Build sftp with openssh in linux (including note) and opensshsftp
To build sftp, three parts are required: zlib (including zlib, zlib-devel), openssl, and openssh. The required rpm packages are available in csdn.
1. openssl is installed in general linux systems, including rehat and centos.
Detection: which openssl
Forced installation of openssl-devel due to dependency issues
Rpm-ivh -- nodeps -- force openssl-devel-0.9.8e-22.el5_8.4.x86_64.rpm
2. Install the zlib package. In this step, you can also use it when installing openssh detection. A prompt will prompt you to install zlib.
Rpm-ivh -- nodeps -- force zlib-1.2.3-27.el6.x86_64.rpm
Rpm-ivh -- nodeps -- force zlib-devel-1.2.3-27.el6.x86_64.rpm
3.install opensshto decompress openssh-5.4p1.tar.gz
Tar zxvf openssh-5.4p1.tar.gz
Cd openssh-5.4p1
./Configure -- with-ssl-dir =/usr/local/ssl # installation location of openssl
Make
Make install
4. Configuration
(1) modify the sshd STARTUP script (only use sftp for Logon Only, otherwise ssh will report an error)
# Vi/etc/init. d/sshd
SSHD =/usr/sbin/sshd
Change
SSHD =/usr/local/sbin/sshd
Modify the sshd configuration file. The configuration file installed in the tar package is located in/usr/local/etc/sshd_config.
Cd/usr/local/etc
Cp sshd_config sshd_config.bak
Cp/etc/ssh/sshd_config/usr/local/etc/
(2) If you want to retain ssh and allow sftp, edit it in/etc/ssh/sshd_config.
Vi sshd_config
# Override default of no subsystems
# Subsystem sftp/usr/local/libexec/sftp-server
Subsystem sftp internal-sftp
Match group sftp # group name. A single user can Match the user name.
# Mathch user nb_bjuser
ForceCommand internal-sftp
X11Forwarding no
ChrootDirectory/data/htdocs/# specify the actual directory
AllowTcpForwarding no
ForceCommand internal-sftp
(3) modify directory permissions
Chown root. sftp/usr/bj
Groupadd sftp
Useradd-d/usr/bj-s/bin/false-g sftp nb_bjuser
Passwd nb_bjuser
(4) restart the sshd service
Service sshd restart
Build sftp in linux
The configuration file is in/etc/vsftpd. in the conf file, there is a template to change anon_upload_enable = YES. This is the upload method. You only need to grant the permission to download the file. If it fails, check whether it is a problem with selinux, set it to OK.
How does Linux (RH) prohibit some users from using SFTP?
The following configuration items can be used: DenyUsers, AllowUsers, DenyGroups, and AllowGroups.
For example:
Add all users you want to disable using the sftp service to a group, such as xyz.
Then set it in/etc/ssh/sshd_config
DenyGroups xyz
In this way, all users of xyz do not have the permission to log on to ssh, and naturally do not have the permission to use sftp.
Note that it is not enough to disable sftp-server in sshd_config, as long as the user can still
After logging on to ssh, you can use other user space tools such as scp to upload and download files. The effect is actually the same as that of sftp.