配置SFTP Server
source link: https://www.lujun9972.win/blog/2018/03/27/%E9%85%8D%E7%BD%AEsftp-server/index.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
配置SFTP Server
SFTP是sshd的一部分,无需独立安装
sudo pacman -S openssh --noconfirm
resolving dependencies... looking for conflicting packages... Packages (1) openssh-7.6p1-2 Total Installed Size: 4.66 MiB Net Upgrade Size: 0.00 MiB :: Proceed with installation? [Y/n] (0/1) checking keys in keyring [----------------------] 0% (1/1) checking keys in keyring [######################] 100% (0/1) checking package integrity [----------------------] 0% (1/1) checking package integrity [######################] 100% (0/1) loading package files [----------------------] 0% (1/1) loading package files [######################] 100% (0/1) checking for file conflicts [----------------------] 0% (1/1) checking for file conflicts [######################] 100% (0/1) checking available disk space [----------------------] 0% (1/1) checking available disk space [######################] 100% :: Processing package changes... (1/1) reinstalling openssh [----------------------] 0% (1/1) reinstalling openssh [######################] 100% :: Running post-transaction hooks... (1/3) Reloading system manager configuration... (2/3) Creating temporary files... (3/3) Arming ConditionNeedsUpdate...
创建SFTP服务的根目录
这里我们先创建一个 /data
目录作为SFTP服务的根目录,所有SFTP用户的操作不能脱离该根目录范围。
sudo mkdir -p /data sudo chmod 771 /data
创建SFTP用户和用户组
首先创建一个 sftpusers
用户组
sudo groupadd sftpusers
所有SFTP用户都归属于该组
sudo chown -R root:sftpusers /data for user in ftpuser1 ftpuser2 ftpuser3;do sudo useradd -g sftpusers -d /$user -s /usr/bin/nologin $user sudo passwd $user sudo mkdir -p /data/$user sudo chown -R $user:sftpusers /data/$user done
这里注册了三个用户,ftpuser1,ftpuser2和ftpuser3,三个用户都通过 -g
参数指定为 sftpusers
的用户。
然后通过 -d
参数设置这三个用户的主目录为 /$user
, 通过后面的配置将根目录设置为 /data
后,实际上他们的家目录地址为 /data/$user
.
并且通过 -s /usr/bin/nologin
让这些用户无法通过SSH登陆。
配置sshd
将下面内容添加到 /etc/ssh/sshd_config
中
cat |sudo tee -a /etc/ssh/sshd_config<<EOF Match Group sftpusers ChrootDirectory /data ForceCommand internal-sftp EOF
Match Group sftpusers ChrootDirectory /data ForceCommand internal-sftp
重启sshd
sudo systemctl restart sshd
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK