su - root cd /tmp wget http://nchc.dl.sourceforge.net/sourceforge/rssh/rssh-2.3.2.tar.gz tar -zxvf rssh-2.3.2.tar.gz cd rssh-2.3.2 ./configure make make install
rssh -v
[root@vm-server rssh-2.3.2]# rssh -v rssh 2.3.2 Copyright 2002-5 Derek D. Martin <rssh-discuss at lists dot sourceforge dot net> rssh config file = /usr/local/etc/rssh.conf chroot helper path = /usr/local/libexec/rssh_chroot_helper scp binary path = /usr/bin/scp sftp server binary = /usr/libexec/openssh/sftp-server cvs binary path = /usr/bin/cvs rdist binary path = /usr/bin/rdist rsync binary path = /usr/bin/rsync
: allowscp allowsftp #allowcvs #allowrdist #allowrsync :
相關檔案如下:
mkdir -p /usr/chroot/usr/bin cp -p /usr/bin/scp /usr/chroot/usr/bin/ mkdir -p /usr/chroot/usr/libexec/openssh cp -p /usr/libexec/openssh/sftp-server /usr/chroot/usr/libexec/openssh/ mkdir -p /usr/chroot/usr/local/libexec cp -p /usr/local/libexec/rssh_chroot_helper /usr/chroot/usr/local/libexec/rssh_chroot_helper ldd `which scp` 看到一堆相關的 lib 必須複製進去 /usr/chroot 內 mkdir -p /usr/chroot/lib cp -p /lib/ld-linux.so.2 /usr/chroot/lib/ cp -p /lib/libresolv.so.2 /usr/chroot/lib/ cp -p /lib/libcrypto.so.6 /usr/chroot/lib/ cp -p /lib/libutil.so.1 /usr/chroot/lib/ cp -p /lib/libnsl.so.1 /usr/chroot/lib/ cp -p /lib/libcrypt.so.1 /usr/chroot/lib/ cp -p /lib/libcom_err.so.2 /usr/chroot/lib/ cp -p /lib/libdl.so.2 /usr/chroot/lib/ cp -p /lib/libc.so.6 /usr/chroot/lib/ cp -p /lib/libkeyutils.so.1 /usr/chroot/lib/ cp -p /lib/libpthread.so.0 /usr/chroot/lib/ cp -p /lib/libselinux.so.1 /usr/chroot/lib/ cp -p /lib/libsepol.so.1 /usr/chroot/lib/ mkdir -p /usr/chroot/usr/lib cp -p /usr/lib/libz.so.1 /usr/chroot/usr/lib/ cp -p /usr/lib/libgssapi_krb5.so.2 /usr/chroot/usr/lib/ cp -p /usr/lib/libkrb5.so.3 /usr/chroot/usr/lib/ cp -p /usr/lib/libk5crypto.so.3 /usr/chroot/usr/lib/ cp -p /usr/lib/libnss3.so /usr/chroot/usr/lib/ cp -p /usr/lib/libkrb5support.so.0 /usr/chroot/usr/lib/ cp -p /usr/lib/libplc4.so /usr/chroot/usr/lib/ cp -p /usr/lib/libplds4.so /usr/chroot/usr/lib/ cp -p /usr/lib/libnspr4.so /usr/chroot/usr/lib/ mkdir -p /usr/chroot/etc/ cp -p /etc/passwd /usr/chroot/etc/ cp -a /etc/ld.so* /usr/chroot/etc/ mkdir -p /usr/chroot/dev/ service syslog stop /sbin/syslogd -a /usr/chroot/dev/log service syslog start mkdir -p /usr/chroot/home/
: chrootpath = /usr/chroot :
useradd scusftp -d /usr/chroot/home/scusftp -s /usr/local/bin/rssh passwd scusftp <- 設定密碼
: scusftp:x:510:510::/home/scusftp:/usr/local/bin/rssh
This account is restricted by rssh. Allowed commands: scp sftp If you believe this is in error, please contact your system administrator.