为了安全起见搭建sftp服务器。网上使用internal-sftp的方案很多都是照抄,在centos7没有跑通。
还有两个软件MySecureShell和proftpd。MySecureShell已经测试成功,proftpd没有试,看网上介绍也很简单好用。
我的主要步骤记录。安装就不写了。
新建用户名在/etc/passwd的格式。(推荐使用sftp-user create 命令创建新用户)
testsftp:x:999:999::/home/sftp/test:/bin/MySecureShell
配置部分
# cat /etc/ssh/sftp_config
GlobalDownload50k#total speed download for all clients
# o -> bytes k -> kilo bytes m -> mega bytes
GlobalUpload0#total speed download for all clients (0 for unlimited)
Download 5k#limit speed download for each connection
Upload 0#unlimit speed upload for each connection
StayAtHometrue#limit client to his home
VirtualChroottrue#fake a chroot to the home account
LimitConnection10#max connection for the server sftp
LimitConnectionByUser3#max connection for the account
LimitConnectionByIP2#max connection by ip for the account
IdleTimeOut5m#(in second) deconnect client is idle too long time
ResolveIPtrue#resolve ip to dns
HideNoAccesstrue#Hide file/directory which user has no access
StayAtHome true
HideNoAccesstrue#Hide file/directory which user has no access
UserFullPath false
重启sshd服务,大功告成。