建站不啰嗦,上手跟我做(二十五)sftp 服务搭建
创建一个用户组和用户,并设置密码
[root@localhost ~]# groupadd sftp
[root@localhost ~]# useradd -g sftp -s /bin/false website
[root@localhost ~]# passwd website
Changing password for user website.
New password: 123456
BAD PASSWORD: The password is shorter than 8 characters
Retype new password: 123456
passwd: all authentication tokens updated successfully.
-g sftp :加入 sftp 用户组
-s /sbin/nologin:禁止用户 ssh 登录
-d /data/sftp/demo1:指定用户的根目录
设置用户上传的目录 /var/www/uploads/
[root@localhost ~]# cd /var
[root@localhost var]# ls
account cache db games kerberos local log nis preserve spool tmp
adm crash empty gopher lib lock mail opt run target yp
[root@localhost var]# mkdir www
[root@localhost var]# cd www
[root@localhost www]# ls
[root@localhost www]# mkdir uploads
[root@localhost /]# usermod -d /var/www/uploads/ website
修改配置文件 sshd_config
[root@localhost /]# vim /etc/ssh/sshd_config
##下面这行注释掉
#Subsystem sftp /usr/libexec/openssh/sftp-server
Subsystem sftp internal-sftp ##指定使用sftp服务使用系统自带的internal-sftp
Match Group sftp ##匹配sftp组的用户,如果要匹配多个组,多个组之间用逗号分割
ChrootDirectory /var/www/uploads/ ##sftp主目录指定
ForceCommand internal-sftp ##指定sftp命令
AllowTcpForwarding no ##用户不能使用端口转发
X11Forwarding no ##用户不能使用端口转发
设置目录权限
[root@localhost /]# chown root:sftp /var/www/uploads/
[root@localhost /]# chmod 744 /var/www/
[root@localhost /]# systemctl restart sshd.service
[root@localhost uploads]# mkdir /var/www/uploads/test
[root@localhost uploads]# chmod 744 /var/www/uploads/test
登录测试
[root@localhost ~]# sftp website@192.168.219.214
The authenticity of host '192.168.219.214 (192.168.219.214)' can't be established.
ECDSA key fingerprint is SHA256:xp1fuNIBxSjxNg1wDEa2TtE9SfExiksW2yJ8hF9k46c.
ECDSA key fingerprint is MD5:e1:67:11:e8:20:a1:4c:ed:3f🇨🇫9e:f4:8d:55:a5:94.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.219.214' (ECDSA) to the list of known hosts.
website@192.168.219.214's password:
Connected to 192.168.219.214.
sftp> ls
every tax.txt test
[root@localhost ~]# sftp website@localhost
Connecting to localhost...
website@localhost's password:
sftp> ls
every tax.txt test
sftp> ls
[root@localhost ~]# sftp -oPort=1022 website@192.168.1.82
You have logged onto a secured server..All accesses logged
website@192.168.1.82's password:
Connected to 192.168.1.82.
sftp>
重启 ssh 服务
[root@localhost ~]# systemctl restart sshd.service
查看 ssh 服务状态
[root@localhost ~]# systemctl status sshd.service
上一篇 建站不啰嗦,上手跟我做(二十四)Git 环境配置
目录
下一篇 建站不啰嗦,上手跟我做(二十六)定时任务备份 mysql 数据库