我在手册页中找到了这一点sftp:
-R 请求数
指定一次可以有多少个请求未完成。增加此值可能会略微提高文件传输速度,但会增加内存使用量。默认值为 64 个未完成请求。
什么是未完成的请求?这个参数到底有什么用?
并且我可以成功登录 sftp,但登录后,默认文件夹是“/”,并且无法在“/”下创建文件夹。我想要的是当用户登录 sftp 时,默认文件夹是用户主目录,例如“/home/sftp_user”,并且可以在“/home/sftp_user”下创建文件夹
/etc/ssh/sshd_config 如下:
Subsystem sftp internal-sftp
Match group sftp
ChrootDirectory /home
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
/home目录下的访问权限如下:
drwxr-xr-x 4 root root 4096 Nov 19 17:59 .
drwxr-xr-x 20 root root 4096 Oct 30 2023 ..
drwxr-x--- 35 abc abc 4096 Nov 20 18:28 abc
drwxrwxrwx 8 sftp_user sftp 4096 Nov 20 18:32 sftp_user
如果我将 ChrootDirectory /home 更改为 %h,那么当登录 sftp [email protected]
它返回“client_loop: send disconnect: Broken pipe”。我在 google 上搜索,发现 ChrootDirectory 必须由 root 拥有,并且其他人无法写入,但如果其他人无法写入,那么我如何在 ChrootDirectory 下创建目录?
在教程https://www.cybrosys.com/blog/how-to-setup-sftp-server-on-ubuntu-20-04中,
子系统是Subsystem sftp /usr/lib/openssh/sftp-server
但我看过很多其他教程,子系统是
Subsystem sftp internal-sftp
我应该用什么?
当我像这样输入 sftp 时,它通常会提示我输入密码,因为用户名位于命令中,但对于这台机器,它会再次要求输入用户名。
sftp [email protected]
Username:
再次输入用户名和密码后,就可以正常登录了。什么会导致这种情况发生?
Verbose:(X.X.X.X) is the same IP throughout the log
OpenSSH_8.0p1, OpenSSL 1.1.1k FIPS 25 Mar 2021
debug1: Reading configuration data /root/.ssh/config
debug1: /root/.ssh/config line 1: Applying options for x.x.x.x
debug3: kex names ok: [diffie-hellman-group-exchange-sha1]
debug1: /root/.ssh/config line 3: Applying options for x.x.x.x
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 52: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug2: checking match for 'final all' host x.x.x.x originally x.x.x.x
debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 3: not matched 'final'
debug2: match not found
debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 (parse only)
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1-]
debug3: kex names ok: [curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1]
debug1: configuration requests final Match pass
debug2: resolve_canonicalize: hostname x.x.x.x is address
debug1: re-parsing configuration
debug1: Reading configuration data /root/.ssh/config
debug1: /root/.ssh/config line 1: Applying options for x.x.x.x
debug3: kex names ok: [diffie-hellman-group-exchange-sha1]
debug1: /root/.ssh/config line 3: Applying options for x.x.x.x
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 52: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug2: checking match for 'final all' host x.x.x.x originally x.x.x.x
debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 3: matched 'final'
debug2: match found
debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1-]
debug3: kex names ok: [curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1]
debug2: ssh_connect_direct
debug1: Connecting to x.x.x.x [x.x.x.x] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type 0
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.0
debug1: Remote protocol version 2.0, remote software version Priority
debug1: no match: Priority
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to x.x.x.x:22 as 'Username'
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,ext-info-c
debug2: host key algorithms: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss
debug2: ciphers ctos: [email protected],[email protected],aes256-ctr,aes256-cbc,[email protected],aes128-ctr,aes128-cbc
debug2: ciphers stoc: [email protected],[email protected],aes256-ctr,aes256-cbc,[email protected],aes128-ctr,aes128-cbc
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha1,[email protected],hmac-sha2-512
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha1,[email protected],hmac-sha2-512
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256
debug2: host key algorithms: ssh-dss
debug2: ciphers ctos: 3des-cbc,blowfish-cbc,twofish256-cbc,twofish192-cbc,twofish128-cbc,aes256-cbc,aes192-cbc,aes128-cbc,serpent256-cbc,serpent192-cbc,serpent128-cbc,arcfour,idea-cbc,cast128-cbc,none,des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,3des-ctr,blowfish-ctr,twofish128-ctr,twofish192-ctr,twofish256-ctr,serpent128-ctr,serpent192-ctr,serpent256-ctr,idea-ctr,cast128-ctr,arcfour128,arcfour256,aes128-gcm,aes256-gcm,[email protected],[email protected],chacha20-poly1305,[email protected]
