Linux Centos builds SFTP server

In the Centos environment, use the internal-sftp that comes with the system to build an SFTP server.

Open a command terminal window and follow the steps below.

0. Check the version of openssh

[plain]  view plain  copy

1. ssh -V   

Use the ssh -V command to view the version of openssh. The version must be greater than 4.8p1, and the version lower than this needs to be upgraded.

1. Create sftp group

[plain]  view plain  copy

1. groupadd sftp  

2. Create a sftp user, the user name is mysftp , and the password is mysftp

Changing the user password is the same as changing the Linux user password.

useradd -g sftp -s /bin/false  mysftp //username
passwd  mysftp //password

[plain]  view plain  copy

1. useradd -g sftp -s /bin/false mysftp  
2. passwd mysftp  

3. The home directory of the users in the sftp group is uniformly assigned to /data/sftp, distinguished by user name. Here, create a new mysftp directory first, and then specify the home of mysftp as /data/sftp/mysftp

[plain]  view plain  copy

1. mkdir -p /data/sftp/mysftp  
2. usermod -d /data/sftp/mysftp mysftp  

4. Configure sshd_config Open /etc/ssh/sshd_config vi /etc/ssh/sshd_config
with a text editor and find the following line, comment it out with the # symbol, roughly at the end of the file. # Subsystem sftp /usr/libexec/openssh/sftp-server   Add the following lines at the end of the file and save it.
 

[plain]  view plain  copy

1. Subsystem       sftp    internal-sftp    
2. Match Group sftp    
3. ChrootDirectory /data/sftp/%u    
4. ForceCommand    internal-sftp    
5. AllowTcpForwarding no    
6. X11Forwarding no  

5. Set Chroot directory permissions

[plain]  view plain  copy

1. chown root:sftp /data/sftp/mysftp  
2. chmod 755 /data/sftp/mysftp  

6. Create a directory that can be written by SFTP users after logging in

After setting as above, after restarting the sshd service, the user mysftp can already log in. But after using chroot to specify the root directory, the root should not be writable, so create a new directory for mysftp to upload files. The owner of this directory is mysftp, all groups are sftp, the owner has write permission, and all groups have no write permission. The command is as follows:

[plain]  view plain  copy

1. mkdir /data/sftp/mysftp/upload  
2. chown mysftp:sftp /data/sftp/mysftp/upload  
3. chmod 755 /data/sftp/mysftp/upload  

7. Modify /etc/selinux/config

Open /etc/selinux/config with a text editor

[plain]  view plain  copy

1. vi /etc/selinux/config  

Change SELINUX=enforcing in the file to SELINUX=disabled and save it.

Entering the command

[plain]  view plain  copy

1. setenforce 0  

8. Restart the sshd service

Enter the command to restart the service.

[plain]  view plain  copy

1. service sshd restart  

9. To verify the sftp environment
, log in with the mysftp user name, confirm with yes, and enter the password by pressing Enter.

[plain]  view plain  copy

1. sftp [email protected]  

If sftp> is displayed, the sftp setup is successful.

10. Use FileZilla FTP Client to connect to SFTP server

Enter the host IP address, user name, password, and port to connect to the SFTP server. The port is 22 by default.

FileZilla FTP ClientDownload

http://download.csdn.net/detail/xinxin19881112/8887755

Article source: http://blog.csdn.net/xinxin19881112/article/details/46831311