Hello,
je cherche à rendre dispo un répertoire via sftp pour pouvoir y faire des backup dessus. Ca se trouve sur un serveur dédié qui est distant et les backups viennent d'un autre serveur distant. Les backups passent par ssh.
Par sécurité pour limité les acces au systéme je passe par mysecureshell qui me permet de gérer des ACL assé simplement. Je me sers déja de cet outils pour un partage via sftp qui ne doit pas bouger (chemin).
dans mon /etc/ssh/sftp_config j'ai ça:
## MySecureShell Configuration File ##
# To get more informations on all possible options, please look at the doc:
# http://mysecureshell.readthedocs.org
#Default rules for everybody
<Default>
GlobalDownload 5000k #total speed download for all clients
# o -> bytes k -> kilo bytes m -> mega bytes
GlobalUpload 0 #total speed download for all clients (0 for unlimited)
Download 5000k #limit speed download for each connection
Upload 0 #unlimit speed upload for each connection
StayAtHome true #limit client to his home
VirtualChroot true #fake a chroot to the home account
LimitConnection 5 #max connection for the server sftp
LimitConnectionByUser 2 #max connection for the account
LimitConnectionByIP 2 #max connection by ip for the account
#Home /home/$USER #overrite home of the user but if you want you can use
Home /home/toto/sftp/bactma # environment variable (ie: Home /home/$USER)
IdleTimeOut 5m #(in second) deconnect client is idle too long time
ResolveIP true #resolve ip to dns
# Shell /bin/MySecureShell
# IgnoreHidden true #treat all hidden files as if they don't exist
# DirFakeUser true #Hide real file/directory owner (just change displayed permissions)
# DirFakeGroup true #Hide real file/directory group (just change displayed permissions)
# DirFakeMode 0400 #Hide real file/directory rights (just change displayed permissions)
#Add execution right for directory if read right is set
HideNoAccess true #Hide file/directory which user has no access
# MaxOpenFilesForUser 20 #limit user to open x files on same time
# MaxWriteFilesForUser 10 #limit user to x upload on same time
# MaxReadFilesForUser 10 #limit user to x download on same time
# DefaultRights 0775 0775 #Set default rights for new file and new directory
MinimumRights 0664 0664 #Set minimum rights for files and dirs
ShowLinksAsLinks false #show links as their destinations
# ConnectionMaxLife 1d #limits connection lifetime to 1 day
# Charset "ISO-8859-15" #set charset of computer
</Default>
#Rules only for group ftp
<Group sftp>
# Download 0 k/s
LogFile /var/log/sftp-server_ftp.log #Change logfile
# ExpireDate "2007-02-28 18:31:01"
</Group>
<User toto>
Home /home/toto/sftp/bactma/
Download 0
Upload 0
LogFile /var/log/sftp/toto.log
#Charset "iso-8859-1"
IdleTimeOut 50m
DisableMakeDir true
DisableOverwrite true
DisableRemoveDir true
DisableRemoveFile true
DisableRename true
DisableSetAttribute true
DisableSymLink true
DisableWriteFile true
DefaultRights 0664 0664
MinimumRights 0660 0660 #Set minimum rights for files and dirs
</User>
Il me faudrai mettre dans default:
et créer un nouveau user:
<User debian_facile>
Home /home/toto/debian_facile
Download 0
Upload 0
LogFile /var/log/sftp/debian_facile.log
#Charset "iso-8859-1"
IdleTimeOut 50m
DisableMakeDir true
DisableOverwrite true
DisableRemoveDir true
DisableRemoveFile true
DisableRename true
DisableSetAttribute true
DisableSymLink true
DisableWriteFile true
DefaultRights 0664 0664
MinimumRights 0660 0660 #Set minimum rights for files and dirs
</User>
J'espére que le changement du chemin dans default ne va pas me mettre en vrac le user toto existant... je ne suis pas trop sur de mon coup là...
La doc est ici;
http://mysecureshell.readthedocs.io/en/ … ailed.html
Merci pour vos lumières!
Dernière modification par cemoi (03-10-2017 14:22:43)
Linux debDesk Linux 4.19.0-9-amd64