## structures Foreword:
The host system: centos7
due sftp ssh-based protocol, so we do not need to install extra packages , you only need to make the appropriate configuration.
## build process:
1. Create a user, user group, set the directory permissions (this is just a test, so only built a user / user group)
#家目录默认在/home/sftp_user
sudo useradd -m sftp_user:sftp_user
#将家目录的属主改为root
sudo chown root:root /home/sftp_user
#将家目录的权限改为755
sudo chmod 755 /home/sftp_user
#建立上传目录
sudo mkdir -p /home/sftp_user/upload
#建立下载目录
sudo mkdir -p /home/sftp_user/download
#切换上传、下载两个目录的属主为sftp_user
sudo chown -R sftp_user:sftp_user /home/sftp_user/upload
sudo chown -R sftp_user:sftp_user /home/sftp_user/download
2. Back up and modify the / etc / ssh / sshd_config, add the following content
Text follows, wherein reference can be directly unannotated content :
# override default of no subsystems
#Subsystem sftp /usr/libexec/openssh/sftp-server
Subsystem sftp internal-sftp
Match User sftp_user
ForceCommand internal-sftp
ChrootDirectory /home/sftp_user
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
PasswordAuthentication yes
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
#UseDNS no
#AddressFamily inet
PermitRootLogin yes
#SyslogFacility AUTHPRIV
PasswordAuthentication no
3. Restart the service if error continue troubleshooting, if no error checking on the upload and download functions
sysetmctl restart sshd
At this point, sftp to build is complete.
## structures Postscript:
Of course, there are several points which need extra attention:
1. At the time of the restart sshd, sshd get up very container will cause the client to Rom. So, we need to pay attention to two points:
1.1 Backup / etc / ssh / sshd_config file, if ssh is really hung up, quickly revert to a previous state.
More than 1.2 open several console, always ensure there is a console even get host, it can ensure that the machine has the ability to restore to its previous state.
2. sftp server set up, we need to pay attention to three points:
2.1 ChrootDirectory set directory permissions and all of the parent folder permissions, the owner and group must be the root.
2.2 ChrootDirectory set directory permissions and all the parent folder permissions, only the owner can have write access permissions to the maximum setting can only be 755.
Owner directory 2.3 ChrootDirectory the following needs to be set to sftp user, so that users can have read / write / execute permissions.