OpenSsh: Unterschied zwischen den Versionen

Aus Info-Theke
Zur Navigation springen Zur Suche springen
← Zum vorherigen VersionsunterschiedZum nächsten Versionsunterschied →
Keine Bearbeitungszusammenfassung
Zeile 20: Zeile 20:


rsync -e "ssh -i /home/jonny/id_rsa" /home backup@backup.example.com
rsync -e "ssh -i /home/jonny/id_rsa" /home backup@backup.example.com
</pre>
== SFTP-chroot-Umgebung ==
* /etc/ssh/sshd_config
<pre>Match Group sftponly
        ChrootDirectory /home/%u
        ForceCommand internal-sftp
        AllowTcpForwarding no
</pre>
oder
<pre>Match User jonny
        ChrootDirectory /opt/jail_jonny
        ForceCommand internal-sftp
        AllowTcpForwarding no
</pre>
* /usr/local/bin/MkJail:
<pre>#! /bin/bash
function MkJail(){
local base=$1
local publicdir=$2
local localdir=$3
if [ ! -d $base ] ; then
echo "not a directory: $base
exit 1
fi
if [! -d $publicdir ] ; then
echo "not a directory: $publicdir
exit 1
fi
for dir in bin proc lib lib64 usr ; do
mkdir -p /$base/$dir
mount -o bind /$dir $base/$dir
done
mkdir -p $base/$localdir
mount -o bind $publicdir $base/$localdir
}
case $1 in
ftpshop)
MkJail /opt/jail_shop /srv/www/ueberkinger-shop.com shop
;;
ftpsite)
MkJail /opt/jail_site /srv/www/ueberkinger.com www
;;
*)
echo "usage MkJail { ftpshop | ftpsite }"
;;
esac
</pre>
</pre>

Version vom 23. August 2017, 13:17 Uhr


Konfiguration

Schlüsselgenerierung

 ssh-keygen -t rsa -b 4096

ssh-Sitzung mit Schlüssel

  • id_rsa.pub auf dem Zielrechner in die Datei authorized_keys eintragen
  • Verzeichnis ist das Homeverzeichnis des Users, mit dem angemeldet wird.
chmod 755 .ssh
chmod 600 .ssh/authorized_keys

Kommandos

ssh -i /home/jonny/id_rsa jonny@extern.host.de

rsync -e "ssh -i /home/jonny/id_rsa" /home backup@backup.example.com

SFTP-chroot-Umgebung

  • /etc/ssh/sshd_config
Match Group sftponly
        ChrootDirectory /home/%u
        ForceCommand internal-sftp
        AllowTcpForwarding no

oder 

Match User jonny
        ChrootDirectory /opt/jail_jonny
        ForceCommand internal-sftp
        AllowTcpForwarding no
  • /usr/local/bin/MkJail:
#! /bin/bash
function MkJail(){
	local base=$1
	local publicdir=$2
	local localdir=$3
 	if [ ! -d $base ] ; then
		echo "not a directory: $base
		exit 1
	fi
	if [! -d $publicdir ] ; then
		echo "not a directory: $publicdir
		exit 1
	fi
	for dir in bin proc lib lib64 usr ; do
		mkdir -p /$base/$dir
		mount -o bind /$dir $base/$dir 
	done
	mkdir -p $base/$localdir
	mount -o bind $publicdir $base/$localdir
}
case $1 in
ftpshop)
	MkJail /opt/jail_shop /srv/www/ueberkinger-shop.com shop
	;;
ftpsite)
	MkJail /opt/jail_site /srv/www/ueberkinger.com www
	;;
*)
	echo "usage MkJail { ftpshop | ftpsite }"
	;;
esac
Abgerufen von „https://wiki.hamatoma.de/index.php?title=OpenSsh&oldid=809