debug2: ciphers stoc: 3des-cbc,blowfish-cbc,twofish256-cbc,twofish192-cbc,twofish128-cbc,aes256-cbc,aes192-cbc,aes128-cbc,serpent256-cbc,serpent192-cbc,serpent128-cbc,arcfour,idea-cbc,cast128-cbc,none,des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,3des-ctr,blowfish-ctr,twofish128-ctr,twofish192-ctr,twofish256-ctr,serpent128-ctr,serpent192-ctr,serpent256-ctr,idea-ctr,cast128-ctr,arcfour128,arcfour256,aes128-gcm,aes256-gcm,[email protected],[email protected],chacha20-poly1305,[email protected]
debug2: MACs ctos: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,none,hmac-ripemd160,hmac-ripemd,[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,aes128-gcm,aes256-gcm,[email protected]
debug2: MACs stoc: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,none,hmac-ripemd160,hmac-ripemd,[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,aes128-gcm,aes256-gcm,[email protected]
debug2: compression ctos: none,zlib,[email protected]
debug2: compression stoc: none,zlib,[email protected]
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: ssh-dss
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: diffie-hellman-group-exchange-sha256 need=32 dh_need=32
debug1: kex: diffie-hellman-group-exchange-sha256 need=32 dh_need=32
debug3: send packet: type 34
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<8192<8192) sent
debug3: receive packet: type 31
debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
debug2: bits set: 4118/8192
debug3: send packet: type 32
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug3: receive packet: type 33
debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: ssh-dss SHA256:0A1Ar92Ajwji6j1W3xY3NM4NNrurkbyIUTa8vrj+WLk
debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
debug3: record_hostkey: found key type DSA in file /root/.ssh/known_hosts:13
debug3: load_hostkeys: loaded 1 keys from x.x.x.x
debug1: Host 'x.x.x.x' is known and matches the DSA host key.
debug1: Found key in /root/.ssh/known_hosts:13
debug2: bits set: 4069/8192
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: /root/.ssh/id_rsa RSA SHA256:o+fnPf1DCYESqkGs+QyEVHvrojcf4wE/o9lmXEHQdCY
debug1: Will attempt key: /root/.ssh/id_dsa
debug1: Will attempt key: /root/.ssh/id_ecdsa
debug1: Will attempt key: /root/.ssh/id_ed25519
debug1: Will attempt key: /root/.ssh/id_xmss
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: password,publickey,keyboard-interactive,hostbased
debug3: start over, passed a different list password,publickey,keyboard-interactive,hostbased
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /root/.ssh/id_rsa RSA SHA256:o+fnPf1DCYESqkGs+QyEVHvrojcf4wE/o9lmXEHQdCY
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: password,publickey,keyboard-interactive
debug3: start over, passed a different list password,publickey,keyboard-interactive
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /root/.ssh/id_ecdsa
debug3: no such identity: /root/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /root/.ssh/id_ed25519
debug3: no such identity: /root/.ssh/id_ed25519: No such file or directory
debug1: Trying private key: /root/.ssh/id_xmss
debug3: no such identity: /root/.ssh/id_xmss: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug3: send packet: type 50
debug2: we sent a keyboard-interactive packet, wait for reply
debug3: receive packet: type 60
debug2: input_userauth_info_req
Please enter your username and password
debug2: input_userauth_info_req: num_prompts 2
我在 RHEL 8 服务器上设置了 chrooted SFTP 目录,该服务器上还运行了几个网站。今天早上我尝试 ssh 时,服务器说它只接受 SFTP 连接。幸运的是,它是一个虚拟机,所以我可以直接连接到控制台。
这是我sshd_config在周五添加的内容:
ForceCommand internal-sftp
Match Group sftpusers
ChrootDirectory /sftp/%u
注释掉该ForceCommand行可以让我通过 ssh 重新进入。将 SFTP 用户限制到目录而不将整个服务器变成 SFTP 服务器的正确指令是什么?
