What is SFTP?
FTP, or "File Transfer Protocol" is a popular method of transferring files between two remote systems.
SFTP, which stands for SSH File Transfer Protocol, or Secure File Transfer Protocol, is separate Protocol packaged with SSH that works in a similar way over a secure connection. The advantage is the ability to leverage a secure connection to transfers files and traverse the filesystem on both the local and remote system.
In almost all cases, SFTP is preferable to FTP because of its underlying security features and ability to piggy-back on an SSH connection. FTP is an insecure Protocol that should only be used in limited cases or on networks you trust.
Although SFTP in integrated into many graphical tools, this guide will demonstrate how to use it through its interactive command line interface.
SFTP Directory
The first thing we must do is create a directory that will house our FTP data. Open up a terminal window. su to the root user(type su and then, when prompted, type the root user password), and the issue the following two commands:
mkdir -p /data/sftp
chmod 701 /data
Create the SFTP group and user
Now we're going to create a special group for SFTP users. This is done with the following command:
groupadd sftp_users
Now we're going to create a special user that doesn't have regular login privileges, but does belong to our newly created sftp_users group. what you call the user is up to you. The command for this is:
useradd -g sftp_users -d /upload -s /sbin/nologin USERNAME
Where USERNAME is the name of the user.
Next, give the new user a pawword. This password will be the password the new users use to log in with the sftp command. To set up the password, issue the command:
passwd USERNAME
Where USERNAME is the name of the new user you created above.
Create the new user SFTP directory
Now we're going to create an upload directory, specific to the new user, and then give the directory the proper permissions. This is handled with the following commands:
mkdir -p /data/USERNAME/upload
chown -R root:sftpusers /data/USERNAME
chown -R USERNAME:sftpusers /data/USERNAME/upload
where USERNAME is the name of the new user you created above.
configure sshd
Open up the SSH daemon cofiguration file with the command:
vi /etc/ssh/sshd_config
At the bottom of that file, add the following:
Match Group sftpusers
ChrootDirectory /data/%u
ForceCommand internal-sftp
Save and close the file. Restart SSH with the command:
systemctl restart sshd
Loggin in
You're all set to log in. From another machine on your network that has SSH installed, open up a terminal window and issue the command:
sftp USERNAME@SERVER_IP
Where USERNAME is the name of our new user and SERVER_IP is the IP address fo our SFTP server. You will be prompted for USERNAME's password. Once you successfully authenticate, you will be greeted with sftp prompt. Once you succfully authenticate, you will be greeted with sftp prompt. Type pwd to chenck the working path and you should see/upload
A simple solution
That's all there is to setting up an SFTP server on Linux, For any company looking to offer staff and clients a simple, secure means of uploading and downloading files, this is a not only a great solution but also very budget friendly one. Get your SFTP server up and running with zero cost and zero headache.
How to Connect with SFTP
By default, SFTP uses the SSH protocol to authenticate and establish a secure connnection. Beacause of this, the same authentication methods are available that are present in SSH.
Although passwords are easy to use and set up by default, we recommend you create SSH keys and transfer your public key to any system that you need to access. This is much more secure and can save you time in the long run.
Please see this guide to set up ssh keys in order to access your server if you have not done so already.
If you can connect to the machine using SSH, then you have completed all of the necessary requirements necessary to use SFTP to manage files. Test SSH access with the following command:
ssh username@remote_hostname_or_IP
if that works, exit back out by typing:
exit
We can establish an SSH connection and then open up an SFTP using that connection by issuing the following command:
sftp username@remote_hostname_or_IP
You will connect the remote system and your prompt will change to an SFTP prompt.
If you are working on a custom SSH port(not the default port 22), then you can open an SFTP session as follows:
sftp -oPort=custom_port username@remote_hostname_or_IP
This will connect you to the remote system by way of your specified port.
Getting help in SFTP
The most useful command to learn first is the help command. This gives you access to a summary of the SFTP help. You can call it by typing either of these in the prompt:
help
This will display a list of the available commands:
sftp> help
Available commands:
bye Quit sftp
cd path Change remote directory to 'path'
chgrp grp path Change group of file 'path' to 'grp'
chmod mode path Change permissions of file 'path' to 'mode'
chown own path Change owner of file 'path' to 'own'
df [-hi] [path] Display statistics for current directory or
filesystem containing 'path'
exit Quit sftp
get [-afPpRr] remote [local] Download file
reget [-fPpRr] remote [local] Resume download file
reput [-fPpRr] [local] remote Resume upload file
help Display this help text
lcd path Change local directory to 'path'
lls [ls-options [path]] Display local directory listing
lmkdir path Create local directory
ln [-s] oldpath newpath Link remote file (-s for symlink)
lpwd Print local working directory
ls [-1afhlnrSt] [path] Display remote directory listing
lumask umask Set local umask to 'umask'
mkdir path Create remote directory
progress Toggle display of progress meter
put [-afPpRr] local [remote] Upload file
pwd Display remote working directory
quit Quit sftp
rename oldpath newpath Rename remote file
rm path Delete remote file
rmdir path Remove remote directory
symlink oldpath newpath Symlink remote file
version Show SFTP version
!command Execute 'command' in local shell
! Escape to local shell
? Synonym for help
sftp>
link
https://www.digitalocean.com/community/tutorials/how-to-use-sftp-to-securely-transfer-files-with-a-remote-server https://blog.csdn.net/xinxin19881112/article/details/46831311 https://www.digitalocean.com/community/tutorials/how-to-use-sftp-to-securely-transfer-files-with-a-remote-server
76
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
