sftp的安装和使用

http://blog.srmklive.com/2013/04/24/how-to-setup-sftp-server-ftp-over-ssh-in-ubuntu/

In my previous post, i discussed about how to install & configure FTP Server on Ubuntu. In this post, i will discuss about how to setup SFTP server in Ubuntu. First you need to install openssh-server, which can be done using command:

1
sudo apt-get install openssh-server ssh

You can use the following commands for ssh:

1
sudo service ssh start          # Starts SSH Servier

2
sudo service ssh restart        # Restarts SSH Server

3
sudo service ssh stop           # Stops SSH Server

4
sudo service ssh status         # Gives a short description of the status of the SSH server

First create a backup of the /etc/ssh/sshd_config file and name it as/etc/ssh/sshd_config.bak. When done, open the /etc/ssh/sshd_config file:

1
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak

2
sudo vi /etc/ssh/sshd_config

Now edit the file /etc/ssh/sshd_config and add/edit the following lines:

#Subsystem sftp /usr/lib/openssh/sftp-server

2
Subsystem sftp internal-sftp -f AUTH -1 VERBOSE

3

4
#Uncomment this line if already commented

5
UsePAM yes

6

7
AllowGroups sftpusers sftp root

8

9
Match Group sftpusers

10
ChrootDirectory %h

11
AllowTCPForwarding no

12
X11Forwarding no

13
ForceCommand internal-sftp

这里如果你想加入其他的用户test，并将它的目录限定在/home/test目录，需要加入如下的内容：

执行如下命令：sudo usermod -a -G sftpusers test

再sshd_config中加入如下内容：
Match user test
ChrootDirectory /home/test
AllowTCPForwarding no
X11Forwarding no
ForceCommand internal-sftp

为了不让test账户登录，可以设置/etc/passwd中的test账户为nologin。

Now lets create the relevant users & groups. First the create user group sftpusers using command:

1
sudo groupadd sftpusers

Now create a user suppose sftpuser. The commands listed below will create the user, add it to the sftpusers, and update its password

1
sudo adduser sftpuser

2
sudo usermod -a -G sftpusers sftpuser

3
sudo passwd sftpuser

Now proceed with modifying the permissions of the users home directory to allow for chrooting:

1
sudo chown root:sftpusers /home/sftpuser

2
sudo chmod 750 /home/sftpuser

Create a directory in which sftpuser is free to put any files in it:

1
sudo mkdir /home/sftpuser/public

2
sudo chown sftpuser:sftpusers /home/sftpuser/public

3
sudo chmod 777 /home/sftpuser/public