< SSH
Brucekomike(讨论 | 贡献) (创建页面,内容为“本页面讲述创建独立SFTP服务的步骤 == 配置文件 == 位于/etc/systemd/system [Unit] Description=Reverse SSH Tunnel for Reverse Proxy After=network.target [Service] ExecStart=/usr/bin/ssh -N -R 8080:localhost:80 user@server Restart=always User=your-local-username [Install] WantedBy=multi-user.target”) |
Brucekomike(讨论 | 贡献) 无编辑摘要 |
||
| 第2行: | 第2行: | ||
== 配置文件 == | == 配置文件 == | ||
=== ssh === | |||
位于/etc/systemd/system | 位于/etc/systemd/system | ||
[Unit] | [Unit] | ||
| 第14行: | 第15行: | ||
[Install] | [Install] | ||
WantedBy=multi-user.target | WantedBy=multi-user.target | ||
=== sftp === | |||
[Unit] | |||
Description=OpenBSD Secure Shell server | |||
Documentation=man:sshd(8) man:sshd_config(5) | |||
After=network.target auditd.service | |||
[Service] | |||
ExecStart=/usr/sbin/sshd -D -f /etc/ssh/sshd_config_sftp | |||
ExecReload=/bin/kill -HUP $MAINPID | |||
KillMode=process | |||
Restart=on-failure | |||
RestartPreventExitStatus=255 | |||
Type=notify | |||
[Install] | |||
WantedBy=multi-user.target | |||
=== 一份额外的sshd配置 === | |||
<syntaxhighlight lang="yaml" line="1"> | |||
Compression yes | |||
PasswordAuthentication no | |||
AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 /var/lib/openmediavault/ssh/authorized_keys/%u | |||
PubkeyAuthentication yes | |||
ChrootDirectory /opt/nas/ | |||
ForceCommand internal-sftp | |||
AllowTcpForwarding no | |||
X11Forwarding no | |||
Port 2222 | |||
</syntaxhighlight> | |||
==== 绑定挂载 ==== | |||
可以写入fstab | |||
/mnt/disk0/confidental /opt/nas/confidental none bind 0 0 | |||
手动挂载 | |||
mount --bind /mnt/disk0/confidental /opt/nas/confidental | |||
2024年7月8日 (一) 03:24的版本
本页面讲述创建独立SFTP服务的步骤
配置文件
ssh
位于/etc/systemd/system
[Unit] Description=Reverse SSH Tunnel for Reverse Proxy After=network.target [Service] ExecStart=/usr/bin/ssh -N -R 8080:localhost:80 user@server Restart=always User=your-local-username [Install] WantedBy=multi-user.target
sftp
[Unit] Description=OpenBSD Secure Shell server Documentation=man:sshd(8) man:sshd_config(5) After=network.target auditd.service [Service] ExecStart=/usr/sbin/sshd -D -f /etc/ssh/sshd_config_sftp ExecReload=/bin/kill -HUP $MAINPID KillMode=process Restart=on-failure RestartPreventExitStatus=255 Type=notify [Install] WantedBy=multi-user.target
一份额外的sshd配置
Compression yes
PasswordAuthentication no
AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 /var/lib/openmediavault/ssh/authorized_keys/%u
PubkeyAuthentication yes
ChrootDirectory /opt/nas/
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no
Port 2222
绑定挂载
可以写入fstab
/mnt/disk0/confidental /opt/nas/confidental none bind 0 0
手动挂载
mount --bind /mnt/disk0/confidental /opt/nas/confidental