To summarize:
SFTP Service
- #ssh –V to view the OpenSSH version, if it is below 4.8p1, you need to upgrade the installation yourself,
- Create an SFTP group: #groupadd SFTP
- Create Test Account: #useradd-G sftp-s/bin/false testuser Change Password: # passwd TestUser
- Create directory: #mkdir/opt/sftp #cd/opt/sftp; #mkdir TestUser
- Modify the Test Account home path: # usermod-d/opt/sftp/testuser testuser
- Configuration sshd_config: # vim/etc/ssh/sshd_config
- commented out: subsystem sftp /usr/ Libexec/openssh/sftp-server
- Add the following lines
- subsystem sftp internal-sftp
- match group sftp
- chrootdirectory /opt/sftp/%u
- forcecommand internal-sftp
- allowtcpforwarding no
- x11forwarding no
- Set chroot directory permissions: chown root:sftp/opt/sftp/testuser #chmod 755/opt/sftp/testuser Restart sshd service: # service sshd Restart
- # Mkdir/opt/sftp/testuser/upload
- # chown Uplus:sftp/opt/sftp/testuser/upload
- # chmod 755/opt/sftp/testuser/upload
- Test sftp [email protected] Display sftp> The SFTP was built successfully.
Use the system's own internal-sftp to build an SFTP server in the CentOS 6.6 environment.
Open the Command Terminal window and follow the steps below.
0. View OpenSSH version
Ssh-v
Use the SSH-V command to view the version of OpenSSH, the version must be greater than 4.8P1, and the version below will need to be upgraded.
1. Create an SFTP group
Groupadd SFTP
2, create an SFTP user, the user name is mysftp, password is mysftp
Modifying the user password is the same as modifying the Linux user password.
Useradd-g sftp-s/bin/false mysftp//user name
passwd mysftp//password
Useradd-g sftp-s/bin/false mysftp
passwd mysftp
3, the user's home directory of the SFTP group is uniformly assigned to/DATA/SFTP, according to the user name, here to create a new mysftp directory, and then specify MYSFTP home for/data/sftp/mysftp
Mkdir-p/data/sftp/mysftp
usermod-d/data/sftp/mysftp mysftp
4, Configuration Sshd_config
Text Editor opens/etc/ssh/sshd_config
Vi/etc/ssh/sshd_config
Find the following line, which is commented out with the # symbol, roughly at the end of the file.
# Subsystem Sftp/usr/libexec/openssh/sftp-server
Add the following lines to the last side of the file, and then save.
Subsystem sftp internal-sftp
Match Group SFTP
Chrootdirectory/data/sftp/%u
Forcecommand internal-sftp
Allowtcpforwarding No
X11forwarding No
5. Set chroot directory Permissions
Chown root:sftp/data/sftp/mysftp
chmod 755/data/sftp/mysftp
6. Create a directory that can be written after the SFTP user log in
After setting up the above, after restarting the SSHD service, the user mysftp can already log in. However, after using Chroot to specify the root directory, the root should be unable to write, so create a new directory for mysftp to upload files. This directory owner is mysftp, all groups are SFTP, the owner has write permissions, and all groups have no write permission. The command is as follows:
Mkdir/data/sftp/mysftp/upload
Chown Mysftp:sftp/data/sftp/mysftp/upload
chmod 755/data/sftp/mysftp/upload
7, modify the/etc/selinux/config
Text Editor opens/etc/selinux/config
Vi/etc/selinux/config
Modify the selinux=enforcing in the file to Selinux=disabled, and then save.
In the Enter command
Setenforce 0
8. Restart the SSHD service
Enter the command to restart the service.
Service sshd Restart
9. Verifying the SFTP environment
Login with mysftp user name, yes OK, enter password.
SFTP [email protected]
Display Sftp> The SFTP is successfully built.
10. Connect the SFTP server using FileZilla FTP client
Enter the host IP address, user name, password, port connection to the SFTP server, the port default is 22.
Linux Centos 6.6 Build SFTP Server