sftp chroot目录下的公钥授权

我想添加公钥授权到我的sftp chroot目录，但我总是得到：

debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/test/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey debug2: we did not send a packet, disable method debug1: No more authentication methods to try. Permission denied (publickey). Couldn't read packet: Connection reset by peer

因为密码授权是可能的，所以Chroot工作。我有这个主机上没有chroot的其他帐户，它与此密钥一起工作。我尝试了很多次，但仍然不起作用。

在auth.log服务器上只有：连接closuresxxx [preauth]

这是我的目录：

 ls -laR /sftp/ /sftp/: total 12 drwxr-xr-x 3 root root 4096 May 3 16:55 . drwxr-xr-x 23 root root 4096 May 3 14:46 .. drwxr-xr-x 3 root root 4096 May 3 16:45 backup /sftp/backup: total 12 drwxr-xr-x 3 root root 4096 May 3 16:45 . drwxr-xr-x 3 root root 4096 May 3 16:55 .. drwxr-xr-x 3 backup sftpusers 4096 May 3 16:55 incoming /sftp/backup/incoming: total 12 drwxr-xr-x 3 backup sftpusers 4096 May 3 16:55 . drwxr-xr-x 3 root root 4096 May 3 16:45 .. drwx------ 2 backup sftpusers 4096 May 3 21:06 .ssh /sftp/backup/incoming/.ssh: total 12 drwx------ 2 backup sftpusers 4096 May 3 21:06 . drwxr-xr-x 3 backup sftpusers 4096 May 3 16:55 .. -rw------- 1 backup sftpusers 391 May 3 21:06 authorized_keys

我的用户：

 backup:x:1002:1003::/incoming:/usr/sbin/nologin

我的SSHconfiguration：

 Match Group sftpusers ChrootDirectory /sftp/%u AuthorizedKeysFile /sftp/backup/incoming/.ssh/authorized_keys ForceCommand internal-sftp AllowTcpForwarding no X11Forwarding no

请帮忙。

我尝试了这个解决方案（将AuthorizedKeysFile放入Match块）和sshd -T抱怨：

 /etc/ssh/sshd_config line 153: Directive 'AuthorizedKeysFile' is not allowed within a Match block

（RHEL 6.6，openssh 5.3p1-104）

解决方案：authorized_keys文件（和用户的.ssh目录）必须存在于由chroot目录之外的/ etc / passwd定义的主目录位置中。

例如（使用OP用户名/ uids）：
/ etc / passwd中：

 backup:x:1002:1003::/home/backup:/sbin/nologin

创建由root拥有的目录/home/backup
创建目录/home/backup/.ssh ，将所有权改为备份， chmod 700 /home/backup/.ssh
将authorized_keys文件复制到/home/backup/.ssh chmod 400 authorized_keys

 ls -laR /home /home: total 12 drwxr-xr-x 3 root root 4096 Jul 9 12:25 . drwxr-xr-x 3 root root 4096 Sep 22 2014 .. drwxr-xr-x 3 root root 4096 Jul 9 12:25 backup /home/backup: total 12 drwxr-xr-x 3 root root 4096 Jul 9 12:25 . drwxr-xr-x 3 root root 4096 Jul 9 12:25 .. drwx------ 3 backup sftpusers 4096 Jul 9 12:28 .ssh /home/backup/.ssh: total 12 drwx------ 3 backup sftpusers 4096 Jul 9 12:28 . drwxr-xr-x 3 root root 4096 Jul 9 12:25 .. -r-------- 3 backup sftpusers 391 Jul 9 12:29 authorized_keys

/ etc / ssh / sshd_config变成：

 Match Group sftpusers ChrootDirectory /sftp/%u ForceCommand internal-sftp AllowTcpForwarding no X11Forwarding no

那么chroot目录结构是：

 ls -laR /sftp/ /sftp/: total 12 drwxr-xr-x 3 root root 4096 May 3 16:55 . drwxr-xr-x 23 root root 4096 May 3 14:46 .. drwxr-xr-x 3 root root 4096 May 3 16:45 backup /sftp/backup: total 12 drwxr-xr-x 3 root root 4096 May 3 16:45 . drwxr-xr-x 3 root root 4096 May 3 16:55 .. drwxr-xr-x 3 backup sftpusers 4096 May 3 16:55 incoming drwxr-xr-x 3 root root 4096 May 3 16:55 home /sftp/backup/incoming: total 12 drwxr-xr-x 3 backup sftpusers 4096 May 3 16:55 . drwxr-xr-x 3 root root 4096 May 3 16:45 .. /sftp/backup/home: total 12 drwxr-xr-x 3 root root 4096 May 3 16:55 . drwxr-xr-x 3 root root 4096 May 3 16:45 .. drwx------ 2 backup sftpusers 4096 May 3 21:06 backup /sftp/backup/home/backup: total 12 drwx------ 3 backup sftpusers 4096 May 3 21:06 . drwxr-xr-x 3 root root 4096 May 3 16:55 ..

注意： /sftp/backup/home/backup是空的，它只是提供一个非chroot /home/backup的路径 – .ssh目录是/home/backup/.ssh 不是 /sftp/backup/home/backup/.ssh

问题已解决。

我已将其更改为：AuthorizedKeysFile /sftp/backup/incoming/.ssh/authorized_keys至：AuthorizedKeysFile /sftp/%u/.ssh/authorized_keys