Linux and cloud Computing--Phase II: SSH server erection (bottom) OpenSSH advanced

Linux and Cloud computing--the second phase of Linux Server Setup Chapter III: SSH server erection (bottom) OpenSSH advanced

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M01/84/7E/wKioL1eR7ZHCKzJZAAddXjRcms0785.jpg-wh_500x0-wm_3 -wmp_4-s_1068003250.jpg "title=" 884345685159655994.jpg "alt=" Wkiol1er7zhckzjzaaddxjrcms0785.jpg-wh_50 "/>

5.sftp+chroot

Configuration SFTP only + Chroot.

Give Some users limit them Allow only SFTP Access a specific directory .

[1] For example , set Home/home as the chroot directory .

# to be SFTP Create a group

[Email protected] ~]# Groupadd sftp_users

# Limit only users "user" can be make with SFTP

[email protected] ~]# usermod-g sftp_users User  

[email protected] ~]# VI m /etc/ssh/sshd_config

# line 147: will be the line comments out and Add a row , note Case Sensitive

#Subsystem Sftp/usr/libexec/openssh/sftp-server

Subsystem sftp internal-sftp

# in the file Add the following to the end, and note the case-sensitive

Match Group Sftp_users

Allowtcpforwarding No

Chrootdirectory/home

Forcecommand internal-sftp

[Email protected] ~]# systemctl restart sshd

[2] Try to access with a user and make sure the settings.

[[email protected] ~]$ ssh [email protected]

Ssh:connect to host 192.168.96.128 Port 22:connection refused

User User only allowed with SFTP Login Access, so SSH access the connection was rejected.

[Email protected] ~]$ sftp [email protected]

Connected to 192.168.96.128.

Sftp>

Sftp> ls-l

DRWX------2 8 02:55 Jeffrey

DRWX------3 1001 1001 122 Jul 8 06:25 User

sftp> pwd

Remote working directory:/

Sftp> exit

6.SSH Port Forwarding

can be through SSH Port forwarding forwards data from one port to another port.

For example , we can send it to a local 8081 Ports the data is forwarded to VNC's the Port . This example can describe All Port-forwarding cases

[1] Configure a httpd Web service and the service can be used normally.

[Email protected] ~]# yum-y install httpd

[Email protected] ~]# systemctl start httpd

[Email protected] ~]# Systemctl enable httpd

[Email protected] ~]# firewall-cmd--permanent--add-service=http

[Email protected] ~]# Firewall-cmd–reload

[Email protected] ~]# echo "web" >>/var/www/html/index.html

# in the locally configured port forwarding 8081 to of local 80 Ports

[Email protected] ~]$ ssh-l 0.0.0.0:8081:localhost:80 [email protected]

The authenticity of host ' localhost ' (:: 1) ' can ' t be established.

ECDSA key fingerprint is 26:a3:c4:bc:cb:36:c5:20:1d:9c:ad:eb:b2:11:bb:36.

Is you sure want to continue connecting (yes/no)? Yes

warning:permanently added ' localhost ' (ECDSA) to the list of known hosts.

[email protected] ' s password:

Last Login:fri Jul 8 17:29:10 by 192.168.96.150 # The password of the working user (it means the login to local to local)

Last Login:thu Jul 10 01:35:15 2014

# Confirm

[Email protected] ~]$ elinks http://192.168.96.128:8081

can see content

[[Email protected] ~]$ exit

[Email protected] ~]$ ELinks http://192.168.96.128:8081

can not see content.

detailed video Lesson please poke-→ http://edu.51cto.com/course/course_id-6574.html

This article is from the "11830455" blog, please be sure to keep this source http://11840455.blog.51cto.com/11830455/1828888

Linux and cloud Computing--Phase II: SSH server erection (bottom) OpenSSH advanced