RHEL5.5 configure SFTP-ONLY access

Source: Internet
Author: User
Tags sftp access
RHEL5.5 configure SFTP-ONLY to access RHEL with SSH remote access is recommended, but sometimes we only want users to access files on the server, but cannot log on to the server for operations, that is, cannot SSH login, however, SFTP can be used for file transmission. You can use the following configuration to control the configuration ....
RHEL5.5 configure SFTP-ONLY to access RHEL with SSH remote access is recommended, but sometimes we only want users to access files on the server, but cannot log on to the server for operations, that is, cannot SSH login, however, SFTP can be used for file transmission. The following configuration can be used for control. If you want to control the sftp directory, you need openssh 4.8p1 or above. If the version is low, reinstall it as follows: http://ftp.jaist.ac.jp/pub/openbsd/openssh/portable/javassshversion

1. configure the telnet connection. if you reinstall ssh, you need to use telnet to remotely (vnc also works) to view the installed telnet

Set telnet disable to no

Configure telnet to allow root login, comment out pam_securetty.so this line www.2cto.com

Restart the telnet service

2. log on to the server via telnet and stop ssh

View the original openssh installation status

Uninstall all

3, install the latest version of openssh, this article uses openssh-6.0p1 # cdopenssh-6.0p1 #. /configure -- prefix =/usr/local/ssh -- sysconfdir =/etc/ssh -- with-pam -- with-zlib -- with-ssl-dir =/usr/local/ssl -- with-md5-passwords -- mandir =/usr/share/man # make # makeinstall # cp/usr/local/ssh/bin/*/usr/bin/# cp/usr/local/ssh/ sbin/*/usr/sbin/verify the installation result

Add ssh to the startup service and configure startup

After the ssh installation is complete, stop telnet and return to the ssh remote connection.
4. for example, if you want to use the/work/git/gitspace directory as the root directory for sftp access and control that users can only access files through sftp, but cannot log on via ssh, the configuration is as follows. Create a user group sftp-only www.2cto.com

Specify sftpadmin as the sftp-only group and shell as/sbin/nologin.

Configure ssh so that users in the sftp-only user group can only allow sftp and the root directory is/work/git/gitspace # vi/etc/ssh/sshd_config. modify the Subsystem section as follows:

Restart the ssh service and use the sftpadmin user to log in and try. Author laizhenhai88

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.