Home > Developer Tools > Technical Articles

Build an SFTP Server Using CentOS Built-in SSH Service

Source: Internet
Author: User
Keywords ssh service sftp server sftp centos
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >
Traditional FTP data is not secure enough, so SFTP is used to encrypt data on the server. If the SSH service is already enabled on the server, we can directly use SSH to enable the SFTP service without installing additional software.

First, create a new system account
1.1 New Account Group

Groupadd sftp

1.2 Create a new account paul
useradd -s / sbin / nologin -g sftp -d / ZServer / demo
passwd paul // Set the account password

Explanation:
-s account login mode, / sbin / nologin means that this account can only log in via FTP and cannot be accessed by the system

-g sftp: account belongs to sftp group

-d: set the root directory of the account

[Requirements for directory permissions]
If you want Paul to log in with an SFTP account and successfully access the / ZServer / demo directory, the following harsh conditions need to be met. Otherwise, you will not be able to log in, and the error prompts given will be confusing and you will not be able to check them. I wasted a lot of time on it.

Ø The root directory of the account needs to belong to the account itself.

Ø The directory above the account root directory and all directories above must belong to the root account, and there is only one root with write permission, that is, the maximum permission is set to 755.

1.3 Set permissions for account root directory

#cd / ZServer /

#chown -R paul: sftp demo /

#chown -R 755 demo /

Second, SSH version:

The first step is to upgrade the OpenSSH version. Chroot is only supported in 4.8p1 and above.

The instructions for viewing the SSH version are:

# ssh --v

# OpenSSH_5.3p1, OpenSSL1.0.1e-fips 11 Feb 2013

usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]

[-D [bind_address:] port] [-eescape_char] [-F configfile]

[-I pkcs11] [-i identity_file]

[-L [bind_address:] port: host: hostport]

[-L login_name] [-m mac_spec] [-Octl_cmd] [-o option] [-p port]

[-R [bind_address:] port: host: hostport] [-S ctl_path]

[-W host: port] [-wlocal_tun [: remote_tun]]

[User @] hostname [command]

Third, modify the SSH configuration file

After the SSH version meets the requirements, you need to modify the SSH configuration file.

There are two main configuration files for SSH:

/ etc / ssh / ssh_config

/ etc / ssh / sshd_config

Modify sshd_config as follows:

#Comment the original Subsystem settings

Subsystem sftp / usr / libexec / openssh / sftp-server

#Enable internal-sftp

Subsystem ssftp internal-sftp

Fourth, restrict the user SFTP access to the root directory

#Restrict paul user's root directory

Match User www

ChrootDirectory / ZServer

ForceCommand internal-sftp

【note】

The directory that the account paul configured to access here is restricted to a directory whose owner is root, otherwise paul will not be restricted and will lead to various errors and exceptions during login.

#Restrict the root directory of blog and pay users

Match Group sftp

ChrootDirectory% h

ForceCommand internal-sftp

Five, finally restart the SSH service:

# service sshd restart

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
ssh sftp server centos ssh service build an app using python what is an sftp server build an email server how to connect to an sftp server ssh server centos
Related Article
What is SFTP Commands Linux_the Introduction
How to Configure CentOS 7.4 SFTP Server
Configure Linux SFTP and Configure User Access
How to Easily Configure SFTP Server Linux In 6 Steps
Automatic Upload and Download of SFTP Files_Shell Script

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

Hot Article
Hot Tags
computing conference access forum computer class data get http html applications
Popular Keywords
direct digital landing development documentation data user director of marketing deploy it ddos how to description of products and services ddos information data website domain to dns

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More