Build sftp server under ubuntu

Others 2022-04-27 23:08:41 views: 0

1. First install the ssh service

sudo apt-get install openssh-server

2. Create a management group for sftp

sudo addgroup sftp-users

3. Create an SFTP user and configure corresponding permissions. The second line here means to remove alice from all other user groups and join the sftp-users group, and close her shell access. If you want to learn more about the usermod command, you can use the following "man usermod" command to view the help documentation.

sudo adduser alice
sudo usermod -G sftp-users -s /bin/false alice

That day, I removed my account from my group by mistake, and I didn't even sudohave the permissions. Later, I used usermod -a -G caigan2015 caigan2015to restore my group and usermod -a -G sudo caigan2015restore the sudopermissions .

4. Create an SSH user group and add the administrator to the group (note that the -a parameter in usermod means not to be removed from other user groups).

sudo addgroup ssh-users
sudo usermod -a -G ssh-users admin

[Note: The command to add administrator privileges to users is, sudo adduser admin sudo]

5. Create the jail directory. Actually this is a directory created for security. The "jail" directory has the following permissions:

1. Super admin root has all permissions
2. No other user can have write permissions.

Therefore, in order for sftp to upload files, a shared file directory that ordinary users can write must be created in the root directory of the "jail". In order to facilitate administrators to manage uploaded files through SFTP, I configured this shared file directory as: owned by root, allowing sftp-users to read and write. In this way, administrators and members of the SFTP user group can read and write this directory.

sudo mkdir /home/sftp_root
sudo mkdir /home/sftp_root/shared
sudo chown admin:sftp-users /home/sftp_root/shared
sudo chmod 770 /home/sftp_root/shared

*Of course, the specific location of the directory is set by yourself. For example, if I am a website administrator, I will set it to
/var/www/html/*.

6. Modify the SSH configuration file.

sudo nano /etc/ssh/sshd_config

At the end of the sshd_config file, add the following:

AllowGroups ssh-users sftp-users
Match Group sftp-users
ChrootDirectory /home/sftp_root
AllowTcpForwarding no
X11Forwarding no
ForceCommand internal-sftp

What this means is:
only allow ssh-uers and sftp-users to access the system via SSH;
for sftp-users users, add some additional settings: set "/home/sftp_root" to the system root directory of this group of users (so they will not be able to access other system files outside this directory); disable TCP Forwarding and X11 Forwarding; force this group of users to use SFTP only.
If you need further details, you can use the "man sshd_config" command. After this setting, the SSH user group can access SSH without other restrictions; while the SFTP user group can only use SFTP to access, and is locked in the jail directory.

7. Reboot the system for the new configuration to take effect.

sudo reboot now

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=325917438&siteId=291194637
Recommended
Arc Browser for Windows 1.0 officially GA
A programmer born in the 1990s developed a video porting software and made over 7 million in less than a year. The ending was very punishing!
Ranking
1. Select Sort
Create a thread thread
3 press to play ball that reach 6
Programmation CUDA (4) : gestion de la mémoire
SpringBoot database connection pool Druid error
E Diudiu App redesign summary
4EVERLAND Hosting now supports SNS+IPFS
About HTTPS
[vue3+vite+ts+element-plu+sass] uses bug records in sass
Interpretation of HUAWEI CLOUD GaussDB (for Influx): Best Practice Data Modeling
Daily
More
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)

Code World

© 2018 codetd.com