SFTP is a very convenient and secure file Transfer tool under Linux, and I often use it to replace traditional FTP on Linux servers to transfer files. It is well known that the SFTP account is based on the SSH account, by default, access to the server is very large, the following tutorial is to teach you like FTP limited access to SFTP account related.
Specific implementation steps
1. We need to create a user group dedicated to SFTP users
$ Groupadd Sftpusers
2. We create a user test
$ useradd-s/bin/false-g sftpuser test
Note here that we set the test user's shell to/bin/false so that he does not have permission to log in to the shell
3. Edit/etc/ssh/sshd_config
Find subsystem This configuration item and change it to
Subsystem sftp internal-sftp
And then to the end of the file to add configuration settings belonging to the user group Sftpusers users can only access their own home folder
Match Group Sftpusers
Chrootdirectory%h
Forcecommand internal-sftp
Allowtcpforwarding No
Save and close a file
4. Modify the permissions of the test user's home folder to belong to the root user
Chown Root ~test
5. Restart the SSHD service
$ Service sshd Restart
6. Test user Account
$ SSH [email protected]
Connection will be rejected or cannot be logged in
$ SFTP [email protected]
Once logged in, you will find that your account cannot be switched to a location other than your home directory.
Problems:
If you are linking to a server, the following prompt appears:
Write Failed:broken Pipe
Couldn ' t read packet:connection reset by peer
The cause of this problem is the Chrootdirectory permissions problem, you set the directory must be root user owned, otherwise there will be problems. So make sure that the owner of the SFTP user root directory is root and that the permissions are 750 or 755
Linux Tutorial configuration permissions restricted sftp