
[email protected]:PASSWORD_HASH2:1004:1004:castris:/home/castris/user2:/bin/ftpsh
또한 시도
castris:PASSWORD_HASH:1004:1004::/home/castris:/usr/libexec/openssh/sftp-server
castrislegio+castris.com:PASSWORD_HASH2:1004:1004:castris:/home/castris/user2:/usr/libexec/openssh/sftp-server
[email protected]:PASSWORD_HASH2:1004:1004:castris:/home/castris/user2:/usr/libexec/openssh/sftp-server
하지만 작동하지 않습니다. 나는이 질문에 대해 잃었어요
sftp -v -P 24 -i .ssh/id_rsa [email protected]
OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Connecting to localhost [127.0.0.1] port 24.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file .ssh/id_rsa type 1
debug1: identity file .ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr [email protected] none
debug1: kex: client->server aes128-ctr [email protected] none
debug1: kex: [email protected] need=16 dh_need=16
debug1: kex: [email protected] need=16 dh_need=16
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 75:87:c9:ef:e7:b1:ae:47:17:0b:e6:8c:e4:6c:2b:7d
debug1: Host '[localhost]:24' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:2
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:0)
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:0)
debug1: Next authentication method: publickey
debug1: Offering RSA public key: .ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
Couldn't read packet: Connection reset by peer
액세스하려고하면
67449929 0 drwx------. 2 root proftpd 51 May 23 12:19 sftp.passwd.keys
...
67449644 4 -rw-rw----. 1 root proftpd 1024 May 23 14:04 castris
70159270 4 -rw-rw----. 1 root proftpd 512 May 23 14:03 [email protected]
70153716 4 -rw-rw----. 1 root proftpd 1024 May 23 14:03 castrislegio+castris.com
내가 넣어 키
ssh-keygen -e -f .ssh/id_rsa.pub >> /etc/proftpd/sftp.passwd.keys/castris
이를 사용합니다. 뭐가 잘못 됐어?
SSH와 SFTP에 대해 동일한 포트를 사용 중입니다. 24 – abkrim
OpenSSH 및 ProFTPd에 대해 동일한 포트를 사용할 수 없으며, 그 중 하나만 해당 포트에서 작동 할 수 있습니다. 다른 포트 중 하나를 이동하십시오 – Jakuje
Ok .. 내 proftpd.conf에서 '포트 24'에 내 ssh conf '포트 24'가 두 개의 서비스와 두 개의 서비스를 다시 시작합니다 ** 정상적인 사용자와 연결을 시도하면 ** 나는 sftp 및 포트 24 – abkrim