태터데스크 관리자

도움말
닫기
적용하기   첫페이지 만들기

태터데스크 메시지

저장하였습니다.

HP-UX sftp 계정 chroot 적용

IT/Unix|2011. 2. 22. 15:10
SFTP 만을 사용 하는 계정에 chroot 적용 하는 방법입니다..

일단 테스트한 서버는 11iV2 PA 에 Secure Shell A.05.60.002 입니다.

host1:/opt/ssh/utils>swlist -l bundle |grep -i secure
  OpenSSL                       A.00.09.07m.042 Secure Network Communications Protocol 
  T1471AA                       A.05.60.002    HP-UX Secure Shell 

host1:/opt/ssh/utils>ll
total 144
-r-xr-xr-x   1 bin        bin           1090 Sep 18 15:44 cpfiles_chroot_migrate.sh
-r-xr-xr-x   1 bin        bin           1678 Sep 18 15:45 sftponly
-r-x------   1 root       sys          43544 Sep 18 15:46 ssh_chroot_setup.sh
-r-xr-xr-x   1 bin        bin           1323 Sep 18 15:47 ssh_keyscan.sh

1. sftp 사용할 계정 생성

host1:/opt/ssh/utils>useradd -m -d /home/sftpest -k /etc/skel -s /bin/sh sftptest

2. 생성한 계정 chroot 적용
host1:/opt/ssh/utils>sh ssh_chroot_setup.sh
 Please wait. Chroot setup now checks for necessary files on the system 

 

 Note: /etc/nsswitch.conf not found 



 Completed...Press return key to continue... [엔터]

     HP SECURE SHELL: CHROOT ENVIRONMENT SETUP - MAIN MENU
         -----------------------------------------------------

         Select one of the option below

         1.Configure a chroot enviroment

         2.Exit



         Enter your choice : 1 [엔터]

         Chroot setup
        ---------------

         User name (Maximum eight chars) : sftptest
         chroot setup checks for user details 

         Enter the new root directory for sftptest with absolute path (or press return for default(/newroot)): /home/sftptest
         ---------------------------------
         Select chroot secure shell option
         ----------------------------------
         1 sftp
         2 ssh & sftp & scp
         press return key to skip this step 


         Option : 1 [엔터]

         chroot setup for sftp operations

         IMPORTANT NOTE:
         This setup will make sure that sftp works in your chroot environment
         It should not be interpreted as a restrictive sftp-only Shell.
         This setup simply copies the files required for sftp to the appropriate directories under the newroot.


         Now configuring the chroot environment for sftp ...finished

         Summary 
         --------

         Chroot-ed user : sftptest  

         Chroot-ed user's new root directory : /home/sftptest 

         Secure Shell configuration : SFTP

         press Return key [엔터]

         HP SECURE SHELL: CHROOT ENVIRONMENT SETUP - MAIN MENU
         -----------------------------------------------------

         Select one of the option below

         1.Configure a chroot enviroment

         2.Exit



         Enter your choice : 2 [엔터]

3. sftp 용 shell copy
host1:/opt/ssh/utils>cp sftponly /opt/ssh/etc
host1:/opt/ssh/utils>chown bin;bin /opt/ssh/etc/sftponly
host1:/opt/ssh/utils>chmod 755 /opt/ssh/etc/sftponly

4. sftp 계정 shell 변경
host1:/opt/ssh/utils>vi /etc/passwd

[변경전]
sftptest:*:121:20:chrooted user:/home/sftptest/./home/sftptest:/bin/sh
[변경후]
sftptest:*:121:20:chrooted user:/home/sftptest/./home/sftptest:/opt/ssh/etc/sftponly

5. chroot 디렉토리 권한 변경
host1:/home/sftptest>mkdir opt/ssh/etc 
host1:/home/sftptest>chmod 555 opt/ssh/etc
host1:/home/sftptest>chown bin:bin opt/ssh/etc
host1:/home/sftptest>cp /opt/ssh/etc/sftponly opt/ssh/etc
host1:/home/sftptest>chmod 555 opt/ssh/etc/sftponly
host1:/home/sftptest>chown bin:bin opt/ssh/etc/sftponly
host1:/home/sftptest>chmod 555 ./*
host1:/home/sftptest>chown bin:bin ./*
host1:/home>chown sftptest:users sftptest

6. 완료후 TEST
host1:/home>sftp sftptest@localhost                                     
Password: 
Connected to localhost.
sftp> ls
sftp> pwd
Remote working directory: /home/sftptest
sftp> cd /
sftp> pwd
Remote working directory: /
sftp> ls
bin   dev   etc   home  opt   sbin  usr   var   
sftp> ls -al [ / 임에도 불구하고 아까 만들어놓은 파일만 보입니다. ]
drwxr-xr-x   10 sftptest users        8192 Feb 22 13:05 .
drwxr-xr-x   10 sftptest users        8192 Feb 22 13:05 ..
-r--r--r--    1 sftptest users         831 Feb 22 13:04 .cshrc
-r--r--r--    1 sftptest users         347 Feb 22 13:04 .exrc
-r--r--r--    1 sftptest users         333 Feb 22 13:04 .login
-r--r--r--    1 sftptest users         438 Feb 22 13:04 .profile
-rw-------    1 sftptest users           2 Feb 22 13:05 .sh_history
dr-xr-xr-x    2 bin      bin            96 Feb 22 13:06 bin
dr-xr-xr-x    2 bin      bin            96 Feb 22 13:06 dev
dr-xr-xr-x    2 bin      bin            96 Feb 22 13:06 etc
dr-xr-xr-x    3 bin      bin            96 Feb 22 13:05 home
dr-xr-xr-x    4 bin      bin            96 Feb 22 13:05 opt
dr-xr-xr-x    2 bin      bin            96 Feb 22 13:05 sbin
dr-xr-xr-x    5 bin      bin            96 Feb 22 13:05 usr
dr-xr-xr-x    3 bin      bin            96 Feb 22 13:05 var

태그 : , , , ,

댓글()