SFTP是ssh的一部分,这里把它单独拆分出来部署
1.创建SFTP用户组和用户
groupadd sftpgroup
mkdir chroot
useradd -d /chroot/mysftp01 -s /bin/false -g sftpgroup mysftp01
chown root:root /chroot/mysftp01
chmod 755 /chroot/mysftp01
passwd mysftp01
ftp2019
2.添加验证文件
mkdir -p /chroot/mysftp01/.ssh
chown mysftp01:sftpgroup /chroot/mysftp01/.ssh
chmod 700 /chroot/mysftp01/.ssh
touch /chroot/mysftp01/.ssh/authorized_keys
chown mysftp01:sftpgroup /chroot/mysftp01/.ssh/authorized_keys
chmod 600 /chroot/mysftp01/.ssh/authorized_keys
3.配置防火墙通过
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22222 -j ACCEPT
4.修改配置文件
/etc/ssh
cp sshd_config sftpd_config
Port 22222
PidFile /var/run/sftpd.pid
ChrootDirectory /chroot/sftp/%u
Subsystem sftp internal-sftp -l INFO -f AUTH
Match Group sftpgroup
ForceCommand internal-sftp -l INFO -f AUTH
AllowTcpForwarding no
X11Forwarding no
PasswordAuthentication no
#GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
5增加密钥对
cd /chroot/mysftp01/.ssh
ssh-keygen -t rsa
cat /chroot/mysftp01/.ssh/y.pub >> /chroot/mysftp01/.ssh/authorized_keys
6.启动服务
cd /usr/sbin
cp sshd sftpd
/usr/sbin/sftpd -f /etc/ssh/sftpd_config
7.测试连接
报错 :fatal: Access denied for user mysftp01 by PAM account configuration
缺少pam配置,拷贝一份sshd的pam配置给sftp
/etc/pam.d
cp sshd sftpd
----创建上传下载目录
mkdir /chroot/mysftp01/upload
chown mysftp01:sftpgroup /chroot/mysftp01/upload
chmod -R 700 /chroot/mysftp01/upload
mkdir /chroot/mysftp01/download
chown mysftp01:sftpgroup /chroot/mysftp01/download
----下载不允许修改
chmod -R 500 /chroot/mysftp01/download
-----查看日志--------
tail -f /var/log/secure
原文:https://www.cnblogs.com/cquccy/p/11213704.html