我有一个第 3 方 SFTP 服务器,我想在其上检查一些文件时间戳。
但是,如果我使用ls -lvs. ,我确实会为同一个文件得到不同的结果ls -lh:
sftp> ls -l
[...]
-rwxrwxrwx 1 0 0 1963 Nov 15 08:49 foo.txt
[...]
sftp> ls -lh
[...]
-rwxrwxrwx 0 0 0 1.9K Nov 15 07:49 foo.txt
[...]
sftp> ls -l foo.txt
-rwxrwxrwx 0 0 0 1963 Nov 15 07:49 foo.txt
sftp> ls -lh foo.txt
-rwxrwxrwx 0 0 0 1.9K Nov 15 07:49 foo.txt
如您所见,时间戳 inls -l是08:49而其他命令具有07:49. 服务器在德国,目前比 UTC 晚 1 小时,所以我的猜测是07:49UTC 而08:49柏林时间。
但是,我的机器是 UTC:
$ cat /etc/timezone
Etc/UTC
我的理解是,根据 SFTP 标准,所有时间戳都应该是 UTC。但是我不确定这种理解是否正确(鉴于标准有很多不同的版本)。我也不知道该sftp工具是否以某种方式对时间戳进行了后处理(man sftp根本没有提到时区或时间戳)。
造成这种差异的原因可能是什么?
我正在尝试连接到(publickey,password)启用双重身份验证的服务器。我正在使用sshpass提供密码来自动化脚本,但是当我有带有 SFTP 的批处理文件时,连接失败而没有批处理文件连接成功
export SSHPASS=helloworld (sshpass -e sftp -b batfile.txt -o 'PasswordAuthentication=yes' \ -o 'PreferredAuthentications=publickey,password' -o 'StrictHostKeyChecking=no' user@hostname)
错误:
Permission denied (password). Couldn't read packet: Connection reset by peer
连接成功,没有批处理文件
(sshpass -e sftp -o 'PasswordAuthentication=yes' \ -o 'PreferredAuthentications=publickey,password' -o 'StrictHostKeyChecking=no' user@hostname)
我试过在批处理文件中提供密码,但没有运气。
是否有可能我正在努力实现sshpass,batchfile如果是这样,有人可以帮助我吗
批处理文件:
echo "Hey, I'm from Inside"
!echo "Hey, I'm from Outside"
当我运行时pcmanfm 'sftp://user@machine',它给了我一个“不支持的操作”错误。我想我只是缺少一些用于将 sftp 连接安装到文件系统中的软件,但我不知道它是什么。简单地运行sftp user@machine按预期工作,但我希望能够从 pcmanfm 查看文件系统,就像使用 KDE 的 dolphin 一样。
我相当肯定这是可能的,因为当我在寻找这个问题的答案时,我发现有人问这个问题,但是我没有找到任何实际解决这个问题的方法。知道如何解决吗?
我正在尝试解决为什么我无法从 Unix 机器连接到远程 SFTP。远程主机有我的公钥,我的防火墙配置为允许与主机的出站连接。
我检查了主机是否已启动,使用nmap -Pn -p 22 $HOST并得到以下结果:
Host is up.
rDNS record for $HOST
PORT STATE SERVICE
22/tcp filtered ssh
我试图通过命令行连接到它,每次连接超时。我可以看到出站连接正在通过,但没有响应。
以下是我尝试通过命令行连接的方式:
timeout 30 ssh -i ~/.ssh/my_private_key user@$HOST
我也尝试将私钥复制/粘贴到纯文本文件并使用它:
timeout 30 ssh -i ~/.ssh/my_private_key.txt user@$HOST
$ ssh -vvv -i ~/.ssh/my_private_key user@$HOST
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug2: resolving "$HOST" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to $HOST [$HOST] port 22.
debug1: connect to address $HOST port 22: Connection timed out
ssh: connect to host $HOST port 22: Connection timed out
在指责主机做错之前,我还应该做些什么来解决我的连接问题?
我有这个
sftp -q my_host:my_dir 1>/dev/null 2>&1 <<EOF
some_command
some_command
some_command
some_command
put foo bar
some_command
exit
EOF
这抑制了:
- 横幅和 motd 由于
-q - 由于信息和错误
1>/dev/null 2>&1(例如无法删除文件、目录存在)
但它也抑制了put的进度表。
我可以显示进度,但不能显示信息和错误吗?