1, the first ssh -v query whether the host is installed OpenSSH , if not to see the version number, then you need to install openssh, using the following command:
yum install -y openssl openssh-server
yum install openssh*
systemctl enable sshd
systemctl start sshd
service sshd start
sudo firewall-cmd --zone=public --add-port=22/tcp --permanent
And then performs a version number to view the command: ssh -V (uppercase)
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
Version must be greater than 4.8p1, lower than this version needs to be upgraded. The results appear above indicates successful installation openssh
2. Create a group sftp, sftp create a user, the user name mysftp, the password is *******
[root@ linuxidc.com ~]# groupadd sftp
[root@ linuxidc.com ~]# useradd -g sftp -s /bin/false mysftp
[root@ linuxidc.com ~]# passwd mysftp
Changing password for user mysftp.
New password:
BAD PASSWORD: it is based on a dictionary word
Retype new password:
passwd: all authentication tokens updated successfully.
User's home directory 3.sftp unified group assigned to the next / data / sftp, according to user names are case
Here mysftp first create a new directory, and then specify mysftp is home to / var / ftp / pub / usermod command modifies the system account files to reflect the changes specified by the command line
-d | --home ## to modify the user's home directory and usually - used with the m option
[root@ linuxidc.com ~]# mkdir -p /var/ftp/pub/
[root@ linuxidc.com ~]# usermod -d /var/ftp/pub/ mysftp
4. Edit / etc / ssh / sshd_config
[root@ linuxidc.com ~]# vim /etc/ssh/sshd_config
# Subsystem sftp /usr/libexec/openssh/sftp-server #这一行注释掉
Subsystem sftp internal-sftp #加上下面六个个配置属性
Match Group sftp
ChrootDirectory /var/ftp/pub/%u
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no
5. Change the folder owner and folder permissions
[root@ linuxidc.com ~]chown root:sftp /var/ftp/pub/
[root@ linuxidc.com ~]chmod 755 /var/ftp/pub/
6. Create a directory sftp user login writable
[root@ linuxidc.com ~]mkdir /var/ftp/pub/topologydiagram
[root@ linuxidc.com ~]chown mysftp:sftp /var/ftp/pub/topologydiagram
[root@ linuxidc.com ~]chmod 755 /var/ftp/pub/topologydiagram
7. The file / etc / selinux / config in SELINUX = enforcing modify SELINUX = disabled, and then save
the input service sshd restart Restart Service
8. Use mysftp username, display sftp> it means to build success
[root@ linuxidc.com ~]sftp [email protected]
9. Use FileZilla FTP Client server connected sftp