Configuring the SFTP environment in Linux

Do operations of friends, should often encounter such problems, research and development needs a new Web project, need to upload files to the server, and just upload the project, the solution side there are two, SFTP and FTP, today, how to use SFTP to let system users upload project permissions, and implement chroot and cannot log on to the system using SSH:

SFTP refers to the SSH File Transfer Protocol (SSH files Transfer protocol) or the Secure File Transfer Protocol (secure Files Transfer protocol), which provides file access, file transfer, and file management functions for trusted data streams. When we configure the chroot environment for SFTP, only licensed users can access and be restricted to their home directories, in other words: Licensed users will be in a cage environment where they cannot even switch their directories.

My environment:

[Email protected] ~]# Cat/etc/issuecentos release 6.6 (Final) Kernel \ r on an \m[[email protected] ~]# Rpm-qa | grep openssh-serveropenssh-server-5.3p1-104.el6.i686

1. Add an SFTP user group

[Email protected] ~]# Groupadd sftpusers

2. Create a user assigned to an SFTP user

[Email protected] ~]# useradd-g sftpusers User01

3. Modify the user home directory and specify that the shell cannot be logged in

[Email protected] ~]# mkdir/sftp/[[email protected] ~]# usermod-s/sbin/nologin-d/sftp/user01-m User01

4. Create a password for the user (note that the password is not shown in the text)

[Email protected] ~]# passwd user01 changing password for user User01. New Password:bad Password:it is too Simplistic/systematicbad password:is too simpleretype new Password:passwd:all aut Hentication Tokens updated successfully. [Email protected] ~]#

5. Modify the SSH configuration file

[[EMAIL PROTECTED] ~]# LL /ETC/SSH/SSHD_CONFIG -RW-------.  1 root root  3879 oct 15  2014 /etc/ssh/sshd_config[[email protected] ~]# vim  /etc/ssh/sshd_config# line 132#Subsystem      sftp     /usr/libexec/openssh/sftp-server     #注释Subsystem         sftp    internal-sftp        # Modify to Internal-sftp# add this lines at the end of filematch group  sftpusers         #指定一下参数仅适用的用户组sftpusers      X11forwarding no    allowtcpforwarding no    chrootdirectory  %h        #设置chroot将用户锁在家目录,%h= home directory                     forcecommand internal-sftp     #该参数强制执行内部sftp

6. Restart the SSH service

[Email protected] ~]#/etc/init.d/sshd restart stopping sshd: [OK]startin G sshd: [OK]

7. Set User home directory permissions

[Email protected] ~]# chmod 0755/sftp/user01/#注意权限不能大于0755 [[email protected] ~]# chown root/sftp/user01/[email Protected] ~]# chgrp-r sftpusers/sftp/user01/

8. If you want to upload ... (Bug I have no solution to the good way)

#因为用户家目录属主是root, and permissions up to 0755, so can't write, my solution is to set up a # folder in the home directory, as an upload directory, and the owner of the User01 can be. [Email protected] ~]# mkdir/sftp/user01/upload[[email protected] ~]# chown user01:sftpusers/sftp/user01/upload/

9.linux Login Test

[[email protected] ~]# su - user01 this account is currently  not available.     #su  -  switchover failed [[Email protected] ~]# cat  /etc/passwd | tail -1user01:x:500:500::/sftp/user01:/sbin/nologin[[email protected]  ~]# ssh [email protected]The authenticity of host  ' localhost  (: : 1) '  can ' t be established. Rsa key fingerprint is f3:fc:31:dc:7d:16:d5:ad:8c:bc:eb:69:8f:b2:0b:c9. are you sure you want to continue connecting  (yes/no)?  yesWarning : permanently added  ' localhost '   (RSA)  to the list of known  Hosts. [email protected] ' s password: this service allows sftp connections  only.     #ssh登录也失败, SSH is set successfully connection to localhost closed.

10.SFTP Login Test (i windows7 here with Xshell, the tool is similar)

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6F/78/wKiom1WdK1eAsUt4AAGnZQ2cAnk259.jpg "title=" 1.jpg " alt= "Wkiom1wdk1easut4aagnzq2cank259.jpg"/>

Successful login:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6F/78/wKiom1WdK8Lw3LtDAAChiU5-uKE644.jpg "style=" float: none; "title=" 2.jpg "alt=" Wkiom1wdk8lw3ltdaachiu5-uke644.jpg "/>

The root directory cannot be created:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6F/75/wKioL1WdLZKwn25xAAEo1dVXlWo558.jpg "style=" float: none; "title=" 3.jpg "alt=" Wkiol1wdlzkwn25xaaeo1dvxlwo558.jpg "/>

Under Upload you can create:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6F/78/wKiom1WdK8KxbUUCAADIQG4JQ3g621.jpg "style=" float: none; "title=" 4.jpg "alt=" Wkiom1wdk8kxbuucaadiqg4jq3g621.jpg "/>

Well, this post is here, to complete today's task, the root directory can not be created because of the Linux security restrictions, in addition if there are children shoes in the course of operation found the wrong place welcome to discuss with me, my e-mail: [Email protected]

This article from "A cup of boiled water" blog, please be sure to keep this source http://ultraera.blog.51cto.com/6640392/1672193

Configuring the SFTP environment in Linux