Proftpd：バーチャルユーザーがsshキーでSFTP経由でアクセスする設定

Question

私は、SFTPで使用するためにproftpdを設定しようとしていますが、仮想ユーザで使用します。唯一のシステムユーザ

いくつかの設定以下の問題に関連して、ここではテストの目的のためにproftpd.conf

AuthUserFile /etc/proftpd/passwd.vhosts 
<IfModule mod_tls.c> 
    TLSEngine on 
    TLSRequired on 
    TLSRSACertificateFile /etc/ftpd-rsa.pem 
    TLSRSACertificateKeyFile /etc/ftpd-rsa-key.pem 
    TLSVerifyClient off 
    TLSCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS 
    TLSOptions NoSessionReuseRequired 
    TLSProtocol TLSv1 TLSv1.1 TLSv1.2 
</IfModule> 
SFTPEngine   on 
SFTPAuthMethods   publickey 
SFTPAuthorizedUserKeys file:/etc/proftpd/sftp.passwd.keys/%u 
SFTPLog     /var/log/proftpd/sftp.log 
TransferLog    /var/log/proftpd/sftp-xferlog 

フルのために働く、私はcastris・システム・ユーザーに関連付けられた仮想ユーザー、castrislegioを、作成しています

castris:PASSWORD_HASH:1004:1004::/home/castris:/usr/libexec/openssh/sftp-server 
castrislegio+castris.com:PASSWORD_HASH2:1004:1004:castris:/home/castris/user2:/bin/ftpsh 
castrislegio@castris.com:PASSWORD_HASH2:1004:1004:castris:/home/castris/user2:/bin/ftpsh 

関連検索

castris:PASSWORD_HASH:1004:1004::/home/castris:/usr/libexec/openssh/sftp-server 
castrislegio+castris.com:PASSWORD_HASH2:1004:1004:castris:/home/castris/user2:/usr/libexec/openssh/sftp-server 
castrislegio@castris.com:PASSWORD_HASH2:1004:1004:castris:/home/castris/user2:/usr/libexec/openssh/sftp-server 

しかし、それは動作しません。私はこの質問について迷ってしまいました

sftp -v -P 24 -i .ssh/id_rsa castrislegio+castris.com@localhost 
OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013 
debug1: Reading configuration data /etc/ssh/ssh_config 
debug1: /etc/ssh/ssh_config line 56: Applying options for * 
debug1: Connecting to localhost [127.0.0.1] port 24. 
debug1: Connection established. 
debug1: permanently_set_uid: 0/0 
debug1: identity file .ssh/id_rsa type 1 
debug1: identity file .ssh/id_rsa-cert type -1 
debug1: Enabling compatibility mode for protocol 2.0 
debug1: Local version string SSH-2.0-OpenSSH_6.6.1 
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1 
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000 
debug1: SSH2_MSG_KEXINIT sent 
debug1: SSH2_MSG_KEXINIT received 
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none 
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none 
debug1: kex: curve25519-sha256@libssh.org need=16 dh_need=16 
debug1: kex: curve25519-sha256@libssh.org need=16 dh_need=16 
debug1: sending SSH2_MSG_KEX_ECDH_INIT 
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY 
debug1: Server host key: ECDSA 75:87:c9:ef:e7:b1:ae:47:17:0b:e6:8c:e4:6c:2b:7d 
debug1: Host '[localhost]:24' is known and matches the ECDSA host key. 
debug1: Found key in /root/.ssh/known_hosts:2 
debug1: ssh_ecdsa_verify: signature correct 
debug1: SSH2_MSG_NEWKEYS sent 
debug1: expecting SSH2_MSG_NEWKEYS 
debug1: SSH2_MSG_NEWKEYS received 
debug1: SSH2_MSG_SERVICE_REQUEST sent 
debug1: SSH2_MSG_SERVICE_ACCEPT received 
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic 
debug1: Next authentication method: gssapi-keyex 
debug1: No valid Key exchange context 
debug1: Next authentication method: gssapi-with-mic 
debug1: Unspecified GSS failure. Minor code may provide more information 
No Kerberos credentials available (default cache: KEYRING:persistent:0) 

debug1: Unspecified GSS failure. Minor code may provide more information 
No Kerberos credentials available (default cache: KEYRING:persistent:0) 

debug1: Next authentication method: publickey 
debug1: Offering RSA public key: .ssh/id_rsa 
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic 
debug1: No more authentication methods to try. 
Permission denied (publickey,gssapi-keyex,gssapi-with-mic). 
Couldn't read packet: Connection reset by peer 

アクセスをしようとすると

67449929 0 drwx------. 2 root proftpd 51 May 23 12:19 sftp.passwd.keys 
... 
67449644 4 -rw-rw----. 1 root proftpd 1024 May 23 14:04 castris 
70159270 4 -rw-rw----. 1 root proftpd 512 May 23 14:03 castrislegio@castris.com 
70153716 4 -rw-rw----. 1 root proftpd 1024 May 23 14:03 castrislegio+castris.com 

は私が入れキー

ssh-keygen -e -f .ssh/id_rsa.pub >> /etc/proftpd/sftp.passwd.keys/castris 

のためにこれを使用しています。何が悪いの？

Answer 1

debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1 

あなたはProftpdに接続しておらず、OpenSSHに接続しています。あなたはProFTPDの設定でPortを指定しない場合は、それはあなたがあなたのsftpコマンドを使用して接続しようとしているではない1（ポート22がデフォルトになります。

をだからあなたはsftpコマンドまたはで別のポートを使用する必要がありますどちらか