Ubuntu下搭建SFTP服务，SFTP服务安装

本文链接：https://blog.csdn.net/weixin_43782998/article/details/127277611

SFTP（SSH File Transfer Protocol）是一种基于SSH（安全外壳）的安全的文件传输协议，使用SFTP协议可以在文件传输过程中提供一种安全的网络的加密算法，从而保证数据的安全传输。

SFTP在Linux操作系统中，默认的端口客是22，传输提供了密码和密钥验证机制，可以有效防止传输过程的威胁和公技。

一、安装

sudo apt install openssh-server -y

Ubuntu安装ssh服务_寞水的博客-CSDN博客

Ubuntu下启用ssh_寞水的博客-CSDN博客_ubuntu安装ssh

二、配置

1、配置文件

/etc/ssh/sshd_config

2、修改配置

修改如下

sudo vim /etc/ssh/sshd_config

PermitRootLogin参数

#PermitRootLogin prohibit-password
PermitRootLogin yes

sftp服务程序参数

# override default of no subsystems
#Subsystem       sftp    /usr/lib/openssh/sftp-server
Subsystem       sftp    internal-sftp

在Ubuntu22中有PasswordAuthentication和PubkeyAcceptedKeyTypes参数

PasswordAuthentication yes
PubkeyAcceptedKeyTypes=+ssh-rsa

3、说明

Subsystem       sftp    internal-sftp # 指定使用sftp服务使用系统自带的internal-sftp

Match Group sftpusers           # 匹配sftp组的用户,若要匹配多个组,可用逗号分开
X11Forwarding no                # 禁止用户使用端口转发
AllowTcpForwarding no           # 禁止用户使用端口转发 
ChrootDirectory /home/sftp/%u   # 限制用户的根目录
ForceCommand internal-sftp      # 只能用于sftp登录

三、重启SSH服务

sudo service sshd restart

或

sudo systemctl restart sshd

四、连接

sftp -P 22 ms@198.168.0.18

附：/etc/ssh/sshd_config

#	$OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#PubkeyAuthentication yes

# Expect .ssh/authorized_keys2 to be disregarded by default in future.
#AuthorizedKeysFile	.ssh/authorized_keys .ssh/authorized_keys2

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

# override default of no subsystems
Subsystem	sftp	/usr/lib/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#	X11Forwarding no
#	AllowTcpForwarding no
#	PermitTTY no
#	ForceCommand cvs server