Proftpd：虚拟用户使用ssh密钥配置通过SFTP访问

我试图将proftpd配置为与SFTP一起使用，并与虚拟用户一起使用，但在尝试了几种方法之后，它对虚拟用户不起作用。仅适用于系统用户

一些配置与下面的问题有关，这里是完整的

也尝试

castris:PASSWORD_HASH:1004:1004::/home/castris:/usr/libexec/openssh/sftp-server
castrislegio+castris.com:PASSWORD_HASH2:1004:1004:castris:/home/castris/user2:/usr/libexec/openssh/sftp-server
castrislegio@castris.com:PASSWORD_HASH2:1004:1004:castris:/home/castris/user2:/usr/libexec/openssh/sftp-server

但它不起作用

 67449929  0 drwx------.   2 root proftpd    51 May 23 12:19 sftp.passwd.keys
 ...
 67449644 4 -rw-rw----. 1 root proftpd 1024 May 23 14:04 castris
 70159270 4 -rw-rw----. 1 root proftpd  512 May 23 14:03 castrislegio@castris.com
 70153716 4 -rw-rw----. 1 root proftpd 1024 May 23 14:03 castrislegio+castris.com

我用这个放钥匙

ssh-keygen -e -f .ssh/id_rsa.pub >> /etc/proftpd/sftp.passwd.keys/castris

当我尝试访问时

sftp -v -P 24 -i .ssh/id_rsa castrislegio+castris.com@localhost
OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Connecting to localhost [127.0.0.1] port 24.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file .ssh/id_rsa type 1
debug1: identity file .ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: kex: curve25519-sha256@libssh.org need=16 dh_need=16
debug1: kex: curve25519-sha256@libssh.org need=16 dh_need=16
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 75:87:c9:ef:e7:b1:ae:47:17:0b:e6:8c:e4:6c:2b:7d
debug1: Host '[localhost]:24' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:2
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:0)

debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:0)

debug1: Next authentication method: publickey
debug1: Offering RSA public key: .ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
Couldn't read packet: Connection reset by peer

我不知道这个问题。怎么了

debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1

您没有连接到Proftpd，而是连接到OpenSSH。如果在Proftpd配置中未指定

端口

，它将默认为端口22（不是您试图使用

sftp

命令连接的端口）

---

因此，您需要在

sftp

命令或配置中使用不同的端口。

我为SSH和sftp使用相同的端口。24这根本不可能为OpenSSH和ProFTPd使用相同的端口。只有一个端口可以在该端口上工作。将其中一个端口移到另一个端口上。好的..在我的ProFTPd.conf

端口24

上，在我的SSH conf上

端口24

重新启动两个服务，两个服务启动。如果尝试与普通用户连接，我可以连接sftp和端口24是，但您连接的是OpenSSH提供的sftp服务器，而不是ProFTPd提供的服务器。

sftp -v -P 24 -i .ssh/id_rsa castrislegio+castris.com@localhost
OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Connecting to localhost [127.0.0.1] port 24.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file .ssh/id_rsa type 1
debug1: identity file .ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: kex: curve25519-sha256@libssh.org need=16 dh_need=16
debug1: kex: curve25519-sha256@libssh.org need=16 dh_need=16
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 75:87:c9:ef:e7:b1:ae:47:17:0b:e6:8c:e4:6c:2b:7d
debug1: Host '[localhost]:24' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:2
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:0)

debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:0)

debug1: Next authentication method: publickey
debug1: Offering RSA public key: .ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
Couldn't read packet: Connection reset by peer

debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1