查看“SSH/SFTP”的源代码

本页面讲述创建独立SFTP服务的步骤

== 配置文件 ==
=== ssh ===
位于/etc/systemd/system
 [Unit]
 Description=Reverse SSH Tunnel for Reverse Proxy
 After=network.target
 
 [Service]
 ExecStart=/usr/bin/ssh -N -R 8080:localhost:80 user@server
 Restart=always
 User=your-local-username
 
 [Install]
 WantedBy=multi-user.target

=== sftp ===
 [Unit]
 Description=OpenBSD Secure Shell server
 Documentation=man:sshd(8) man:sshd_config(5)
 After=network.target auditd.service
 
 [Service]
 ExecStart=/usr/sbin/sshd -D -f /etc/ssh/sshd_config_sftp
 ExecReload=/bin/kill -HUP $MAINPID
 KillMode=process
 Restart=on-failure
 RestartPreventExitStatus=255
 Type=notify
 
 [Install]
 WantedBy=multi-user.target

=== 一份额外的sshd配置 ===
<syntaxhighlight lang="yaml" line="1">
Compression yes
PasswordAuthentication no
AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 /var/lib/openmediavault/ssh/authorized_keys/%u
PubkeyAuthentication yes
ChrootDirectory /opt/nas/
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no
Port 2222
Match Group sftpusers
    ChrootDirectory /home/%u
    ForceCommand internal-sftp
    AllowTcpForwarding no
    X11Forwarding no
</syntaxhighlight>

==== chroot dir ====
请确保chroot文件夹为 root:root 755
这样可以保证用户只能访问此文件夹之内的文件夹。
==== 绑定挂载 ====
可以写入fstab
 /mnt/disk0/confidental /opt/nas/confidental none bind 0 0

手动挂载
 mount --bind  /mnt/disk0/confidental /opt/nas/confidental