RHEL5.5 configure SFTP-ONLY to access RHEL with SSH remote access is recommended, but sometimes we only want users to access files on the server, but cannot log on to the server for operations, that is, cannot SSH login, however, SFTP can be used for file transmission. You can use the following configuration to control the configuration ....
RHEL5.5 configure SFTP-ONLY to access RHEL with SSH remote access is recommended, but sometimes we only want users to access files on the server, but cannot log on to the server for operations, that is, cannot SSH login, however, SFTP can be used for file transmission. The following configuration can be used for control. If you want to control the sftp directory, you need openssh 4.8p1 or above. If the version is low, reinstall it as follows: http://ftp.jaist.ac.jp/pub/openbsd/openssh/portable/javassshversion
1. configure the telnet connection. if you reinstall ssh, you need to use telnet to remotely (vnc also works) to view the installed telnet
Set telnet disable to no
Configure telnet to allow root login, comment out pam_securetty.so this line www.2cto.com
Restart the telnet service
2. log on to the server via telnet and stop ssh
View the original openssh installation status
Uninstall all
3, install the latest version of openssh, this article uses openssh-6.0p1 # cdopenssh-6.0p1 #. /configure -- prefix =/usr/local/ssh -- sysconfdir =/etc/ssh -- with-pam -- with-zlib -- with-ssl-dir =/usr/local/ssl -- with-md5-passwords -- mandir =/usr/share/man # make # makeinstall # cp/usr/local/ssh/bin/*/usr/bin/# cp/usr/local/ssh/ sbin/*/usr/sbin/verify the installation result
Add ssh to the startup service and configure startup
After the ssh installation is complete, stop telnet and return to the ssh remote connection.
4. for example, if you want to use the/work/git/gitspace directory as the root directory for sftp access and control that users can only access files through sftp, but cannot log on via ssh, the configuration is as follows. Create a user group sftp-only www.2cto.com
Specify sftpadmin as the sftp-only group and shell as/sbin/nologin.
Configure ssh so that users in the sftp-only user group can only allow sftp and the root directory is/work/git/gitspace # vi/etc/ssh/sshd_config. modify the Subsystem section as follows:
Restart the ssh service and use the sftpadmin user to log in and try. Author laizhenhai88
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
