sftp is an abbreviation Secure File Transfer Protocol, Secure File Transfer Protocol. It can provide a secure encryption method to transfer files. sftp and ftp has almost the same syntax and functionality. SFTP is part of SSH, is a secure way to transfer files to Blogger's servers.
In fact, SSH package already contains a called SFTP (Secure File Transfer Protocol) file transfer security subsystem, SFTP does not have a separate daemon, it must use sshd daemon (default port number is 22) to complete respective connecting operation, so in a sense, the SFTP not as a server program, but rather is a client program.
SFTP is also using encrypted authentication information transmission and transmission of data, so it is very safe to use SFTP. However, since this transmission using the encryption / decryption technology, the transmission efficiency than regular FTP is much lower, if you are higher requirements for network security, you can use SFTP instead of FTP.
Configuring SFTP
SFTP is a secure interactive file transfer program, which works with FTP (File Transfer Protocol) is similar. However sFTP safer than FTP, which handles all operations encrypted SSH transport. It can be configured to use SSH several useful functions, such as public key authentication and compression. Connect and log it to a specified remote machine, and then switch to the interactive command mode, the user can perform various commands in this mode.
1. Check ssh version
sftp is based on the ssh protocol, first check the version of ssh, openssh-server version must be at least 4.8p1, because configuring permissions needed to add a new version of configuration items ChrootDirectory to complete.
[root@test ~]# ssh -V
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
2, create users and groups
[root@test ~]#groupadd sftp
[root@test ~]#useradd -g sftp -s /sbin/nologin sftp
3. Authorization directory
Directory owner must be root, permissions can be 755 or 750
chown root:sftp sftp
chmod 755 -R sftp
4, edit the configuration file / etc / ssh / sshd_config
Subsystem sftp /usr/libexec/openssh/sftp-server #注释掉这行
Subsystem sftp internal-sftp #增加以下6行
Match Group sftp
ChrootDirectory /home/%u #设定属于用户组sftp的用户访问的根文件夹
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no #设置不允许SSH的X转发
5, restart sshd service
[root@test ~]#rcsshd restart
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
6. Verify that the entry into force
On another client connecting with the sftp user @IP
[root@dengqp02 share_root]# sftp [email protected]
Connecting to 10.20.2.23…
[email protected]’s password:
sftp> ls
a.txt
sftp>
common problem:
If you link to the server when the following message appears: Write failed: Broken pipe Could not read packet: Connection reset by peer This problem occurs because of a permissions problem ChrootDirectory,
You set the directory must be the root user, otherwise it will be a problem. So make sure everyone sftp user root is root, permissions are 750 or 755.
sftp transfer command
1, common landing approach
format:
sftp [user]@[host]
Via sftp [host], the default port 22, the specified user [user].
2, see sftp commands supported
sftp>help
3, the basic use
sftp> ls #list directory
sftp> pwd #print working directory on remote host
sftp> lpwd #print working directory on local host
sftp> mkdir uploads #create a new directory
SFTP upload folder
To upload the entire directory to a remote Linux host, use the put command. However, if the directory name does not exist in the working directory on the remote host, you will receive an error, as shown in the following screenshot.
So, first create a directory on the remote host with the same name, and then upload it from the local host, -r parameter allows the child to copy subdirectories and files:
sftp> put -r Tecmint.com-articles
sftp> mkdir Tecmint.com-articles
sftp> put -r Tecmint.com-articles
To preserve modification time, access time and file mode is transmitted, use the -p flag.
sftp> put -pr Tecmint.com-articles
Linux from a remote host to download the entire folder fstools-0.0 to the machine, a get command with the following flags -r:
sftp> get -r fstools-0.0
If the folder has completed the download, then view the working directory of the machine. To exit sFTP shell enter:
sftp> bye
or
sftp> exit
Graphical user
sftp is a fully graphical operation is recommended to use xftp. In xftp then create a new connection, attention protocol need to select SFTP, followed by fill in IP, account and password to log in and connect.
Original Address: http://www.tigerbook.cn/article-104.html
