Key mode login for SFTP configuration under Linux

Source: Internet
Author: User
Tags parent directory

VSFTP is transmitted in clear text, the user name password can be captured by the packet, for security purposes, use SFTP, lock the directory and do not allow SFTP users to log on to the server. Because SFTP uses the SSH protocol, it is necessary to ensure that the user can only use SFTP, cannot ssh to the machine to operate, and uses the key to log on, not 22 port.
1. Create an SFTP service user group to create the SFTP service root directory

Groupadd SFTP
#此目录及上级目录的所有者必须为root, permissions are not greater than 755, and the group of this directory is best set to SFTP
Mkdir/data/sftp
Chown-r root:sftp/data/sftp
Chmod-r 0755/data/sftp
2. Modifying the sshd configuration file

CP/ETC/SSH/SSHD_CONFIG,_BK} #备份配置文件
Sed-i ' [email protected] #Port [email protected] [email  Protected] '/etc/ssh/sshd_config #保证原来22端口可以
Vi/etc/ssh/sshd_config
to comment out the line code in the/etc/ssh/sshd_config file:
Subsystem Sftp/usr/libexec/openssh/sftp-server
Add the following code:
Port 2222
Subsystem sftp internal-sftp-l info-f AUTH
Match Group sftp
chrootdirectory/data/sftp/%u
x11forwarding no
allowtcpforwarding no
Forcecommand Internal-sftp-l info-f AUTH
All users in the user group SFTP can use the SFTP service, after connecting with the SFTP service, you can access the directory as/data/sftp/username
for an example:
Test is a user of an sftp group that, after connecting to the server via SFTP, can only see the contents of the/data/sftp/test directory
Test2 is also a user of an SFTP group, and after it connects to the server through SFTP, it can only see/data/sftp/ Content under Test2 directory
3. Create an SFTP user

#此例将创建一个名称为test的sftp帐号
#创建test sftp Home Directory: The owner of the test directory must be root, and the group is best set to sftp with no more than 755 permissions
Mkdir/data/sftp/test
chmod 0755/data/sftp/test
Chown Root:sftp/data/sftp/test
Useradd-g sftp-s/sbin/nologin Test #添加用户, parameter-s/sbin/nologin prevents users from logging on through the command line
To create a test user key pair:
# MKDIR/HOME/TEST/.SSH
# ssh-keygen-t RSA
# Cp/root/.ssh/id_rsa.pub/home/test/.ssh/authorized_keys
# Chown-r Test.sftp/home/test
Create a upload directory in the test directory that can be written
Mkdir/data/sftp/test/upload
Chown-r Test:sftp/data/sftp/test/upload
Note: The owner of the SFTP service root must be root, the permissions cannot exceed 755 (the parent directory must also follow this rule), and SFTP's user directory owner must also be root, with maximum permissions not exceeding 755.
4. Test SFTP

Service sshd Restart
Test user key Login as:

Key mode login for SFTP configuration under Linux

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.