环境:centos 5.5
以下操作全部需要root用户完成:
默认的源openssh版本太低,先增加源:
vim /etc/yum.repos.d/centalt.repo
[CentALT]
name=CentALT Packages for Enterprise Linux 5 - $basearch
baseurl=http://centos.alt.ru/repository/centos/5/$basearch/
enabled=1
gpgcheck=0
更新openssh
yum udpate openssh
2. 增加一个组和用户
groupadd sftponly
useradd -d sftponly_user -g sftponly
3. 创建一个目录,用作sftp的根目录
mkdir -p /var/sftp
4. 配置ssh
vim /etc/ssh/sshd_config:
Subsystem sftp /usr/libexec/openssh/sftp-server
Match group sftp
ChrootDirectory /var/sftp
ForceCommand internal-sftp
AllowTcpForwarding no
GatewayPorts no
X11Forwarding no
重启:
/etc/init.d/sshd restart
参考资料:
http://linuxadminzone.com/upgrade-apachehttpd-to-2-2-17-in-centos-linux/
http://linuxadminzone.com/quickly-upgrade-ssh-openssh-in-centos-linux-to-latest-5-5-version/
http://stackoverflow.com/questions/1526919/linux-shell-to-restrict-sftp-users-to-their-home-directories
http://www.gossamer-threads.com/lists/openssh/dev/44657
http://unixhelp.ed.ac.uk/CGI/man-cgi?sshd_config+5