SSHとSFTPに詳しい方がいらっしゃいましたら教えていただけると助かります。
コンフィグファイル全体でパスワード認証を無効にしているのにも関わらず、
c-userでSFTPではパスワード認証をパスしてログインできてしまいます。
SFTPのパスワード認証を無効にしたいのですがどのようにすればよいのかご助力をお願いしたいです。
コンフィグファイルの関係のありそうなところのみ抜粋してみます。
SSHからのログイン認証だと問題なく設定が反映されており、
公開鍵認証でしかログインできないことを確認しています。
#RSAAuthentication yes PubkeyAuthentication yes # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 # but this is overridden so installations will only check .ssh/authorized_keys AuthorizedKeysFile .ssh/authorized_keys # To disable tunneled clear text passwords, change to no here! PasswordAuthentication no PermitEmptyPasswords no # Accept locale-related environment variables AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE AcceptEnv XMODIFIERS # override default of no subsystems Subsystem sftp /usr/libexec/openssh/sftp-server Protocol 2 PermitRootLogin no AllowUsers a-user b-user c-user Match User a-user ChrootDirectory /var/www/public_html PasswordAuthentication no ForceCommand internal-sftp Match User b-user ChrootDirectory /var/www/stage_html PasswordAuthentication no ForceCommand internal-sftp Match User c-user PasswordAuthentication no AuthorizedKeysFile .ssh/authorized_keys
この設定で、いずれのユーザは公開鍵認証でパスしてログインできます。
a-user、b-userはSFTP専用のユーザです。
c-userのみSSHでもSFTPでも公開鍵認証でログインできるようにしたいです。
ただし、パスワード認証は無効にしたいです。
以上、よろしくお願いいたします。
デバッグログの追加
皆さん、お忙しいところありがとうございます。
以下、ログを追記します。
sftp -v c-user@hostname
OpenSSH_for_Windows_7.6p1, LibreSSL 2.6.4 debug1: Connecting to 192.168.100.128 [192.168.100.128] port 22. debug1: Connection established. debug1: identity file C:\Users\TestTaro/.ssh/id_rsa type 0 debug1: key_load_public: No such file or directory debug1: identity file C:\Users\TestTaro/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file C:\Users\TestTaro/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file C:\Users\TestTaro/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file C:\Users\TestTaro/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file C:\Users\TestTaro/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file C:\Users\TestTaro/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file C:\Users\TestTaro/.ssh/id_ed25519-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_for_Windows_7.6 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4 debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000 debug1: Authenticating to 192.168.100.128:22 as 'c-user' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: rsa-sha2-512 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ssh-rsa SHA256:OoA7eSVUMLPCOHyRqEdghTPwIMY4ALeBkss3UL46yeH debug1: Host '[192.168.100.128]:22' is known and matches the RSA host key. debug1: Found key in C:\Users\TestTaro/.ssh/known_hosts:6 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: rekey after 134217728 blocks debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512> debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Next authentication method: publickey debug1: Offering public key: RSA SHA256:EWO02bWTW3fDAwCyHYdcsWtYKsXtlOLVT6wISNM57tl C:\Users\TestTaro/.ssh/id_rsa debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Trying private key: C:\Users\TestTaro/.ssh/id_dsa debug1: Trying private key: C:\Users\TestTaro/.ssh/id_ecdsa debug1: Trying private key: C:\Users\TestTaro/.ssh/id_ed25519 debug1: Next authentication method: keyboard-interactive debug1: read_passphrase: can't open /dev/tty: No such file or directory Password: debug1: Authentication succeeded (keyboard-interactive). Authenticated to 192.168.100.128 ([192.168.100.128]:22). debug1: channel 0: new [client-session] debug1: Requesting no-more-sessions@openssh.com debug1: Entering interactive session. debug1: pledge: network debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0 debug1: Sending subsystem: sftp Connected to c-user@192.168.100.128.
回答1件
あなたの回答
tips
プレビュー