建站不啰嗦,上手跟我做(二十五)sftp 服务搭建

创建一个用户组和用户,并设置密码

[root@localhost ~]# groupadd sftp
[root@localhost ~]# useradd -g sftp -s /bin/false website
[root@localhost ~]# passwd website
Changing password for user website.
New password: 123456
BAD PASSWORD: The password is shorter than 8 characters
Retype new password: 123456
passwd: all authentication tokens updated successfully.

-g sftp :加入 sftp 用户组
-s /sbin/nologin:禁止用户 ssh 登录
-d /data/sftp/demo1:指定用户的根目录

设置用户上传的目录 /var/www/uploads/

[root@localhost ~]# cd /var
[root@localhost var]# ls
account  cache  db     games   kerberos  local  log   nis  preserve  spool   tmp
adm      crash  empty  gopher  lib       lock   mail  opt  run       target  yp
[root@localhost var]# mkdir www
[root@localhost var]# cd www
[root@localhost www]# ls
[root@localhost www]# mkdir uploads
[root@localhost /]# usermod -d /var/www/uploads/ website

修改配置文件 sshd_config

[root@localhost /]# vim /etc/ssh/sshd_config

##下面这行注释掉
#Subsystem      sftp    /usr/libexec/openssh/sftp-server
Subsystem       sftp    internal-sftp  ##指定使用sftp服务使用系统自带的internal-sftp
Match Group sftp  ##匹配sftp组的用户,如果要匹配多个组,多个组之间用逗号分割
ChrootDirectory /var/www/uploads/  ##sftp主目录指定
ForceCommand    internal-sftp  ##指定sftp命令
AllowTcpForwarding no  ##用户不能使用端口转发
X11Forwarding no   ##用户不能使用端口转发 

设置目录权限

[root@localhost /]# chown root:sftp /var/www/uploads/
[root@localhost /]# chmod 744 /var/www/
[root@localhost /]# systemctl restart sshd.service
[root@localhost uploads]# mkdir /var/www/uploads/test
[root@localhost uploads]# chmod 744 /var/www/uploads/test

登录测试

[root@localhost ~]# sftp website@192.168.219.214
The authenticity of host '192.168.219.214 (192.168.219.214)' can't be established.
ECDSA key fingerprint is SHA256:xp1fuNIBxSjxNg1wDEa2TtE9SfExiksW2yJ8hF9k46c.
ECDSA key fingerprint is MD5:e1:67:11:e8:20:a1:4c:ed:3f🇨🇫9e:f4:8d:55:a5:94.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.219.214' (ECDSA) to the list of known hosts.
website@192.168.219.214's password: 
Connected to 192.168.219.214.
sftp> ls
every    tax.txt  test  

[root@localhost ~]# sftp website@localhost
Connecting to localhost...
website@localhost's password: 
sftp> ls
every    tax.txt  test  

重启 ssh 服务

[root@localhost ~]# systemctl restart sshd.service

查看 ssh 服务状态

[root@localhost ~]# systemctl status sshd.service