为了安全起见搭建sftp服务器。网上使用internal-sftp的方案很多都是照抄,在centos7没有跑通。
还有两个软件MySecureShell和proftpd。MySecureShell已经测试成功,proftpd没有试,看网上介绍也很简单好用。
我的主要步骤记录。安装就不写了。
新建用户名在/etc/passwd的格式。(推荐使用sftp-user create 命令创建新用户)
testsftp:x:999:999::/home/sftp/test:/bin/MySecureShell
配置部分
# cat /etc/ssh/sftp_config
GlobalDownload 50k #total speed download for all clients # o -> bytes k -> kilo bytes m -> mega bytes GlobalUpload 0 #total speed download for all clients (0 for unlimited) Download 5k #limit speed download for each connection Upload 0 #unlimit speed upload for each connection StayAtHome true #limit client to his home VirtualChroot true #fake a chroot to the home account LimitConnection 10 #max connection for the server sftp LimitConnectionByUser 3 #max connection for the account LimitConnectionByIP 2 #max connection by ip for the account IdleTimeOut 5m #(in second) deconnect client is idle too long time ResolveIP true #resolve ip to dns HideNoAccess true #Hide file/directory which user has no access StayAtHome true HideNoAccess true #Hide file/directory which user has no access UserFullPath false
重启sshd服务,大功告成。
/etc/ssh/sftp_config 这个配置可以生效嘛
可以,已经测试成功。